urlscan.io logo urlscan.io
SecurityTrails logo

www.dexchangeinc.com Open in urlscan Pro
35.201.117.228  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://p.skla-gr.alaw.co/
Effective URL: https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576
Submission: On May 14 via api from PT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 36 domains to perform 38 HTTP transactions. The main IP is 35.201.117.228, located in Ann Arbor, United States and belongs to GOOGLE - Google LLC, US. The main domain is www.dexchangeinc.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on March 8th 2018. Valid for: 2 years.
This is the only time www.dexchangeinc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 104.24.116.8 13335 (CLOUDFLAR...)
2 2 104.18.53.132 13335 (CLOUDFLAR...)
1 1 52.45.80.229 14618 (AMAZON-AES)
1 1 35.161.197.104 16509 (AMAZON-02)
1 2 52.58.209.136 16509 (AMAZON-02)
1 3 62.212.87.142 60781 (LEASEWEB-...)
1 54.72.97.67 16509 (AMAZON-02)
2 31.220.24.95 39572 (ADVANCEDH...)
3 172.217.21.237 15169 (GOOGLE)
1 1 172.217.21.238 15169 (GOOGLE)
2 35.201.117.228 15169 (GOOGLE)
38 7
1    104.24.116.8 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
p.skla-gr.alaw.co
2    104.18.53.132 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
rd.rfvt.co
1    52.45.80.229 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-45-80-229.compute-1.amazonaws.com
mo.owmdlsur.com
1    35.161.197.104 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-161-197-104.us-west-2.compute.amazonaws.com
168.sedapmeesiam.gold
2    52.58.209.136 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-58-209-136.eu-central-1.compute.amazonaws.com
www.greatestapps.mobi
3    62.212.87.142 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
skybiter.com
1    54.72.97.67 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-97-67.eu-west-1.compute.amazonaws.com
traffic.tc-clicks.com
2    31.220.24.95 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
xebadu.com
3    172.217.21.237 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f237.1e100.net
accounts.google.com
1    172.217.21.238 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f238.1e100.net
plus.google.com
2    35.201.117.228 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 228.117.201.35.bc.googleusercontent.com
www.dexchangeinc.com
Apex Domain
Subdomains		 Transfer
4 google.com
accounts.google.com
plus.google.com
67 KB
3 skybiter.com
skybiter.com
21 KB
2 dexchangeinc.com
www.dexchangeinc.com
2 KB
2 xebadu.com
xebadu.com
4 KB
2 greatestapps.mobi
www.greatestapps.mobi
45 KB
2 rfvt.co
rd.rfvt.co
766 B
1 tc-clicks.com
traffic.tc-clicks.com
1 KB
1 sedapmeesiam.gold
168.sedapmeesiam.gold
3 KB
1 owmdlsur.com
mo.owmdlsur.com
932 B
1 alaw.co
p.skla-gr.alaw.co
978 B
0 vk.com Failed
vk.com Failed
0 indeed.com Failed
secure.indeed.com Failed
0 bitbucket.org Failed
bitbucket.org Failed
0 meetup.com Failed
secure.meetup.com Failed
0 disqus.com Failed
disqus.com Failed
0 airbnb.com Failed
www.airbnb.com Failed
0 500px.com Failed
500px.com Failed
0 paypal.com Failed
www.paypal.com Failed
0 khanacademy.org Failed
www.khanacademy.org Failed
0 slack.com Failed
slack.com Failed
0 edx.org Failed
courses.edx.org Failed
0 carbonmade.com Failed
carbonmade.com Failed
0 medium.com Failed
medium.com Failed
0 github.com Failed
github.com Failed
0 steampowered.com Failed
store.steampowered.com Failed
0 battle.net Failed
eu.battle.net Failed
0 foursquare.com Failed
de.foursquare.com Failed
0 pinterest.com Failed
www.pinterest.com Failed
0 dropbox.com Failed
www.dropbox.com Failed
0 expedia.de Failed
www.expedia.de Failed
0 tumblr.com Failed
www.tumblr.com Failed
0 reddit.com Failed
www.reddit.com Failed
0 live.com Failed
login.live.com Failed
0 facebook.com Failed
www.facebook.com Failed
0 twitter.com Failed
twitter.com Failed
0 squareup.com Failed
squareup.com Failed
38 36
Domain Requested by
3 accounts.google.com xebadu.com
3 skybiter.com 1 redirects www.greatestapps.mobi
skybiter.com
2 www.dexchangeinc.com xebadu.com
www.dexchangeinc.com
2 xebadu.com xebadu.com
2 www.greatestapps.mobi 1 redirects
2 rd.rfvt.co 2 redirects
1 plus.google.com 1 redirects
1 traffic.tc-clicks.com skybiter.com
1 168.sedapmeesiam.gold 1 redirects
1 mo.owmdlsur.com 1 redirects
1 p.skla-gr.alaw.co 1 redirects
0 vk.com Failed xebadu.com
0 secure.indeed.com Failed xebadu.com
0 bitbucket.org Failed xebadu.com
0 secure.meetup.com Failed xebadu.com
0 disqus.com Failed xebadu.com
0 www.airbnb.com Failed xebadu.com
0 500px.com Failed xebadu.com
0 www.paypal.com Failed xebadu.com
0 www.khanacademy.org Failed xebadu.com
0 slack.com Failed xebadu.com
0 courses.edx.org Failed xebadu.com
0 carbonmade.com Failed xebadu.com
0 medium.com Failed xebadu.com
0 github.com Failed xebadu.com
0 store.steampowered.com Failed xebadu.com
0 eu.battle.net Failed xebadu.com
0 de.foursquare.com Failed xebadu.com
0 www.pinterest.com Failed xebadu.com
0 www.dropbox.com Failed xebadu.com
0 www.expedia.de Failed xebadu.com
0 www.tumblr.com Failed xebadu.com
0 www.reddit.com Failed xebadu.com
0 login.live.com Failed
0 www.facebook.com Failed xebadu.com
0 twitter.com Failed xebadu.com
0 squareup.com Failed xebadu.com
38 37

This site contains no links.

Subject Issuer Validity Valid
xebadu.com
Let's Encrypt Authority X3		 2018-03-29 -
2018-06-27		 3 months crt.sh
dexchangeinc.com
COMODO RSA Domain Validation Secure Server CA		 2018-03-08 -
2020-03-07		 2 years crt.sh

This page contains 1 frames:

Frame: https://www.dexchangeinc.com/jump/next.php?stamat=m%7C%2CUojKSo3KqB1dAN0dEdHP3xP.eaf%2CZaz_3s2fLXuxRPwiWzNnj3Zfbfw4ipVdVx-wJNojHD14z46P9WXAX8p8TJz-YyS9zxz2BM6gnIhI7eoW4eV5Bpj87c5rejqgZbpXLFCwIYg%2C&cbrandom=0.29040344148214325&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fxebadu.com%2Fafu.php%3Fzoneid%3D1433141%26var%3D1540576
Frame ID: CA25FEAF5A054CB6D34037B9304E470E
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://p.skla-gr.alaw.co/ HTTP 302
    http://rd.rfvt.co/c/i?q=RL62gWI3opjJTPxzHEAMZjpMWOxAkrCPTVy28ytwDt2hVlPh9RJs3aIaoin8ygiFzFmah0... HTTP 302
    http://rd.rfvt.co/c/i?pid=0&oid=0&unum=&uname=&toPsa=1&reason=noQparamPre HTTP 302
    http://mo.owmdlsur.com/t/clk?&id=66ntoLgFjxLI16Oocg&s1=313939383231353236333138313933&s2=0&s3= HTTP 302
    http://168.sedapmeesiam.gold/click/mnOSlDfRGFOwcl?affid=1477&pubid=5006&c2=09608425-450e-4065-9828-4f7b8d... HTTP 302
    http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5... Page URL
  2. http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5... HTTP 302
    http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258 Page URL
  3. http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258&... HTTP 302
    http://skybiter.com/gw?sub=9039500101019746256-201805-f084c8c53e&source=82258&url=http%3A%2F%2Ft... Page URL
  4. http://traffic.tc-clicks.com/?p=2827&media_type=mainstream&click_id=bmconv_20180514201849_f102c7bd_20e7_4... Page URL
  5. https://xebadu.com/afu.php?zoneid=1540576&ymid=lyr7y2h5mpco4wskkw88kc04,12629615,5,2827&pid=121... Page URL
  6. https://xebadu.com/?zoneid=1540576&r=%2Fmb%2Fhan%2Fdl&nojs=0&x=1600&y=1200&t=0&ix=0&fs=0&timeou... Page URL
  7. https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

38
Requests

11 %
HTTPS

0 %
IPv6

36
Domains

37
Subdomains

7
IPs

4
Countries

138 kB
Transfer

111 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://p.skla-gr.alaw.co/ HTTP 302
    http://rd.rfvt.co/c/i?q=RL62gWI3opjJTPxzHEAMZjpMWOxAkrCPTVy28ytwDt2hVlPh9RJs3aIaoin8ygiFzFmah0V%2FLpNCwuRoeDt%2BgtElsMAkVRSQwB8jCf7rn2E67zEG2k4kHINx4ike%2BvK%2BL7Q4b6o%2BbUYiQ4Kl5HSuNsxHE5jP4NMvZUJGMtSX19kOE8o06eYIWZeD2drae%2F%2BlVnwrE%2FSEODoAgiH8Uly7s86jvk7M%2Bbt3%2FdImw3EMzBXhihGbzxvFCmHzv3Z3f6xCiCmzQz7U5AjHlbduM%2B203mkqevxM864V1Gt7i13Nhir0d7o1%2Bv%2Bg4XFQAMwADV2EE%2BQDfLFoxa9Lp2vtjEHaFw%3D%3D HTTP 302
    http://rd.rfvt.co/c/i?pid=0&oid=0&unum=&uname=&toPsa=1&reason=noQparamPre HTTP 302
    http://mo.owmdlsur.com/t/clk?&id=66ntoLgFjxLI16Oocg&s1=313939383231353236333138313933&s2=0&s3= HTTP 302
    http://168.sedapmeesiam.gold/click/mnOSlDfRGFOwcl?affid=1477&pubid=5006&c2=09608425-450e-4065-9828-4f7b8dade08c HTTP 302
    http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5e9b1ae6141af6&pubid=5006 Page URL
  2. http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5e9b1ae6141af6&pubid=5006&jsed=3 HTTP 302
    http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258 Page URL
  3. http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258&code=EPZf9uCq6XVjfBBMRWEuATNLQ5dPrwBWwc6ZFe5z7qBkUJurSsqRgS5KiyqEZe5J9ZtA2Zdd9p8ftpz4EATqV9DPfANbbtddjAkfqXk76qXccwnz32VH5LibQprH9kQHF92uem74Pf2x5cUmvMLNf5PQzY5NDowdazAfMmwjaDLYnKWkNZH78nEjMZrr8Lo98cEh5y37haU82hJT7LxsqyESpkNTnRgPWTLHA4rbmm4GYYfM6YWVvnccKKFZCX45gamutZ6MXiKaADD1Mbd9p6zrcGvJcTbjF3ZTDX3ER4PWr7z69RaBrz2S6CqzEi8CVPRthepUtmEnbzy46vXwS8WGKvAXKw9rwonqrtZEKTCYtJqLvRW31tHptFVMX4P1zc9rkD1qkGJUxCxgD1AMqLrjKsaCqa45R6kfCsjR8b3juE5AWme1sgCBd7R8w8SGh2d6m3EVT9Nx4suAx9VSw8jnuJrXca9YcZ9KWhdVx4WTnhsbvE58EQ6fohiJ2hc8PTJ24PDLHVa9Q6o6EXiLRnyc2pCbKt3zFUgNB9TCx1vsXY6FE5tBHK2Qm4swiuNBJxGD44Zjms5PXWjdFu258EfGXv64bBPtA2fDtSCSpJ6Ywv4PreQVm7BKfJ1jqQBXh3nqqAx9HUBcAYcAqzm1v7XW58PL7V3kTVkiWGvSKAweQ6uHia7PgUSfJinXP4eS5AgNN6KEEdHo3EMegjsVhj7LAZdVEx5T7aRxYMDbThdnXyTsFEBwskLbhFpV2781yS3tLCssfXymF1RL5ytpGtng4ft2BGyS77GpcC8X53NDUaNPNWveH1eYYCPwx3iKSnbW2Twv2WqSTMxS8oZ3QTQv4szNk6BhACm3yKBvQmmveZgEqcRPS2GGKRQaqVii HTTP 302
    http://skybiter.com/gw?sub=9039500101019746256-201805-f084c8c53e&source=82258&url=http%3A%2F%2Ftraffic.tc-clicks.com%2F%3Fp%3D2827%26media_type%3Dmainstream%26click_id%3Dbmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00%26sub_id%3D567_82258&vId=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&hash=642685809ea32be499&ete=true Page URL
  4. http://traffic.tc-clicks.com/?p=2827&media_type=mainstream&click_id=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&sub_id=567_82258 Page URL
  5. https://xebadu.com/afu.php?zoneid=1540576&ymid=lyr7y2h5mpco4wskkw88kc04,12629615,5,2827&pid=121&var=2827&ctrack=1526321929.402534150 Page URL
  6. https://xebadu.com/?zoneid=1540576&r=%2Fmb%2Fhan%2Fdl&nojs=0&x=1600&y=1200&t=0&ix=0&fs=0&timeout=0&var=2827&ymid=lyr7y2h5mpco4wskkw88kc04%2C12629615%2C5%2C2827&pb=661eca35b8b13f57af5d01abce311d921526329129&pid=121&sp= Page URL
  7. https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://p.skla-gr.alaw.co/ HTTP 302
  • http://rd.rfvt.co/c/i?q=RL62gWI3opjJTPxzHEAMZjpMWOxAkrCPTVy28ytwDt2hVlPh9RJs3aIaoin8ygiFzFmah0V%2FLpNCwuRoeDt%2BgtElsMAkVRSQwB8jCf7rn2E67zEG2k4kHINx4ike%2BvK%2BL7Q4b6o%2BbUYiQ4Kl5HSuNsxHE5jP4NMvZUJGMtSX19kOE8o06eYIWZeD2drae%2F%2BlVnwrE%2FSEODoAgiH8Uly7s86jvk7M%2Bbt3%2FdImw3EMzBXhihGbzxvFCmHzv3Z3f6xCiCmzQz7U5AjHlbduM%2B203mkqevxM864V1Gt7i13Nhir0d7o1%2Bv%2Bg4XFQAMwADV2EE%2BQDfLFoxa9Lp2vtjEHaFw%3D%3D HTTP 302
  • http://rd.rfvt.co/c/i?pid=0&oid=0&unum=&uname=&toPsa=1&reason=noQparamPre HTTP 302
  • http://mo.owmdlsur.com/t/clk?&id=66ntoLgFjxLI16Oocg&s1=313939383231353236333138313933&s2=0&s3= HTTP 302
  • http://168.sedapmeesiam.gold/click/mnOSlDfRGFOwcl?affid=1477&pubid=5006&c2=09608425-450e-4065-9828-4f7b8dade08c HTTP 302
  • http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5e9b1ae6141af6&pubid=5006
Request Chain 1
  • http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5e9b1ae6141af6&pubid=5006&jsed=3 HTTP 302
  • http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258
Request Chain 2
  • http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258&code=EPZf9uCq6XVjfBBMRWEuATNLQ5dPrwBWwc6ZFe5z7qBkUJurSsqRgS5KiyqEZe5J9ZtA2Zdd9p8ftpz4EATqV9DPfANbbtddjAkfqXk76qXccwnz32VH5LibQprH9kQHF92uem74Pf2x5cUmvMLNf5PQzY5NDowdazAfMmwjaDLYnKWkNZH78nEjMZrr8Lo98cEh5y37haU82hJT7LxsqyESpkNTnRgPWTLHA4rbmm4GYYfM6YWVvnccKKFZCX45gamutZ6MXiKaADD1Mbd9p6zrcGvJcTbjF3ZTDX3ER4PWr7z69RaBrz2S6CqzEi8CVPRthepUtmEnbzy46vXwS8WGKvAXKw9rwonqrtZEKTCYtJqLvRW31tHptFVMX4P1zc9rkD1qkGJUxCxgD1AMqLrjKsaCqa45R6kfCsjR8b3juE5AWme1sgCBd7R8w8SGh2d6m3EVT9Nx4suAx9VSw8jnuJrXca9YcZ9KWhdVx4WTnhsbvE58EQ6fohiJ2hc8PTJ24PDLHVa9Q6o6EXiLRnyc2pCbKt3zFUgNB9TCx1vsXY6FE5tBHK2Qm4swiuNBJxGD44Zjms5PXWjdFu258EfGXv64bBPtA2fDtSCSpJ6Ywv4PreQVm7BKfJ1jqQBXh3nqqAx9HUBcAYcAqzm1v7XW58PL7V3kTVkiWGvSKAweQ6uHia7PgUSfJinXP4eS5AgNN6KEEdHo3EMegjsVhj7LAZdVEx5T7aRxYMDbThdnXyTsFEBwskLbhFpV2781yS3tLCssfXymF1RL5ytpGtng4ft2BGyS77GpcC8X53NDUaNPNWveH1eYYCPwx3iKSnbW2Twv2WqSTMxS8oZ3QTQv4szNk6BhACm3yKBvQmmveZgEqcRPS2GGKRQaqVii HTTP 302
  • http://skybiter.com/gw?sub=9039500101019746256-201805-f084c8c53e&source=82258&url=http%3A%2F%2Ftraffic.tc-clicks.com%2F%3Fp%3D2827%26media_type%3Dmainstream%26click_id%3Dbmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00%26sub_id%3D567_82258&vId=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&hash=642685809ea32be499&ete=true
Request Chain 7
  • https://www.facebook.com/login.php?next=https://www.facebook.com/favicon.ico?_rdr=p HTTP 302
  • https://www.facebook.com/w/
Request Chain 10
  • https://plus.google.com/up/accounts/upgrade/?continue=https://plus.google.com/favicon.ico HTTP 302
  • https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico
Request Chain 11
  • https://login.skype.com/login?message=signin_continue&redirect_uri=https://secure.skype.com/favicon.ico HTTP 302
  • https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1526321929&rver=7.0.6730.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.skype.com%252Ffavicon.ico%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en&psi=skype&lw=1&cobrandid=90010&client_flight=hsu%2CReservedFlight33%2CReservedFlight67

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
www.greatestapps.mobi/
Redirect Chain
  • http://p.skla-gr.alaw.co/
  • http://rd.rfvt.co/c/i?q=RL62gWI3opjJTPxzHEAMZjpMWOxAkrCPTVy28ytwDt2hVlPh9RJs3aIaoin8ygiFzFmah0V%2FLpNCwuRoeDt%2BgtElsMAkVRSQwB8jCf7rn2E67zEG2k4kHINx4ike%2BvK%2BL7Q4b6o%2BbUYiQ4Kl5HSuNsxHE5jP4NMvZUJ...
  • http://rd.rfvt.co/c/i?pid=0&oid=0&unum=&uname=&toPsa=1&reason=noQparamPre
  • http://mo.owmdlsur.com/t/clk?&id=66ntoLgFjxLI16Oocg&s1=313939383231353236333138313933&s2=0&s3=
  • http://168.sedapmeesiam.gold/click/mnOSlDfRGFOwcl?affid=1477&pubid=5006&c2=09608425-450e-4065-9828-4f7b8dade08c
  • http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5e9b1ae6141af6&pubid=5006
43 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5e9b1ae6141af6&pubid=5006
Protocol
HTTP/1.1
Server
52.58.209.136 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-58-209-136.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
35b1d8fbabe2ece7967f0173ab7effc0e50dbc10068ecf61f15d5634d1fb6bea

Request headers

Host
www.greatestapps.mobi
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CA25FEAF5A054CB6D34037B9304E470E

Response headers

Date
Mon, 14 May 2018 18:18:47 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
AWSALB=/ick4UN+9eOY8+EyBUSHp174RAiQVdFTiv05hY+kT/1z1LEVOZaTcf8kXtkGigwn1oJWA0U2Sgxhly0aZk/W+/MWuU4Eq0YoCnwt7cBG012VILLmyBgr/BiTCxUx; Expires=Mon, 21 May 2018 18:18:47 GMT; Path=/
Server
nginx
Referrer-Policy
no-referrer

Redirect headers

Cache-Control
no-cache, private
Cache-control
no-cache="set-cookie"
Content-Type
text/html; charset=UTF-8
Date
Mon, 14 May 2018 18:18:51 GMT
Location
http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5e9b1ae6141af6&pubid=5006
Server
nginx/1.11.6
Set-Cookie
XSRF-TOKEN=eyJpdiI6IlZ5MnQ4b0tDa2wwRWwzSzgrRlNNVnc9PSIsInZhbHVlIjoiVWhleXVucGtOdjlrVWRYSkJtOFZiU1wvOFdCZklNNDROVWFibmU2UDh1M25hbVZyT3BvTVlYZ3Vqb05GUWVlYldIQXM4ZlNOOW5BWmVxRE43VllYRFZnPT0iLCJtYWMiOiIzNzViYjYzMTM3ZGZlNjU0NmVlZGMwMjA2NjlkZjBlOGYwOThjMTQwNzdlZTQ3YzJmNzA2Y2FlOTZkZmZmZmU2In0%3D; expires=Mon, 14-May-2018 20:18:51 GMT; Max-Age=7200; path=/ session=eyJpdiI6IndHb0ZPdkJVeXhuc1V0bXZcL0RIZTBBPT0iLCJ2YWx1ZSI6IkhqdzNuWlhyYnVNVzhXRVpNMXQ1UlNJSTNLQUJqK3J0RjRSSHh4anlxRnlkWjVWM2JUVzI4Z0tkNmtwT1d5eVVOVXA3QjlJN3c4RWxackJ2cHoyTTNBPT0iLCJtYWMiOiIyN2RlY2VjYjhmMjRhYzFkOTI1NjM1ZmY5NWZjOWU4ZmU5M2Q5NmQ2NTNmYTI2ODI1NDFlZTkyN2FkYzIyNWJiIn0%3D; expires=Mon, 14-May-2018 20:18:51 GMT; Max-Age=7200; path=/; HttpOnly ept2=eyJpdiI6ImJERDNhSFpNamNMeXBiemZLZzJtSXc9PSIsInZhbHVlIjoiZUhNTDl1a0twNjNRNWg5S3lFVzBUdllrMXhWcUlMVEZaMWtjNVNNNHd3bWtWMjNBZ0trUXNySzNBTE9rYWwzb1RrZTVUblVCZkcxUmJqXC93bUdKZUFhSDBwK3pDSmJvVlZVWFwveHE1Y1Nyb3phckxnNldQR0tNWFY5RGlaUjJhZ1VEaDVcL25FSnpBK29JSXU3a3liWjI1UVoxb1h4Rzh3TXVyN3ZLNXUxcnc0dzllN2V0eWZKVWRXaU84Q0xLVFZIIiwibWFjIjoiNWVkYjcyNDllNzk0OWY4MDFhOGZkMjczZmUyYjY1OWM0YjAxOWU2NGI0ODk0NjQ0YzgwMDAwODkzZWNjZDg0ZiJ9; expires=Tue, 15-May-2018 18:18:51 GMT; Max-Age=86400; path=/; HttpOnly ICQBjlWoozjryqEuOKRaa2VPg3masaAlUFpkrIrm=eyJpdiI6Inc2QmsrMm96QW1KNkhNSndzRzRzUWc9PSIsInZhbHVlIjoiOE5qUmZaUEhnY280SnY4RVNXZ0w1NjI4dnB6NEc1V3JWSFQrUUVrMTRYY0ZTVmZrakIzZFpjRXJONzVvUEF5QzY5d1QzYVZxQ29ZMFFLT3lPRXMxWjFudDl4SDcwNkJQSGZIMzNoZGpOOEpRbDU4YVQ3bDhyMThGUTFMbGNHZWlFdU5VOUFJbklKM1haR2NaZTFGT1B5SkNWUjRoTWZqNVphUnBJRTJ1VEVrQTRHbEZzTXVjUWs2ZGFFb3dvZWtFQmlWQkJESWFqV0h3Tllmdk41cmNFSXUzMkljM2NOVkRWY3pcL3hYWVhZbWJmWlpLK2dNU3VJcFBDRlhkRE1CUkpBWEpmNmZ2MDBGbTRlem5VSkZlM3g0dVhyOEVwS3FYeVJuZnp0NVBqWUlLQVZiNGVER1wvUytTcCt0bG56YVNNSm5LWnBqazRHYjBvT0RlUkxEUHVSbWJcL2pDellheFI0MWRwWHc2RjUrMVNNOVNlR2NtTyt3bkxLU1lXNDRrVHk3R0QzanJVS3pFOHlyRXhWbTVuSzJFNGp5Z2p1QWtcL0lcLzI1TlwvZk5CbXFxelg3SWUraEtnTEtuWEFucGxkOFRCZ29ZOFBod3JtRkRJSzVvUHd2MmlRMTB4Z21FZElKczJ0MEhXazByRFB1Zm56eTV2bytlazYxckx6Z0h0RjN1Q2JuYWtMbG9wTThsU0dsd1MyRjIwNmE1Y3pSZnNJeHAyTFVlcllhUkxwVm5NRlJKNjdlektZWWZIaWNVUDlDeVlKcXBLSXlEd1Z6S3g0WlNqXC9HUWllS2JYenNEekZTOUFMcElGdlRoQTFjaVdlRVFtRzBYcTlmcW1mRE5pak5jb1wvZElGWUVqM0Q1VDFOZVdRQVNzbkh0dz09IiwibWFjIjoiM2M1YWJhMTRlOTc4ZjE3YjFmMTY2ZjEzYjBlM2VkNTY2ZmJlNmYzZjA0ZmFlMWQzYzcyZmE1YmI4Y2M1ZTkyOSJ9; expires=Mon, 14-May-2018 20:18:51 GMT; Max-Age=7200; path=/; HttpOnly AWSELB=8579EB0D143B9B0D7673809D0CD3BCF9A3732FA9A0B0CC593155EC75FE4CD4EA8900BB02A019BA532F34C4BD4D685A982B4962424261BD475383D082290399659BC1868D91;PATH=/;MAX-AGE=86400
Content-Length
14
Connection
keep-alive
642685809ea32be499
skybiter.com/l/
Redirect Chain
  • http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5e9b1ae6141af6&pubid=5006&jsed=3
  • http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258
50 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258
Requested by
Host: www.greatestapps.mobi
URL: http://www.greatestapps.mobi/?sl=963481-51260&data1=Track1&website=1477_5006&data3=PjZwiG3SoP-5af9d30aca5e9b1ae6141af6&pubid=5006
Protocol
HTTP/1.1
Server
62.212.87.142 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
acec64fc1a21273df97124257112c54fb557e35b198196e28a1f9ebcade6e5a8

Request headers

Host
skybiter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CA25FEAF5A054CB6D34037B9304E470E

Response headers

Server
nginx
Date
Mon, 14 May 2018 18:18:49 GMT
Content-Type
text/html
Last-Modified
Thu, 10 May 2018 08:32:55 GMT
Transfer-Encoding
chunked
ETag
W/"5af403b7-c914"
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control
max-age=315360000
Content-Encoding
gzip

Redirect headers

Date
Mon, 14 May 2018 18:18:49 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
AWSALB=7aIIhQaqhFhKNIqXO5u6ps1viywupIYngQ9kVsPSNESK0+sceAt/+Hd9D6769tmKH4ICJ1Buy56gtUmxWra5cm28ZBLgTJRJFbxFSQeKLrU07cqmrfqY2rC8itv5; Expires=Mon, 21 May 2018 18:18:49 GMT; Path=/ jsed=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ _ofp=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ vidf=czo2NDoiOWZmZTg1YTc5M2Y4MTM0ZTBkMThlNTYzMDUyNTRhZjkzYWYyNGEyNzA0M2Y1M2Y4YzNlZTU5MGMxZTY1N2UwYyI7; expires=Sun, 12-Aug-2018 18:18:49 GMT; Max-Age=7776000; path=/; domain=www.greatestapps.mobi vt=359189-1526321929; expires=Tue, 15-May-2018 18:18:49 GMT; Max-Age=86400; path=/; domain=greatestapps.mobi _s=963481; expires=Tue, 15-May-2018 18:18:49 GMT; Max-Age=86400; path=/; domain=greatestapps.mobi rd=YjoxOw%3D%3D; expires=Tue, 15-May-2018 18:18:49 GMT; Max-Age=86400; path=/; domain=www.greatestapps.mobi
Server
nginx
Location
http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258
Referrer-Policy
no-referrer
gw
skybiter.com/
Redirect Chain
  • http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258&code=EPZf9uCq6XVjfBBMRWEuATNLQ5dPrwBWwc6ZFe5z7qBkUJurSsqRgS5KiyqEZe5J9ZtA2Zdd9p8ftpz4EATqV9DPfANbbtdd...
  • http://skybiter.com/gw?sub=9039500101019746256-201805-f084c8c53e&source=82258&url=http%3A%2F%2Ftraffic.tc-clicks.com%2F%3Fp%3D2827%26media_type%3Dmainstream%26click_id%3Dbmconv_20180514201849_f102c...
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://skybiter.com/gw?sub=9039500101019746256-201805-f084c8c53e&source=82258&url=http%3A%2F%2Ftraffic.tc-clicks.com%2F%3Fp%3D2827%26media_type%3Dmainstream%26click_id%3Dbmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00%26sub_id%3D567_82258&vId=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&hash=642685809ea32be499&ete=true
Requested by
Host: skybiter.com
URL: http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258
Protocol
HTTP/1.1
Server
62.212.87.142 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
8a9acfd06df7aa4e0d9d29df29573d43ed7044c5d18bc000881e7a9308016052

Request headers

Host
skybiter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258
Accept-Encoding
gzip, deflate
Cookie
BSESSID=trk005b99b3-dbe4-4a73-9826-2b5e782d06a8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CA25FEAF5A054CB6D34037B9304E470E
Referer
http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258

Response headers

Server
nginx
Date
Mon, 14 May 2018 18:18:49 GMT
Content-Type
text/html
Last-Modified
Mon, 15 Jan 2018 18:02:04 GMT
Transfer-Encoding
chunked
ETag
W/"5a5cec9c-606"
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control
max-age=315360000
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Mon, 14 May 2018 18:18:49 GMT
Transfer-Encoding
chunked
Location
http://skybiter.com/gw?sub=9039500101019746256-201805-f084c8c53e&source=82258&url=http%3A%2F%2Ftraffic.tc-clicks.com%2F%3Fp%3D2827%26media_type%3Dmainstream%26click_id%3Dbmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00%26sub_id%3D567_82258&vId=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&hash=642685809ea32be499&ete=true
Cache-Control
private, max-age=0, no-cache, no-store, must-revalidate
Pragma
no-cache
Set-Cookie
BSESSID=trk005b99b3-dbe4-4a73-9826-2b5e782d06a8; Max-Age=63072000; Expires=Wed, 13 May 2020 18:18:49 GMT; Path=/
Cookie set /
traffic.tc-clicks.com/ 		947 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://traffic.tc-clicks.com/?p=2827&media_type=mainstream&click_id=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&sub_id=567_82258
Requested by
Host: skybiter.com
URL: http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258&url=http%3A%2F%2Ftraffic.tc-clicks.com%2F%3Fp%3D2827%26media_type%3Dmainstream%26click_id%3Dbmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00%26sub_id%3D567_82258&vId=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&hash=642685809ea32be499&ete=true
Protocol
HTTP/1.1
Server
54.72.97.67 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-97-67.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e24101df1d0d2ad46b1e982fa53a3984de3964f2aeddac5d675548f3704cd8f3

Request headers

Host
traffic.tc-clicks.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258&url=http%3A%2F%2Ftraffic.tc-clicks.com%2F%3Fp%3D2827%26media_type%3Dmainstream%26click_id%3Dbmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00%26sub_id%3D567_82258&vId=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&hash=642685809ea32be499&ete=true
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CA25FEAF5A054CB6D34037B9304E470E
Referer
http://skybiter.com/l/642685809ea32be499?sub=9039500101019746256-201805-f084c8c53e&source=82258&url=http%3A%2F%2Ftraffic.tc-clicks.com%2F%3Fp%3D2827%26media_type%3Dmainstream%26click_id%3Dbmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00%26sub_id%3D567_82258&vId=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&hash=642685809ea32be499&ete=true

Response headers

Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 14 May 2018 18:18:49 GMT
Expires
Mon, 14 May 2018 18:18:49 GMT
Last-Modified
Mon, 14 May 2018 18:18:49 GMT
Pragma
no-cache
Server
nginx
Set-Cookie
traffic-back=ok; expires=Mon, 14-May-2018 18:19:19 GMT; Max-Age=30; path=/; domain=traffic.tc-clicks.com traffic-visited-offers=28069%7C1526321929%7C28069%7Cunspecified; expires=Tue, 15-May-2018 18:18:49 GMT; Max-Age=86400; path=/; domain=traffic.tc-clicks.com rts-trck=1; expires=Mon, 14-May-2018 18:28:49 GMT; Max-Age=600; path=/; domain=traffic.tc-clicks.com
Vary
Accept-Encoding
X-Robots-Tag
noindex, nofollow
Content-Length
489
Connection
keep-alive
afu.php
xebadu.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xebadu.com/afu.php?zoneid=1540576&ymid=lyr7y2h5mpco4wskkw88kc04,12629615,5,2827&pid=121&var=2827&ctrack=1526321929.402534150
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_CBC
Server
31.220.24.95 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
53d77545013c9ed50e2824750c0c9f9c79e8b1ba13a2981388b88995ce6abdbe
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Host
xebadu.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://traffic.tc-clicks.com/?p=2827&media_type=mainstream&click_id=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&sub_id=567_82258
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CA25FEAF5A054CB6D34037B9304E470E
Referer
http://traffic.tc-clicks.com/?p=2827&media_type=mainstream&click_id=bmconv_20180514201849_f102c7bd_20e7_4c78_948e_62735ec44a00&sub_id=567_82258

Response headers

Server
nginx
Date
Mon, 14 May 2018 18:18:49 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
login
squareup.com/ 		0
0
login
twitter.com/ 		0
0
/
www.facebook.com/w/
Redirect Chain
  • https://www.facebook.com/login.php?next=https://www.facebook.com/favicon.ico?_rdr=p
  • https://www.facebook.com/w/
0
0
ServiceLogin
accounts.google.com/ 		0
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.google.com/favicon.ico&uilel=3&hl=en&service=mail
Requested by
Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Protocol
SPDY
Server
172.217.21.237 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f237.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://xebadu.com/afu.php?zoneid=1433141&var=1540576
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8
ServiceLogin
accounts.google.com/ 		0
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.youtube.com/favicon.ico&uilel=3&hl=en&service=youtube
Requested by
Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Protocol
SPDY
Server
172.217.21.237 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f237.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://xebadu.com/afu.php?zoneid=1433141&var=1540576
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8
ServiceLogin
accounts.google.com/
Redirect Chain
  • https://plus.google.com/up/accounts/upgrade/?continue=https://plus.google.com/favicon.ico
  • https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com...
0
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico
Requested by
Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Protocol
SPDY
Server
172.217.21.237 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f237.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://xebadu.com/afu.php?zoneid=1433141&var=1540576
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8

Redirect headers

strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
ESF
status
302
date
Mon, 14 May 2018 18:18:49 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
location
https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico
content-security-policy
script-src 'report-sample' 'nonce-yMLOI8BwO3iXtkK1N40myUi2YFg' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /_/PlusAppUi/cspreport, script-src 'nonce-yMLOI8BwO3iXtkK1N40myUi2YFg' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.googleapis.com/appsmarket/v2/installedApps/ https://s.ytimg.com https://www.googleapis.com https://support.google.com https://youtube.com https://youtube.googleapis.com;report-uri /_/PlusAppUi/cspreport
content-type
application/binary
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
0
x-xss-protection
1; mode=block
login.srf
login.live.com/
Redirect Chain
  • https://login.skype.com/login?message=signin_continue&redirect_uri=https://secure.skype.com/favicon.ico
  • https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1526321929&rver=7.0.6730.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fredirect_uri%3Dhttps%253A%252F%252Fsecur...
0
0
login
www.reddit.com/ 		0
0
login
www.tumblr.com/ 		0
0
login
www.expedia.de/user/ 		0
0
login
www.dropbox.com/ 		0
0
/
www.pinterest.com/login/ 		0
0
login
de.foursquare.com/ 		0
0
index
eu.battle.net/login/de/ 		0
0
/
store.steampowered.com/login/ 		0
0
ServiceLogin
accounts.google.com/ 		0
0
login
github.com/ 		0
0
signin
medium.com/m/ 		0
0
signin
carbonmade.com/ 		0
0
login
courses.edx.org/ 		0
0
checkcookie
slack.com/ 		0
0
login
www.khanacademy.org/ 		0
0
signin
www.paypal.com/ 		0
0
login
500px.com/ 		0
0
login
www.airbnb.com/ 		0
0
/
disqus.com/profile/login/ 		0
0
/
secure.meetup.com/login/ 		0
0
/
bitbucket.org/account/signin/ 		0
0
login
secure.indeed.com/account/ 		0
0
login
vk.com/ 		0
0
Cookie set /
xebadu.com/ 		709 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xebadu.com/?zoneid=1540576&r=%2Fmb%2Fhan%2Fdl&nojs=0&x=1600&y=1200&t=0&ix=0&fs=0&timeout=0&var=2827&ymid=lyr7y2h5mpco4wskkw88kc04%2C12629615%2C5%2C2827&pb=661eca35b8b13f57af5d01abce311d921526329129&pid=121&sp=
Requested by
Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_CBC
Server
31.220.24.95 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
454d07ad2bb070963b47fddd1f718821d909921f1f718554d14e714bf3f9456c
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Host
xebadu.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CA25FEAF5A054CB6D34037B9304E470E
Referer
https://xebadu.com/afu.php?zoneid=1433141&var=1540576

Response headers

Server
nginx
Date
Mon, 14 May 2018 18:18:49 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Set-Cookie
OACCAP=ABDGMAAAAAAAAAAB; Path=/; Expires=Wed, 13 Jun 2018 18:18:49 GMT OACBLOCK=ABDGMAAAAABa%2BdMJ; Path=/; Expires=Wed, 13 Jun 2018 18:18:49 GMT OXCCLK=ABDGMAAAAAAAAAAB; Path=/; Expires=Tue, 15 May 2018 18:18:49 GMT OXPCLK=AAD4BgAAAAAAAAAB; Path=/; Expires=Tue, 15 May 2018 18:18:49 GMT ppucnt=0; Path=/; Expires=Tue, 15 May 2018 18:18:49 GMT ppucnt=1; Path=/; Expires=Tue, 15 May 2018 18:18:49 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
Primary Request next.php
www.dexchangeinc.com/jump/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576
Requested by
Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.201.117.228 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
228.117.201.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
8ec269d7ee31fa2595cfb7443edd45ae41e74af01bfb44984c8d871d89457f2d

Request headers

:method
GET
:authority
www.dexchangeinc.com
:scheme
https
:path
/jump/next.php?r=1965419&sub1=1540576
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://xebadu.com/afu.php?zoneid=1433141&var=1540576
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CA25FEAF5A054CB6D34037B9304E470E
Referer
https://xebadu.com/afu.php?zoneid=1433141&var=1540576

Response headers

status
200
server
openresty
date
Mon, 14 May 2018 18:18:50 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
referrer-policy
no-referrer
link
<//www.dexchangeinc.com>; rel=dns-prefetch,<//www.dexchangeinc.com>; rel=preconnect
content-encoding
gzip
via
1.1 google
alt-svc
clear
next.php
www.dexchangeinc.com/jump/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dexchangeinc.com/jump/next.php?stamat=m%7C%2CUojKSo3KqB1dAN0dEdHP3xP.eaf%2CZaz_3s2fLXuxRPwiWzNnj3Zfbfw4ipVdVx-wJNojHD14z46P9WXAX8p8TJz-YyS9zxz2BM6gnIhI7eoW4eV5Bpj87c5rejqgZbpXLFCwIYg%2C&cbrandom=0.29040344148214325&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fxebadu.com%2Fafu.php%3Fzoneid%3D1433141%26var%3D1540576
Requested by
Host: www.dexchangeinc.com
URL: https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.201.117.228 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
228.117.201.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

:method
GET
:authority
www.dexchangeinc.com
:scheme
https
:path
/jump/next.php?stamat=m%7C%2CUojKSo3KqB1dAN0dEdHP3xP.eaf%2CZaz_3s2fLXuxRPwiWzNnj3Zfbfw4ipVdVx-wJNojHD14z46P9WXAX8p8TJz-YyS9zxz2BM6gnIhI7eoW4eV5Bpj87c5rejqgZbpXLFCwIYg%2C&cbrandom=0.29040344148214325&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fxebadu.com%2Fafu.php%3Fzoneid%3D1433141%26var%3D1540576
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CA25FEAF5A054CB6D34037B9304E470E

Response headers

status
204
server
openresty
date
Mon, 14 May 2018 18:18:50 GMT
referrer-policy
no-referrer
vary
Accept-Encoding
via
1.1 google
alt-svc
clear

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
squareup.com
URL
https://squareup.com/login?return_to=/favicon.ico
Domain
twitter.com
URL
https://twitter.com/login?redirect_after_login=/favicon.ico
Domain
www.facebook.com
URL
https://www.facebook.com/w/
Domain
login.live.com
URL
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1526321929&rver=7.0.6730.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.skype.com%252Ffavicon.ico%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en&psi=skype&lw=1&cobrandid=90010&client_flight=hsu%2CReservedFlight33%2CReservedFlight67
Domain
www.reddit.com
URL
https://www.reddit.com/login?dest=https://www.reddit.com/favicon.ico
Domain
www.tumblr.com
URL
https://www.tumblr.com/login?redirect_to=/favicon.ico
Domain
www.expedia.de
URL
https://www.expedia.de/user/login?ckoflag=0&selc=0&uurl=qscr=reds&rurl=%2Ffavicon.ico
Domain
www.dropbox.com
URL
https://www.dropbox.com/login?cont=https://www.dropbox.com/static/images/favicon.ico
Domain
www.pinterest.com
URL
https://www.pinterest.com/login/?next=https://www.pinterest.com/favicon.ico
Domain
de.foursquare.com
URL
https://de.foursquare.com/login?continue=/favicon.ico
Domain
eu.battle.net
URL
https://eu.battle.net/login/de/index?ref=https://eu.battle.net/favicon.ico
Domain
store.steampowered.com
URL
https://store.steampowered.com/login/?redir=favicon.ico
Domain
accounts.google.com
URL
https://accounts.google.com/ServiceLogin?service=blogger&hl=de&passive=1209600&continue=https://www.blogger.com/favicon.ico
Domain
github.com
URL
https://github.com/login?return_to=https://github.com/favicon.ico?id=1
Domain
medium.com
URL
https://medium.com/m/signin?redirect=https://medium.com/favicon.ico&loginType=default
Domain
carbonmade.com
URL
https://carbonmade.com/signin?returnTo=favicon.ico
Domain
courses.edx.org
URL
https://courses.edx.org/login?next=/favicon.ico
Domain
slack.com
URL
https://slack.com/checkcookie?redir=https://slack.com/favicon.ico
Domain
www.khanacademy.org
URL
https://www.khanacademy.org/login?continue=https://www.khanacademy.org/favicon.ico
Domain
www.paypal.com
URL
https://www.paypal.com/signin?returnUri=https://t.paypal.com/ts?v=1.0.0
Domain
500px.com
URL
https://500px.com/login?r=/favicon.ico
Domain
www.airbnb.com
URL
https://www.airbnb.com/login?redirect_params[action]=favicon.ico&redirect_params[controller]=home
Domain
disqus.com
URL
https://disqus.com/profile/login/?next=https://disqus.com/favicon.ico
Domain
secure.meetup.com
URL
https://secure.meetup.com/login/?returnUri=https://www.meetup.com/img/ajax_loader_trans.gif
Domain
bitbucket.org
URL
https://bitbucket.org/account/signin/?next=/favicon.ico
Domain
secure.indeed.com
URL
https://secure.indeed.com/account/login?continue=/favicon.ico
Domain
vk.com
URL
https://vk.com/login?u=2&to=ZmF2aWNvbi5pY28-

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| inIframe function| checkDocumentBody function| documentAsyncWriteElementFromHtml undefined| ufp function| ReopenUrlBuilder function| preppopedRedirect

3 Cookies

Domain/Path Name / Value
.traffic.tc-clicks.com/ Name: rts-trck
Value: 1
.traffic.tc-clicks.com/ Name: traffic-visited-offers
Value: 28069%7C1526321929%7C28069%7Cunspecified
.traffic.tc-clicks.com/ Name: traffic-back
Value: ok

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

168.sedapmeesiam.gold
500px.com
accounts.google.com
bitbucket.org
carbonmade.com
courses.edx.org
de.foursquare.com
disqus.com
eu.battle.net
github.com
login.live.com
medium.com
mo.owmdlsur.com
p.skla-gr.alaw.co
plus.google.com
rd.rfvt.co
secure.indeed.com
secure.meetup.com
skybiter.com
slack.com
squareup.com
store.steampowered.com
traffic.tc-clicks.com
twitter.com
vk.com
www.airbnb.com
www.dexchangeinc.com
www.dropbox.com
www.expedia.de
www.facebook.com
www.greatestapps.mobi
www.khanacademy.org
www.paypal.com
www.pinterest.com
www.reddit.com
www.tumblr.com
xebadu.com
500px.com
accounts.google.com
bitbucket.org
carbonmade.com
courses.edx.org
de.foursquare.com
disqus.com
eu.battle.net
github.com
login.live.com
medium.com
secure.indeed.com
secure.meetup.com
slack.com
squareup.com
store.steampowered.com
twitter.com
vk.com
www.airbnb.com
www.dropbox.com
www.expedia.de
www.facebook.com
www.khanacademy.org
www.paypal.com
www.pinterest.com
www.reddit.com
www.tumblr.com
104.18.53.132
104.24.116.8
172.217.21.237
172.217.21.238
31.220.24.95
35.161.197.104
35.201.117.228
52.45.80.229
52.58.209.136
54.72.97.67
62.212.87.142
35b1d8fbabe2ece7967f0173ab7effc0e50dbc10068ecf61f15d5634d1fb6bea
454d07ad2bb070963b47fddd1f718821d909921f1f718554d14e714bf3f9456c
53d77545013c9ed50e2824750c0c9f9c79e8b1ba13a2981388b88995ce6abdbe
8a9acfd06df7aa4e0d9d29df29573d43ed7044c5d18bc000881e7a9308016052
8ec269d7ee31fa2595cfb7443edd45ae41e74af01bfb44984c8d871d89457f2d
acec64fc1a21273df97124257112c54fb557e35b198196e28a1f9ebcade6e5a8
e24101df1d0d2ad46b1e982fa53a3984de3964f2aeddac5d675548f3704cd8f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855