urlscan.io logo urlscan.io
SecurityTrails logo

redirect.fallbackads.com Open in urlscan Pro
34.196.13.28  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://adp13a.com/redirect?sid=20339
Effective URL: http://redirect.fallbackads.com/?subid=58349&fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dc...
Submission: On May 16 via manual from SG — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 34.196.13.28, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is redirect.fallbackads.com. The Cisco Umbrella rank of the primary domain is 159760.
This is the only time redirect.fallbackads.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 188.114.97.10 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 3.232.185.75 14618 (AMAZON-AES)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 34.196.13.28 14618 (AMAZON-AES)
5 5
2    188.114.97.10 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
adp13a.com
1    2606:4700:3035::6815:3426 (United States)

ASN13335 (CLOUDFLARENET, US)
popcash.net
2    3.232.185.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-185-75.compute-1.amazonaws.com
ps.popcash.net
1    2a06:98c1:3120::a (United States)

ASN13335 (CLOUDFLARENET, US)
go.fallbackads.com
1    34.196.13.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-13-28.compute-1.amazonaws.com
redirect.fallbackads.com
Apex Domain
Subdomains		 Transfer
3 popcash.net
popcash.net — Cisco Umbrella Rank: 22258
ps.popcash.net — Cisco Umbrella Rank: 78200
1 KB
2 fallbackads.com
go.fallbackads.com — Cisco Umbrella Rank: 75463
redirect.fallbackads.com — Cisco Umbrella Rank: 159760
3 KB
2 adp13a.com
adp13a.com — Cisco Umbrella Rank: 115781
23 KB
0 obscurelover.xyz Failed
obscurelover.xyz — Cisco Umbrella Rank: 128582 Failed
5 4
Domain Requested by
2 ps.popcash.net 1 redirects
2 adp13a.com 1 redirects
1 redirect.fallbackads.com go.fallbackads.com
1 go.fallbackads.com ps.popcash.net
1 popcash.net 1 redirects
0 obscurelover.xyz Failed
5 6

This site contains no links.

Subject Issuer Validity Valid
go.fallbackads.com
Cloudflare Inc ECC CA-3		 2022-03-26 -
2023-03-26		 a year crt.sh

This page contains 1 frames:

Frame: http://obscurelover.xyz/http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532
Frame ID: 66D5DCF99574C1D5C16B36471470710F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://adp13a.com/redirect?sid=20339 Page URL
  2. http://adp13a.com/redirect?cid=MLfzoMgRVq&http_referer=&sid=20339&subid=&s3=&7608aeed8af0227f1... HTTP 302
    http://popcash.net/world/go/78036/145866/ HTTP 301
    http://ps.popcash.net/go/78036/145866/ Page URL
  3. http://ps.popcash.net/ad/ad?p=78036&w=145866&t=b8455b3cb149106b&r=aHR0cCUzQSUyRiUyRmFkcDEzYS5jb20l... HTTP 303
    https://go.fallbackads.com/58349/?fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d... Page URL
  4. http://redirect.fallbackads.com/?subid=58349&fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26... Page URL

Page Statistics

5
Requests

20 %
HTTPS

40 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

25 kB
Transfer

25 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://adp13a.com/redirect?sid=20339 Page URL
  2. http://adp13a.com/redirect?cid=MLfzoMgRVq&http_referer=&sid=20339&subid=&s3=&7608aeed8af0227f1e451a9de1758020=1&rr=1&id=&t=1652661940&hrf=Ld6c3XPwXWusxEPY8YOi6mN6gs7K3tQVWz%2FHVo5lfmJhe7g6LkY%3D&iwx=1600&iwy=1200&owx=1600&owy=1200&isph=0&pbc=0&fp=null&hf=1&op=1&pd=24&tp=%3F&xd=%3F&yd=%3F&pl=3&mt=4&sw=1600&sh=1200&fw=1600&fh=1200&pw=0&ph=0&ow=1600x1200&iw=1600x1200&sd=24&ifr=0&coo=1&m=0&hr=2&ab=1&ua=%257B%2522ef%2522%253A%25224g%2522%252C%2522rtt%2522%253A0%252C%2522down%2522%253A9.2%252C%2522save%2522%253Afalse%257D&npl=Linux+x86_64&ncpu=%3F&nhc=4&gtz=0&nba=1&nbt=0&nve=Google+Inc.&vapp=Netscape&napv=5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F101.0.4951.64+Safari%2F537.36&ss=1&ls=1&bl=en-US&sl=undefined&dr=Intel%2520Inc.%257CIntel%2520Iris%2520OpenGL%2520Engine%257CWebGL%25201.0%2520%28OpenGL%2520ES%25202.0%2520Chromium%29&is=2139403474&wc=object&msy=undefined&ddm=undefined&ps=20030107&st=0&sp=undefined&mob=0&ifp1=0&ifp2=0&wn=&nap=0&ind=1&opd=0&dab=0&nsb=1&chk1=0&chk2=1&chk3=0&chk4=0 HTTP 302
    http://popcash.net/world/go/78036/145866/ HTTP 301
    http://ps.popcash.net/go/78036/145866/ Page URL
  3. http://ps.popcash.net/ad/ad?p=78036&w=145866&t=b8455b3cb149106b&r=aHR0cCUzQSUyRiUyRmFkcDEzYS5jb20lMkY=&vw=1600&vh=1200 HTTP 303
    https://go.fallbackads.com/58349/?fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532 Page URL
  4. http://redirect.fallbackads.com/?subid=58349&fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://adp13a.com/redirect?cid=MLfzoMgRVq&http_referer=&sid=20339&subid=&s3=&7608aeed8af0227f1e451a9de1758020=1&rr=1&id=&t=1652661940&hrf=Ld6c3XPwXWusxEPY8YOi6mN6gs7K3tQVWz%2FHVo5lfmJhe7g6LkY%3D&iwx=1600&iwy=1200&owx=1600&owy=1200&isph=0&pbc=0&fp=null&hf=1&op=1&pd=24&tp=%3F&xd=%3F&yd=%3F&pl=3&mt=4&sw=1600&sh=1200&fw=1600&fh=1200&pw=0&ph=0&ow=1600x1200&iw=1600x1200&sd=24&ifr=0&coo=1&m=0&hr=2&ab=1&ua=%257B%2522ef%2522%253A%25224g%2522%252C%2522rtt%2522%253A0%252C%2522down%2522%253A9.2%252C%2522save%2522%253Afalse%257D&npl=Linux+x86_64&ncpu=%3F&nhc=4&gtz=0&nba=1&nbt=0&nve=Google+Inc.&vapp=Netscape&napv=5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F101.0.4951.64+Safari%2F537.36&ss=1&ls=1&bl=en-US&sl=undefined&dr=Intel%2520Inc.%257CIntel%2520Iris%2520OpenGL%2520Engine%257CWebGL%25201.0%2520%28OpenGL%2520ES%25202.0%2520Chromium%29&is=2139403474&wc=object&msy=undefined&ddm=undefined&ps=20030107&st=0&sp=undefined&mob=0&ifp1=0&ifp2=0&wn=&nap=0&ind=1&opd=0&dab=0&nsb=1&chk1=0&chk2=1&chk3=0&chk4=0 HTTP 302
  • http://popcash.net/world/go/78036/145866/ HTTP 301
  • http://ps.popcash.net/go/78036/145866/
Request Chain 2
  • http://ps.popcash.net/ad/ad?p=78036&w=145866&t=b8455b3cb149106b&r=aHR0cCUzQSUyRiUyRmFkcDEzYS5jb20lMkY=&vw=1600&vh=1200 HTTP 303
  • https://go.fallbackads.com/58349/?fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532
Request Chain 3
  • http://obscurelover.xyz/?k=40b163840b982d2d06261b9806e94074.1652661942.309.2.1.cmVkaXJlY3QuZmFsbGJhY2thZHMuY29t&subid=58349&fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532&r=&z=0 HTTP 302
  • http://obscurelover.xyz/http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redirect
adp13a.com/ 		21 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://adp13a.com/redirect?sid=20339
Protocol
HTTP/1.1
Server
188.114.97.10 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
70c0178accb49007-FRA
Cache-Control
no-transform,no-cache
Connection
keep-alive
Content-Length
21811
Content-Type
text/html;charset=UTF-8
Date
Mon, 16 May 2022 00:45:41 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma
no-cache
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HUuBnA6nLWdCcjqTwrt7CrTdSsKKDeEUYia0DO%2F0QiDLc1iMRyLfxRXFS3u%2FN%2BzKkW4uuTiVcinBqFegpsQaPUJ4VAoRHdSptLJ6R3BRgg9eS8r51l2cWoyr8A1W"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
/
ps.popcash.net/go/78036/145866/
Redirect Chain
  • http://adp13a.com/redirect?cid=MLfzoMgRVq&http_referer=&sid=20339&subid=&s3=&7608aeed8af0227f1e451a9de1758020=1&rr=1&id=&t=1652661940&hrf=Ld6c3XPwXWusxEPY8YOi6mN6gs7K3tQVWz%2FHVo5lfmJhe7g6LkY%3D&iw...
  • http://popcash.net/world/go/78036/145866/
  • http://ps.popcash.net/go/78036/145866/
461 B
521 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ps.popcash.net/go/78036/145866/
Protocol
HTTP/1.1
Server
3.232.185.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-232-185-75.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
http://adp13a.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 16 May 2022 00:45:41 GMT
Server
nginx
Vary
Accept-Encoding
transfer-encoding
chunked

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
70c0178e0d95912b-FRA
Connection
keep-alive
Content-Length
162
Content-Type
text/html
Date
Mon, 16 May 2022 00:45:41 GMT
Location
http://ps.popcash.net/go/78036/145866/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGSaQUGezch%2F%2BvgJ0GT%2FctGIIatfS7Mpij%2FO5o8bKSSqIu9O9uGBJBWK4Had1Jm8RxQwtOIPqXA6Yy37X7SKakItmlfGOA6YFowyyULN%2BUWDk2HLpbJrXbKyuptQ85rUrKC%2BBX4ERGGt"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
/
go.fallbackads.com/58349/
Redirect Chain
  • http://ps.popcash.net/ad/ad?p=78036&w=145866&t=b8455b3cb149106b&r=aHR0cCUzQSUyRiUyRmFkcDEzYS5jb20lMkY=&vw=1600&vh=1200
  • https://go.fallbackads.com/58349/?fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://go.fallbackads.com/58349/?fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532
Requested by
Host: ps.popcash.net
URL: http://ps.popcash.net/go/78036/145866/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://ps.popcash.net/go/78036/145866/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
70c01791ebab6921-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 16 May 2022 00:45:42 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wngcedUzTx2sG%2BnBVvB77Tdh%2FRPYkod5BLhfurmvTiDDE%2BuDxvPpb536qJrsoiHjH8Kb%2BSz6c9vhbqijPx5v4kgEndPe3V8LlC5ZnNZCGodCpHcj8fxp4URq8ePMPyFvi3dge1J7ECA1kb4g5JkjXcQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Mon, 16 May 2022 00:45:41 GMT
Location
https://go.fallbackads.com/58349/?fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532
Server
nginx
Primary Request /
redirect.fallbackads.com/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://redirect.fallbackads.com/?subid=58349&fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532
Requested by
Host: go.fallbackads.com
URL: https://go.fallbackads.com/58349/?fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532
Protocol
HTTP/1.1
Server
34.196.13.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-13-28.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a22f6737855748ef1765f6721b651f91f4468d6f38224a5483653d30179ad689
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
close
Content-Length
1162
Content-Type
text/html
Date
Mon, 16 May 2022 00:45:42 GMT
Expires
Mon, 31 Dec 2001 23:59:59 GMT
Pragma
no-cache
Server
nginx
X-Content-Type-Options
nosniff
http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532
obscurelover.xyz/
Redirect Chain
  • http://obscurelover.xyz/?k=40b163840b982d2d06261b9806e94074.1652661942.309.2.1.cmVkaXJlY3QuZmFsbGJhY2thZHMuY29t&subid=58349&fb=http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1...
  • http://obscurelover.xyz/http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
obscurelover.xyz
URL
http://obscurelover.xyz/http%3A%2F%2Fp.rapolok.com%2Fad%2Fad%3Fp%3D4%26w%3D656532%26d%3D6d9dd1eeb5bd92dcbad4-1649865962656532

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adp13a.com
go.fallbackads.com
obscurelover.xyz
popcash.net
ps.popcash.net
redirect.fallbackads.com
obscurelover.xyz
188.114.97.10
2606:4700:3035::6815:3426
2a06:98c1:3120::a
3.232.185.75
34.196.13.28
a22f6737855748ef1765f6721b651f91f4468d6f38224a5483653d30179ad689