www.adsenhance.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 4 HTTP transactions. The main IP is 132.148.145.128, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is www.adsenhance.com.

This is the only time www.adsenhance.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	168.235.82.87 168.235.82.87	3842 (RAMNODE) (RAMNODE - RamNode LLC)
1	132.148.145.128 132.148.145.128	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
1 1	52.31.96.65 52.31.96.65	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	34.255.204.251 34.255.204.251	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2606:4700:21:... 2606:4700:21::681b:cd5c	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4	3

3 168.235.82.87 (Atlanta, United States) 1 redirects

ASN3842 (RAMNODE - RamNode LLC, US)
PTR: uropika.world

fb7s.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 132.148.145.128 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-132-148-145-128.ip.secureserver.net

www.adsenhance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.31.96.65 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-31-96-65.eu-west-1.compute.amazonaws.com

c.opicle360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.204.251 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-255-204-251.eu-west-1.compute.amazonaws.com

app.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:21::681b:cd5c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

apk.khelplayrummy.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	fb7s.com 1 redirects fb7s.com	893 B
1	khelplayrummy.net apk.khelplayrummy.net
1	appsflyer.com 1 redirects app.appsflyer.com	489 B
1	opicle360.com 1 redirects c.opicle360.com	2 KB
1	adsenhance.com www.adsenhance.com	1 KB
4	5

	Domain	Requested by
3	fb7s.com	1 redirects fb7s.com
1	apk.khelplayrummy.net	www.adsenhance.com
1	app.appsflyer.com	1 redirects
1	c.opicle360.com	1 redirects
1	www.adsenhance.com	fb7s.com
4	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-10-30` - `2020-10-09`	a year	crt.sh

This page contains 1 frames:

Frame: https://apk.khelplayrummy.net/file/kpr-apk/khelplayrummy_cash.apk?af_siteid=45&pid=opicle_int&af_click_lookback=7d&clickid=3-bnneuj2lam8scb69l270
Frame ID: 0D726ECD822CDCAE2F3E025085575D29
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://fb7s.com/LLMLQKQZYLPHZ HTTP 301
http://fb7s.com/rd.php?LLMLQKQZYLPHZ Page URL
http://fb7s.com/redirect.php?rid=11518389&cid=1629 Page URL
http://www.adsenhance.com/goto/?offer=16131&aff=1047 Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

25 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

2 kB
Transfer

0 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://fb7s.com/LLMLQKQZYLPHZ HTTP 301
http://fb7s.com/rd.php?LLMLQKQZYLPHZ Page URL
http://fb7s.com/redirect.php?rid=11518389&cid=1629 Page URL
http://www.adsenhance.com/goto/?offer=16131&aff=1047 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://fb7s.com/LLMLQKQZYLPHZ HTTP 301
http://fb7s.com/rd.php?LLMLQKQZYLPHZ

Request Chain 2

https://c.opicle360.com/?a=45&c=2888&E=6wdtJZJlpro%3d&s1=16131X1047XXlDfppTfdX0X1447610930 HTTP 302
https://app.appsflyer.com/com.khelplay.rummy-Standalone?af_siteid=45&pid=opicle_int&af_r=https%3A%2F%2Fapk.khelplayrummy.net%2Ffile%2Fkpr-apk%2Fkhelplayrummy_cash.apk&af_click_lookback=7d&clickid=3-bnneuj2lam8scb69l270 HTTP 302
https://apk.khelplayrummy.net/file/kpr-apk/khelplayrummy_cash.apk?af_siteid=45&pid=opicle_int&af_click_lookback=7d&clickid=3-bnneuj2lam8scb69l270

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	rd.php Show response fb7s.com/ Redirect Chain http://fb7s.com/LLMLQKQZYLPHZ http://fb7s.com/rd.php?LLMLQKQZYLPHZ	111 B 316 B	91ms 90ms	Document text/html	168.235.82.87 RamNode LLC
General Check archive.org Show headers Download Go to Full URL http://fb7s.com/rd.php?LLMLQKQZYLPHZ Protocol HTTP/1.1 Server 168.235.82.87 Atlanta, United States, ASN3842 (RAMNODE - RamNode LLC, US), Reverse DNS uropika.world Software nginx / PHP/7.4.0 Resource Hash `381f3d64928a217dc3433768e64411b35a7a0e3ce013fdaa2333815d3b2c2800` Request headers Host fb7s.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx Date Tue, 10 Dec 2019 01:05:14 GMT Content-Type text/html; charset=UTF-8 Content-Length 111 Connection keep-alive Keep-Alive timeout=60 X-Powered-By PHP/7.4.0 Redirect headers Server nginx Date Tue, 10 Dec 2019 01:05:14 GMT Content-Type text/html; charset=iso-8859-1 Content-Length 244 Connection keep-alive Keep-Alive timeout=60 Location http://fb7s.com/rd.php?LLMLQKQZYLPHZ
GET H/1.1	200 OK	redirect.php fb7s.com/	124 B 329 B	1321ms 1320ms	Document text/html	168.235.82.87 RamNode LLC
General Check archive.org Show headers Download Go to Full URL http://fb7s.com/redirect.php?rid=11518389&cid=1629 Requested by Host: fb7s.com URL: http://fb7s.com/rd.php?LLMLQKQZYLPHZ Protocol HTTP/1.1 Server 168.235.82.87 Atlanta, United States, ASN3842 (RAMNODE - RamNode LLC, US), Reverse DNS uropika.world Software nginx / PHP/7.4.0 Resource Hash Request headers Host fb7s.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://fb7s.com/rd.php?LLMLQKQZYLPHZ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://fb7s.com/rd.php?LLMLQKQZYLPHZ Response headers Server nginx Date Tue, 10 Dec 2019 01:05:15 GMT Content-Type text/html; charset=UTF-8 Content-Length 124 Connection keep-alive Keep-Alive timeout=60 X-Powered-By PHP/7.4.0
GET H/1.1	200 OK	Primary Request Cookie set / Show response www.adsenhance.com/goto/	214 B 1 KB	465ms 163ms	Document text/html	132.148.145.128 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://www.adsenhance.com/goto/?offer=16131&aff=1047 Requested by Host: fb7s.com URL: http://fb7s.com/redirect.php?rid=11518389&cid=1629 Protocol HTTP/1.1 Server 132.148.145.128 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-132-148-145-128.ip.secureserver.net Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `73c82053e30d28ecd7b185c3191e0bad3df2acdc70a7e6f4b09a4670e2eda671` Request headers Host www.adsenhance.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://fb7s.com/redirect.php?rid=11518389&cid=1629 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://fb7s.com/redirect.php?rid=11518389&cid=1629 Response headers Cache-Control private Content-Type text/html Server Microsoft-IIS/8.5 Set-Cookie phxKeyValuexxx16131=; expires=Thu, 09-Jan-2020 01:05:40 GMT; path=/ phxCreativeIdxxx16131=0; expires=Thu, 09-Jan-2020 01:05:40 GMT; path=/ phxReferrerxxx16131=http%3A%2F%2Ffb7s%2Ecom%2Fredirect%2Ephp%3Frid%3D11518389%26cid%3D1629; expires=Thu, 09-Jan-2020 01:05:40 GMT; path=/ phxPublisherIdxxx16131=1047; expires=Thu, 09-Jan-2020 01:05:40 GMT; path=/ PhxClickDateTimexxx16131=12%2F10%2F2019+6%3A35%3A40+AM; expires=Thu, 09-Jan-2020 01:05:40 GMT; path=/ isoffext161311047=12%2F9%2F2019+6%3A05%3A40+PM; path=/ subId2xxx16131=; expires=Thu, 09-Jan-2020 01:05:40 GMT; path=/ subIdxxx16131=; expires=Thu, 09-Jan-2020 01:05:40 GMT; path=/ phxUnique=; path=/ ASPSESSIONIDSSAASBDQ=FNDLKIBDKKLPNMMLHNOCNPPI; path=/ X-Powered-By ASP.NET X-Powered-By-Plesk PleskWin Date Tue, 10 Dec 2019 01:05:39 GMT Content-Length 214
GET H2	200	khelplayrummy_cash.apk apk.khelplayrummy.net/file/kpr-apk/ Redirect Chain https://c.opicle360.com/?a=45&c=2888&E=6wdtJZJlpro%3d&s1=16131X1047XXlDfppTfdX0X1447610930 https://app.appsflyer.com/com.khelplay.rummy-Standalone?af_siteid=45&pid=opicle_int&af_r=https%3A%2F%2Fapk.khelplayrummy.net%2Ffile%2Fkpr-apk%2Fkhelplayrummy_cash.apk&af_click_lookback=7d&clickid=3... https://apk.khelplayrummy.net/file/kpr-apk/khelplayrummy_cash.apk?af_siteid=45&pid=opicle_int&af_click_lookback=7d&clickid=3-bnneuj2lam8scb69l270	0 0	520ms 431ms	Document application/octet-stream	2606:4700:21::681b:cd5c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://apk.khelplayrummy.net/file/kpr-apk/khelplayrummy_cash.apk?af_siteid=45&pid=opicle_int&af_click_lookback=7d&clickid=3-bnneuj2lam8scb69l270 Requested by Host: www.adsenhance.com URL: http://www.adsenhance.com/goto/?offer=16131&aff=1047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:21::681b:cd5c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash Request headers :method GET :authority apk.khelplayrummy.net :scheme https :path /file/kpr-apk/khelplayrummy_cash.apk?af_siteid=45&pid=opicle_int&af_click_lookback=7d&clickid=3-bnneuj2lam8scb69l270 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site cross-site sec-fetch-mode navigate referer http://www.adsenhance.com/goto/?offer=16131&aff=1047 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://www.adsenhance.com/goto/?offer=16131&aff=1047 Response headers status 200 date Tue, 10 Dec 2019 01:05:16 GMT content-type application/octet-stream content-length 24268770 set-cookie __cfduid=d5532292b3eb0482205a2cd1465c760031575939916; expires=Thu, 09-Jan-20 01:05:16 GMT; path=/; domain=.khelplayrummy.net; HttpOnly; Secure cache-control max-age=86400 x-bz-file-name khelplayrummy_cash.apk x-bz-file-id 4_zeb9ddeb762dc8e3a63740116_f115a33654dbca40f_d20191111_m083832_c002_v0001132_t0052 x-bz-content-sha1 629bab0faa158697b1e83e9470d02cbcb8b4e63a x-bz-upload-timestamp 1573461512000 x-bz-info-src_last_modified_millis 1573460808158 cf-cache-status MISS accept-ranges bytes expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding server cloudflare cf-ray 542b4f3e1d9f5a12-VIE Redirect headers Content-Type application/octet-stream Date Tue, 10 Dec 2019 01:05:16 GMT Location https://apk.khelplayrummy.net/file/kpr-apk/khelplayrummy_cash.apk?af_siteid=45&pid=opicle_int&af_click_lookback=7d&clickid=3-bnneuj2lam8scb69l270 Set-Cookie af_id=52ba8778-37ca-4f8d-a4ac-777f7e7b15df-c;Expires=Thu, 09 Dec 2021 01:05:16 +0000;Domain=appsflyer.com;Path=/ Strict-Transport-Security max-age=31536000; includeSubDomains Content-Length 0 Connection keep-alive

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apk.khelplayrummy.net
app.appsflyer.com
c.opicle360.com
fb7s.com
www.adsenhance.com
132.148.145.128
168.235.82.87
2606:4700:21::681b:cd5c
34.255.204.251
52.31.96.65
381f3d64928a217dc3433768e64411b35a7a0e3ce013fdaa2333815d3b2c2800
73c82053e30d28ecd7b185c3191e0bad3df2acdc70a7e6f4b09a4670e2eda671

www.adsenhance.com Open in urlscan Pro 132.148.145.128 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

25 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

3 IPs

2 Countries

2 kBTransfer

0 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

Indicators

www.adsenhance.com Open in urlscan Pro
132.148.145.128 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

25 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

2 kB
Transfer

0 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions