ww1.schington.com Open in urlscan Pro
208.91.196.145 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww
Effective URL:
http://ww1.schington.com/
Submission Tags: @phish_report
Submission: On August 05 via api (August 5th 2023, 11:13:41 pm UTC) from FI — Scanned from NL

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 5 countries across 10 domains to perform 11 HTTP transactions. The main IP is 208.91.196.145, located in and belongs to CONFLUENCE-NETWORK-INC, VG. The main domain is ww1.schington.com.

This is the only time ww1.schington.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
3 7	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:e6:... 2606:4700:e6::ac40:ca1e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3035::ac43:9efb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	51.161.115.163 51.161.115.163	16276 (OVH) (OVH)
1 1	51.83.143.92 51.83.143.92	16276 (OVH) (OVH)
1 2	2606:4700:10:... 2606:4700:10::ac43:88d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	23.235.244.212 23.235.244.212	20454 (SSASN2) (SSASN2)
1 1	95.211.75.16 95.211.75.16	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	208.91.196.145 208.91.196.145	40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC)
11	6

7 2a06:98c1:3121::3 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dakotatraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
my.ueive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
popmyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e6::ac40:ca1e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

trk150.zzzperform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::ac43:9efb (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.161.115.163 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net

t3.hightid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.83.143.92 (Warsaw, Poland) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu

t10.blowingwnd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:88d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.235.244.212 (Phoenix, United States) 1 redirects

ASN20454 (SSASN2, US)

prpops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.211.75.16 (Alphen aan den Rijn, Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

schington.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.91.196.145 (None, )

ASN40034 (CONFLUENCE-NETWORK-INC, VG)

ww1.schington.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	ueive.com 1 redirects my.ueive.com — Cisco Umbrella Rank: 635510	6 KB
3	schington.com 1 redirects schington.com ww1.schington.com	3 KB
3	zzzperform.com 1 redirects trk150.zzzperform.com	14 KB
2	prpops.com 1 redirects prpops.com — Cisco Umbrella Rank: 406282	19 KB
2	amung.us 1 redirects whos.amung.us — Cisco Umbrella Rank: 15549 widgets.amung.us — Cisco Umbrella Rank: 26744	703 B
2	popmyads.com 1 redirects popmyads.com — Cisco Umbrella Rank: 206451	2 KB
1	blowingwnd.com 1 redirects t10.blowingwnd.com — Cisco Umbrella Rank: 377421	293 B
1	hightid.com 1 redirects t3.hightid.com — Cisco Umbrella Rank: 482061	309 B
1	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 572553	1 KB
1	dakotatraff.com 1 redirects dakotatraff.com — Cisco Umbrella Rank: 155864	551 B
11	10

	Domain	Requested by
4	my.ueive.com	1 redirects trk150.zzzperform.com my.ueive.com
3	trk150.zzzperform.com	1 redirects trk150.zzzperform.com
2	ww1.schington.com	ww1.schington.com
2	prpops.com	1 redirects
2	popmyads.com	1 redirects my.ueive.com
1	schington.com	1 redirects
1	widgets.amung.us
1	whos.amung.us	1 redirects
1	t10.blowingwnd.com	1 redirects
1	t3.hightid.com	1 redirects
1	cdn.addlnk.com	my.ueive.com
1	dakotatraff.com	1 redirects
11	12

This site contains no links.

Subject Issuer	Validity	Valid
zzzperform.com GTS CA 1P5	`2023-07-24` - `2023-10-22`	3 months	crt.sh
ueive.com GTS CA 1P5	`2023-07-19` - `2023-10-17`	3 months	crt.sh
addlnk.com GTS CA 1P5	`2023-06-13` - `2023-09-11`	3 months	crt.sh
popmyads.com GTS CA 1P5	`2023-07-01` - `2023-09-29`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://ww1.schington.com/
Frame ID: 5D23419700498443F552F7D2B379168F
Requests: 8 HTTP requests in this frame

Frame: https://my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74ac0d47/invisible.js
Frame ID: 7628546687A283774DA7A6AC7502E23A
Requests: 2 HTTP requests in this frame

Frame: http://ww1.schington.com/?fp=G5Yd7hXYCeA9dHz%2Fn9Fuuowstlx7T4FLJqqOeCBLk8cx%2BgcEDopPZU0Dvw%2F3xkIyHWQEqhFblZaJjqrHYKe8f8%2Bw49YMjSGouqyWPLZOOr4g590J0NgvkjX803b6pS85hz8yGd0vXs4ViKaIQusmV1KUhPUc6koEPlShttG8M%2BWblCxhczRDXTDgsEbERtb%2F4nJQNXJGg%2BgEKnlu8xyU5fnp6v7MNz%2BCNQ7vakhv%2FfXDJvQ5WjNsAGdj2eyvqILbw0yRUXWag8RI%2Fc3wE5cNtQ%3D%3D&prvtof=e4UJ5hB8%2BjK4DFihQr38YHZWa7gz5mCpt0Sf4WZKduc%3D&poru=zYbXQ3NZ767%2B93BPLefsQsAnzFFIkBgK743SJIW4hFk%3D&_opnslfp=1&
Frame ID: 410A96906B075D852285630690258AF3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww HTTP 302
https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww Page URL
https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&code=4aY3VvBDU7Pzg6QEE... HTTP 302
https://trk150.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F... Page URL
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e... Page URL
https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub1983a0a582ef... HTTP 302
https://t10.blowingwnd.com/e.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_3k4fcald&d1=1217... HTTP 302
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ= Page URL
https://popmyads.com/gget HTTP 302
http://prpops.com/p/sjbi/direct/t:0497634000 Page URL
http://prpops.com/p/sjbi/direct/t:0497634000?prc_c=1691277214&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOi... HTTP 302
http://schington.com/MB45H/b-cm/YeM2/Oa9nMggva6VIkIDwEp1B2oKI6uPNAlGkHpA8DHYvA2DpYzHoSbA?a-4=Main... HTTP 302
http://ww1.schington.com/ Page URL

Page Statistics

11
Requests

55 %
HTTPS

44 %
IPv6

10
Domains

12
Subdomains

6
IPs

5
Countries

43 kB
Transfer

102 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww HTTP 302
https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww Page URL
https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&code=4aY3VvBDU7Pzg6QEE9PT9HREERhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2np0FydHN0Rae.SXo2MTIDZW0HODo5OguAhw8-EHOHfHgWFnqDfhtMHICJgiFRIpKWk5ooKJ.Yjy10nZ6XnZdTfaOZZTihraGfPrKxtaZCqbayR62ptXNmAnhlBlN2gnJ2d208Qz1AMTpqfYN6ho.MOmlwPU9PTlFdQ3uOlF1cZEqjYmFXT3Ghop.ZjJuZg6KuanFwdW1zd2Jrj42alJR1IG1rbmklTWxrdHk0LFB2gX9.d0JFRktFSEdPUlVNTFBXUUJ2hYuHmZFYX15jW2FlMJKoNGw1mqQ5cTqccHA-b3BycnN0Rad7fEowMQJ2agY2Nzg6CnFyDj9AQBF1e3gWRxd.hZAcgn6KkoUhhYuRJldYWSmWmZMuX19gYTKmqKedOGlqa2xtbm4-r7Sls7lGRre6rXN2ZAQ2NTY6ODo6QgxyhHt.EkVGFId7fRkZjH1-gB9QUFNXVFVaWSeLl56bLS2lnZ0yMqqboaw4gaeuoKhdh62jb0KmqKxHeHl6MTIzNDU1Njc5Ojo7PT4-QEFCQ0RFRkdISUpLTE1NT1BRUlNUVVZXWFlZW1xdXl9gYWJjZGVmZ2hpamtrbD2hqLVCc3R1dXd4eXoxMjM0NTY3ODg6Ojw9Pj9AEIiHhxWMREdTkEh0UnN0WpdPlFeSk5SVY6BYl2CbnJ2ebKlhqGurcq9nf4apdZQ-q62wqkWqtHSdnDtmcAN2eXoIOAl2bHsODnd8hBNDFIOKGElKSktNTU5QUSGZhyVWV1eKWyqOnqUvcpijoaCZVYZ7flmKp7Gkp628qrC3qbe0qLR2cGVoMHpua35te0VOdH99fHUxYldaNWyAfZB-jZiKhomGg4.Hi4iMkYqLmoyRnJielqCaopmbnaCdoaScpXiMoLSquKhkiLKwrbd0fWtxeGp4dWl1N3ltcHo8gH2Hen2DFop7fRtNUB2Rj4QiVFckiZaZKVoqmY.RL2gwnqajNWZr&_tdf=23 HTTP 302
https://trk150.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e%26pubid%3D139445_ww&vId=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&hash=270226461dc64814f22c&ete=true Page URL
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&pubid=139445_ww Page URL
https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub1983a0a582ef419f9bf40a5754957719&s=3k4fcald HTTP 302
https://t10.blowingwnd.com/e.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_3k4fcald&d1=1217p3t0dz HTTP 302
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ= Page URL
https://popmyads.com/gget HTTP 302
http://prpops.com/p/sjbi/direct/t:0497634000 Page URL
http://prpops.com/p/sjbi/direct/t:0497634000?prc_c=1691277214&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZVwvMTE1LjAuNTc5MC4xNzAgU2FmYXJpXC81MzcuMzYifQ==&prc_h=0f9a924dc2925b75d99f8e310d62de932b27332b91a1b8119fc0879554324982&pr_tsid=7fa0c0c5520d8a63d3580a84a96607dd211aace1bceffbfe725c4da877b90808&pr_tsids=26cf76b772603b5744d4c4090b60cc566e42d5c828652cc1943258534152a6bb HTTP 302
http://schington.com/MB45H/b-cm/YeM2/Oa9nMggva6VIkIDwEp1B2oKI6uPNAlGkHpA8DHYvA2DpYzHoSbA?a-4=Mainstream&af=04_MS_DP_ArmorAds_WW&mk=S27848001 HTTP 302
http://ww1.schington.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww HTTP 302
https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww

Request Chain 1

https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&code=4aY3VvBDU7Pzg6QEE9PT9HREERhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2np0FydHN0Rae.SXo2MTIDZW0HODo5OguAhw8-EHOHfHgWFnqDfhtMHICJgiFRIpKWk5ooKJ.Yjy10nZ6XnZdTfaOZZTihraGfPrKxtaZCqbayR62ptXNmAnhlBlN2gnJ2d208Qz1AMTpqfYN6ho.MOmlwPU9PTlFdQ3uOlF1cZEqjYmFXT3Ghop.ZjJuZg6KuanFwdW1zd2Jrj42alJR1IG1rbmklTWxrdHk0LFB2gX9.d0JFRktFSEdPUlVNTFBXUUJ2hYuHmZFYX15jW2FlMJKoNGw1mqQ5cTqccHA-b3BycnN0Rad7fEowMQJ2agY2Nzg6CnFyDj9AQBF1e3gWRxd.hZAcgn6KkoUhhYuRJldYWSmWmZMuX19gYTKmqKedOGlqa2xtbm4-r7Sls7lGRre6rXN2ZAQ2NTY6ODo6QgxyhHt.EkVGFId7fRkZjH1-gB9QUFNXVFVaWSeLl56bLS2lnZ0yMqqboaw4gaeuoKhdh62jb0KmqKxHeHl6MTIzNDU1Njc5Ojo7PT4-QEFCQ0RFRkdISUpLTE1NT1BRUlNUVVZXWFlZW1xdXl9gYWJjZGVmZ2hpamtrbD2hqLVCc3R1dXd4eXoxMjM0NTY3ODg6Ojw9Pj9AEIiHhxWMREdTkEh0UnN0WpdPlFeSk5SVY6BYl2CbnJ2ebKlhqGurcq9nf4apdZQ-q62wqkWqtHSdnDtmcAN2eXoIOAl2bHsODnd8hBNDFIOKGElKSktNTU5QUSGZhyVWV1eKWyqOnqUvcpijoaCZVYZ7flmKp7Gkp628qrC3qbe0qLR2cGVoMHpua35te0VOdH99fHUxYldaNWyAfZB-jZiKhomGg4.Hi4iMkYqLmoyRnJielqCaopmbnaCdoaScpXiMoLSquKhkiLKwrbd0fWtxeGp4dWl1N3ltcHo8gH2Hen2DFop7fRtNUB2Rj4QiVFckiZaZKVoqmY.RL2gwnqajNWZr&_tdf=23 HTTP 302
https://trk150.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e%26pubid%3D139445_ww&vId=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&hash=270226461dc64814f22c&ete=true

Request Chain 4

https://my.ueive.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74ac0d47/invisible.js

Request Chain 6

https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub1983a0a582ef419f9bf40a5754957719&s=3k4fcald HTTP 302
https://t10.blowingwnd.com/e.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_3k4fcald&d1=1217p3t0dz HTTP 302
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=

Request Chain 7

https://whos.amung.us/swidget/popmyads.png HTTP 307
https://widgets.amung.us/draw/?w=small&n=34800&c=ffc20e000000&p=left

Request Chain 8

https://popmyads.com/gget HTTP 302
http://prpops.com/p/sjbi/direct/t:0497634000

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

270226461dc64814f22c.js Show response
trk150.zzzperform.com/l/
Redirect Chain

https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww
https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww

36 KB
12 KB

94ms
35ms

Document
text/html

2606:4700:e6::ac40:ca1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 758
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000
cf-cache-status: HIT
cf-ray: 7f22bb34aabb0ba6-AMS
content-encoding: br
content-type: text/html
date: Sat, 05 Aug 2023 23:13:32 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 20 Aug 2019 14:25:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kceREYR4w59Y8eNrDq4mLvoV%2FJIGZugMzCsVFhpqvVkJMpwGRZFQUQIF25FiVeEWlDeWNsMxkvY4iHHeQSCx7hvUbKsX8N9NSK8WiBgqKVauPbrUJe%2F2gRLP4yxgztY67JKX5KdWYee2GSfmN5IPvvYJ7rk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7f22bb341e57b785-AMS
date: Sat, 05 Aug 2023 23:13:32 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
location: https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gMFl6nshNZ%2F8WvSqpWmmHGVJdveERQTH3M4Rtn1dDB%2Bb1qf4zP2Bhdn7W0wLQr5x2etOpVi6h%2FwCF%2Frj2DTs7yvpcL%2F%2BEmyYOMo%2BuHFY58B8ISQYeqww2mAJMLqlmHKOMv7AVHG2L3v6TgalM7g%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3

200

gw.js
trk150.zzzperform.com/
Redirect Chain

https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&code=4aY3VvBDU7Pzg6QEE9PT9HREERhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2np0FydHN0Rae.SXo2MTIDZW...
https://trk150.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e%26pubid%...

1 KB
1 KB

41ms
40ms

Document
text/html

2606:4700:e6::ac40:ca1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk150.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e%26pubid%3D139445_ww&vId=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&hash=270226461dc64814f22c&ete=true
Requested by: Host: trk150.zzzperform.com
URL: https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://trk150.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 758
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000
cf-cache-status: HIT
cf-ray: 7f22bb3599ce0bbc-AMS
content-encoding: br
content-type: text/html
date: Sat, 05 Aug 2023 23:13:33 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 05 Jul 2019 10:28:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EkHaGLSJUyMUuSfaH4NtmFsjreciQQobzNnzGbqNGh4lLEQaqXRU3KNeGoe4NIcj0j2ldFOXH1qruBXi%2BRX8y8EqCA%2BUD2PgYlmOFgP0D2hc5sYVxot%2B%2F6ZOddVkU8uE0AscvWTWRFUZ%2FE0RHZBQOJzcSTw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7f22bb353b2e0ba6-AMS
date: Sat, 05 Aug 2023 23:13:33 GMT
location: https://trk150.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e%26pubid%3D139445_ww&vId=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&hash=270226461dc64814f22c&ete=true
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WEt24ifNW8khuNPOpywkGVu1fQpKwSAwQNww0nXGJ0CpbvQT%2BGp15dEIRJ0krPlCUfLZWQy8JvrVZ%2Fx3As4U4ntxj%2FltgvnZDbyb04jlxnm08E9h%2BquDtOAyK0jbmP0%2F2qZw%2B1jsATZ%2FU41NaFOwzHFbXRQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 3d8a3d97e5 Show response
my.ueive.com/rc/ 2 KB
2 KB 140ms
81ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&pubid=139445_ww
Requested by: Host: trk150.zzzperform.com
URL: https://trk150.zzzperform.com/l/270226461dc64814f22c?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e%26pubid%3D139445_ww&vId=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&hash=270226461dc64814f22c&ete=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a8e6bf4f762a55b7d8ddd021a328a49ef644440b725de327e980963e4897d2c

Request headers

Referer: https://trk150.zzzperform.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f22bb3649ad415a-AMS
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Sat, 05 Aug 2023 23:13:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tb75vRzPHbwyexf6DuOG4HEePzxnRFERXaoKOUGOEDFck6JF11tyGFEY01yKuS0BdkO8jerqgWXmQJ0eIuZH0NNZI5jeThOLUltCyoGET4VeptUV4GAe%2BCshR2YyJL6nJ0lLJKIwxpJL09I%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 90ms
32ms Stylesheet
text/css 2606:4700:3035::ac43:9efb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&pubid=139445_ww
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9efb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 23:13:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 19JAPV28Z60256EV
age: 4518
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 1pWglJumFJ2wYL9Il2mD5zFKVQFtB1phSTFWT9iamwNoxWeMESPSsLMwbmCYqmPYreTHt4ibc3g=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4u0gqPjcMAB4cMfXzDjSSGgRgC8iNBvIHyDqiABNFmdMuFv%2FvzRGunX1gtLwYlsoD1ENg7PQKesiODm8FkL%2BrejiQgVDc7Wao2OafIrfmBDhKLULOX3Mah7Ja5b9c4yW8ktKPJPjmElna6MCg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7f22bb3729a60e88-AMS

GET
H2

200

invisible.js Show response
my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74ac0d47/ Frame 7628
Redirect Chain

https://my.ueive.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74ac0d47/invisible.js

7 KB
4 KB

31ms
31ms

Script
application/javascript

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74ac0d47/invisible.js

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8e119f4d785cb28aa19454e32c9c585a286c074ce799b2f049cca5d3dbf802a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 23:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XRCTLwTO1UWmCTWoclHuqaXXLe5lUsLB7OZreKIJ5UyDgR3O2KesJQA5QaNzXodH%2BIHKPcpzE0iHvlmZ0oy4nbKsasIsjEdnH4V2OjWEjSNYg850irwItdQw%2FuyFJSzV%2BGlclUG%2B6mR5yHk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7f22bb37aa1b415a-AMS
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 05 Aug 2023 23:13:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qKX1pVRb4YMDvPwoLHnK8xgy3RDIBK6CKzk%2BVrkWoLLw2D6ZfAR0%2Bjwx9zCvj92ZXpuvFUD18ELxHUIGRIuT3JqO4K5q2h25CvpYVK%2BqlbXzWXRYAl89PtI1hZTpCWJA2YEiNfpJ%2Bo7%2FBp4%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/74ac0d47/invisible.js
cache-control: max-age=300, public
cf-ray: 7f22bb377a13415a-AMS
alt-svc: h3=":443"; ma=86400

POST
H3 200 7f22bb3649ad415a
my.ueive.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 7628 0
591 B 46ms
45ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.ueive.com/cdn-cgi/challenge-platform/h/g/cv/result/7f22bb3649ad415a
Requested by: Host: my.ueive.com
URL: https://my.ueive.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 05 Aug 2023 23:13:33 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2BDeEeAkQPbB1c%2BJi8H0FFOuXmz4ore%2Fm4gTrS4P03SEjCMPPI8QJ%2Bu0RXgDrgzxBjnnTX%2BhFGCkbHQEDFsWQuGxEfZRXtRkBqaP0eQDI900KYoVI3pLYz7mPSx05M0h2%2F7uFve2vIymRNk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7f22bb387a950e64-AMS
alt-svc: h3=":443"; ma=86400

GET
H2

200

aHR0cDovL3RyYWZmaXg0LmNvbQ=
popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/
Redirect Chain

https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub1983a0a582ef419f9bf40a5754957719&s=3k4fcald
https://t10.blowingwnd.com/e.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_3k4fcald&d1=1217p3t0dz
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=

2 KB
1 KB

120ms
56ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=

Requested by

Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&pubid=139445_ww

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

Referer: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230806011333_c14b870b_c7f1_4245_b3c1_9b7873e3804e&pubid=139445_ww
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f22bb3bfea8b8a3-AMS
content-encoding: br
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=UTF-8
date: Sat, 05 Aug 2023 23:13:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ND8s8nhwXOt1ZrB%2BluWEqkY%2Bv1WmkfdvuRTG3v0Sk3I%2BIHKp%2BJ4cAL%2Bw7Y9J6ForE245F1aEgnxl6CcIhQ9KjuyucJ26UHYORlinqM38L%2FWcgflcQnGV7Y32OyiM%2FlKM32Wkb%2BGNcdFxuqw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: DENY
x-powered-by: PHP/7.1.33

Redirect headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sat, 05 Aug 2023 23:13:33 GMT
Location: https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=
Raund: 12uf2w0vxv-300
Round: 12c7p6j8cg
Server: nginx

GET
H2

200

/
widgets.amung.us/draw/
Redirect Chain

https://whos.amung.us/swidget/popmyads.png
https://widgets.amung.us/draw/?w=small&n=34800&c=ffc20e000000&p=left

363 B
529 B

42ms
32ms

Image
image/png

2606:4700:10::ac43:88d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.amung.us/draw/?w=small&n=34800&c=ffc20e000000&p=left
Protocol: H2
Server: 2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://popmyads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 23:13:34 GMT
cf-cache-status: HIT
last-modified: Sat, 22 Jul 2023 06:30:52 GMT
server: cloudflare
age: 1269762
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2678400
content-disposition: filename=wau-widget.png
cf-ray: 7f22bb3d9d8fb921-AMS
expires: Sun, 23 Jul 2023 06:30:52 GMT

Redirect headers

location: https://widgets.amung.us/draw/?w=small&n=34800&c=ffc20e000000&p=left
date: Sat, 05 Aug 2023 23:13:34 GMT
cache-control: max-age=295
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7f22bb3cbccbb921-AMS
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

t:0497634000 Show response
prpops.com/p/sjbi/direct/
Redirect Chain

https://popmyads.com/gget
http://prpops.com/p/sjbi/direct/t:0497634000

50 KB
18 KB

350ms
178ms

Document
text/html

23.235.244.212
SSASN2

General

Check archive.org

Show headers Download Go to

Full URL: http://prpops.com/p/sjbi/direct/t:0497634000
Protocol: HTTP/1.1
Server: 23.235.244.212 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software: nginx /
Resource Hash: 3c820a30e79ea3fd9a9c83e3028e156532e692fb32fefc27ce28847baa8dc404

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://popmyads.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Accept-CH: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Device-Memory, RTT, ECT, Downlink
Access-Control-Allow-Origin: *
Cache-Control: no-cache, must-revalidate, no-transform
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 05 Aug 2023 23:13:34 GMT
Expires: Tue, 31 Dec 2013 23:59:59 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f22bb3c6f11b8a3-AMS
content-type: text/html; charset=UTF-8
date: Sat, 05 Aug 2023 23:13:34 GMT
location: http://prpops.com/p/sjbi/direct/t:0497634000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Sk2BZe26%2BYuKCcTvM6CWh%2BDnjum%2FqaNBRC4lCHyOK7wXIQ%2BIAU%2BuIJobnvJgTjyXnaNp%2BdpHrGaQB0feMAt5ZPILk%2FQZTLHUREV8VUTYVeu7vr4PdfrsFY7aIEeUME2gNTcE4HKu9VmLP8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33

GET
H/1.1

200
OK

Primary Request / Show response
ww1.schington.com/
Redirect Chain

http://prpops.com/p/sjbi/direct/t:0497634000?prc_c=1691277214&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR...
http://schington.com/MB45H/b-cm/YeM2/Oa9nMggva6VIkIDwEp1B2oKI6uPNAlGkHpA8DHYvA2DpYzHoSbA?a-4=Mainstream&af=04_MS_DP_ArmorAds_WW&mk=S27848001
http://ww1.schington.com/

2 KB
2 KB

507ms
145ms

Document
text/html

208.91.196.145
CONFLUENCE-NETWOR...

General

Check archive.org

Show headers Download Go to

Full URL: http://ww1.schington.com/
Protocol: HTTP/1.1
Server: 208.91.196.145 -, , ASN40034 (CONFLUENCE-NETWORK-INC, VG),
Reverse DNS
Software: Apache /
Resource Hash: 626649a22ccc6bd2c96293c9533d5bd0f6189c4ca4f7f666581067c8b51bcbc7

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: http://prpops.com
Referer: http://prpops.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: Keep-Alive
Content-Length: 2072
Content-Type: text/html; charset=UTF-8
Date: Sat, 05 Aug 2023 23:13:36 GMT
Keep-Alive: timeout=5, max=126
Server: Apache
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_nkvtlyH0jYrSOmDYe/tymP+LY7DhzXJ5EslxoK5QXg3IfOQiVEJrTORR1iGa0WR5BiETai/gfeXdbN8QQwmnaw==

Redirect headers

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sat, 05 Aug 2023 23:13:34 GMT
location: http://ww1.schington.com
server: nginx

GET
H/1.1 403
Forbidden / Show response
ww1.schington.com/ Frame 410A 272 B
468 B 126ms
126ms Document
text/html 208.91.196.145
CONFLUENCE-NETWOR...

General

Check archive.org

Show headers Download Go to

Full URL: http://ww1.schington.com/?fp=G5Yd7hXYCeA9dHz%2Fn9Fuuowstlx7T4FLJqqOeCBLk8cx%2BgcEDopPZU0Dvw%2F3xkIyHWQEqhFblZaJjqrHYKe8f8%2Bw49YMjSGouqyWPLZOOr4g590J0NgvkjX803b6pS85hz8yGd0vXs4ViKaIQusmV1KUhPUc6koEPlShttG8M%2BWblCxhczRDXTDgsEbERtb%2F4nJQNXJGg%2BgEKnlu8xyU5fnp6v7MNz%2BCNQ7vakhv%2FfXDJvQ5WjNsAGdj2eyvqILbw0yRUXWag8RI%2Fc3wE5cNtQ%3D%3D&prvtof=e4UJ5hB8%2BjK4DFihQr38YHZWa7gz5mCpt0Sf4WZKduc%3D&poru=zYbXQ3NZ767%2B93BPLefsQsAnzFFIkBgK743SJIW4hFk%3D&_opnslfp=1&
Requested by: Host: ww1.schington.com
URL: http://ww1.schington.com/
Protocol: HTTP/1.1
Server: 208.91.196.145 -, , ASN40034 (CONFLUENCE-NETWORK-INC, VG),
Reverse DNS
Software: Apache /
Resource Hash: 7da15bb6457dbb866a293c12b681441c8a4a02817ac3fccdcb0cd357660cca9b

Request headers

Referer: http://ww1.schington.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: Keep-Alive
Content-Length: 272
Content-Type: text/html; charset=UTF-8
Date: Sat, 05 Aug 2023 23:13:36 GMT
Keep-Alive: timeout=5, max=125
Server: Apache

Verdicts & Comments Add Verdict or Comment

Malicious task.domain
Submitted on August 5th 2023, 11:14:42 pm UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN MALWARE: https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww sent by botnet using harvested email addresses and malicious websites: https://clicks.my-pro-crastinauts.com http://www.trk1.prttrx.com https://www.lemianoru.com http://go.reperserv.com https://eastrk-dl.com http://track.aditserve.com https://www.cominuty.com https://armorads.aftrad-visit.com https://manuqas.com https://dakotatraff.com https://trk149.zzzperform.com

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
prpops.com/p/sjbi/direct	1970-01-20 18:07:09	Name: woa1quur7O Value: 1103262597a1ee25d661969a641a3e902cf47825e54b6acc8bb3a0ca34c51c1b8ee37546bea6b654aa3a67e4b5122c2814df3388b6caa1045fb102e0fc0cfd06
prpops.com/p/sjbi/direct	1970-01-20 13:47:57	Name: biscuit_suus99w8 Value: 2c8b94771489109348046a81e698de7e65fdb354d1e632d57b8fb726a6b3724d
trk150.zzzperform.com/	1970-01-20 23:23:57	Name: BSESSID Value: trk676b9682-8d6f-4157-9763-0c6d07d04f1f
my.ueive.com/	1970-01-20 13:58:02	Name: AWSALB Value: wLKSsIIcCMQfwSRLg5Dfo1SCQsjFA9HVPyC/weoA4dzGlMiKAgp6hLI698fdKWFcw+E4MrR+a45WUpV8Z5Ih2sODqsgWtu8p88u248zdW0oP+oOqW2JlizarQO8j
.ueive.com/	1970-01-20 22:33:33	Name: cf_clearance Value: AEBLeiFEOaiDawi_LsHBr.AbuETkrLbjT_7QbqAOV_Q-1691277213-0-1-e26cf8ed.c5573d36.5a832e0f-0.2.1691277213
.schington.com/	1970-01-20 23:23:57	Name: sid Value: b3c59c22-33e5-11ee-adb1-58c48910ae90

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://ww1.schington.com/?fp=G5Yd7hXYCeA9dHz%2Fn9Fuuowstlx7T4FLJqqOeCBLk8cx%2BgcEDopPZU0Dvw%2F3xkIyHWQEqhFblZaJjqrHYKe8f8%2Bw49YMjSGouqyWPLZOOr4g590J0NgvkjX803b6pS85hz8yGd0vXs4ViKaIQusmV1KUhPUc6koEPlShttG8M%2BWblCxhczRDXTDgsEbERtb%2F4nJQNXJGg%2BgEKnlu8xyU5fnp6v7MNz%2BCNQ7vakhv%2FfXDJvQ5WjNsAGdj2eyvqILbw0yRUXWag8RI%2Fc3wE5cNtQ%3D%3D&prvtof=e4UJ5hB8%2BjK4DFihQr38YHZWa7gz5mCpt0Sf4WZKduc%3D&poru=zYbXQ3NZ767%2B93BPLefsQsAnzFFIkBgK743SJIW4hFk%3D&_opnslfp=1& Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.addlnk.com
dakotatraff.com
my.ueive.com
popmyads.com
prpops.com
schington.com
t10.blowingwnd.com
t3.hightid.com
trk150.zzzperform.com
whos.amung.us
widgets.amung.us
ww1.schington.com
208.91.196.145
23.235.244.212
2606:4700:10::ac43:88d
2606:4700:3035::ac43:9efb
2606:4700:e6::ac40:ca1e
2a06:98c1:3121::3
51.161.115.163
51.83.143.92
95.211.75.16
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
3a8e6bf4f762a55b7d8ddd021a328a49ef644440b725de327e980963e4897d2c
3c820a30e79ea3fd9a9c83e3028e156532e692fb32fefc27ce28847baa8dc404
626649a22ccc6bd2c96293c9533d5bd0f6189c4ca4f7f666581067c8b51bcbc7
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
7da15bb6457dbb866a293c12b681441c8a4a02817ac3fccdcb0cd357660cca9b
b8e119f4d785cb28aa19454e32c9c585a286c074ce799b2f049cca5d3dbf802a

ww1.schington.com Open in urlscan Pro 208.91.196.145 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

11 Requests

55 %HTTPS

44 %IPv6

10 Domains

12 Subdomains

6 IPs

5 Countries

43 kBTransfer

102 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious task.domain Submitted on August 5th 2023, 11:14:42 pm UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

1 JavaScript Global Variables

6 Cookies

1 Console Messages

Indicators

ww1.schington.com Open in urlscan Pro
208.91.196.145 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

55 %
HTTPS

44 %
IPv6

10
Domains

12
Subdomains

6
IPs

5
Countries

43 kB
Transfer

102 kB
Size

6
Cookies

11 HTTP transactions
0 data transactions

Malicious task.domain
Submitted on August 5th 2023, 11:14:42 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!