cpi-offers.com Open in urlscan Pro
3.65.8.91  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://track.mobtraff.de/?offer_id=2971372&aff_id=1&aff_sub=checkoffer HTTP 302
   https://adsapp.gotrackier.com/click?campaign_id=103597&pub_id=99&p1=8208d9b7aa80d419e0d51f33&p2=9918f94e32751423.&p4=b3c88bfb-0658-44c5-8a75-12c0247f5cd2&p3= HTTP 302
   https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

• https://apply.g2afse.com/click?pid=3&offer_id=67915&sub1=NCT_iphone_pl_ofid9094160_pid744_sub1_sub2744_sub3adsappppre_nat1_sub4_sub5&sub4=id285755462&sub2=564310744_744 HTTP 302
• https://wmadv.go2cloud.org/aff_c?offer_id=13063043&aff_id=6266&aff_sub=6059a669a4b9770001b762e1&source=3&ios_ifa=&google_aid=&aff_sub5=id285755462&aff_sub3=id285755462

Request Chain 1

• https://cellonltd.g2afse.com/click?pid=122&offer_id=624331&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744 HTTP 302
• https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6= HTTP 302
• https://cellonltd.go2affise.com/sl?id=&pid=55&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6=

Request Chain 5

• https://apnp.trckswrm.com/click?offer_id=53999&pub_id=7&pub_id=7&pub_click_id=NCT_iphone_pl_ofid10737737_pid744_sub1_sub2744_sub3adsappppre_nat6_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285755462 HTTP 302
• https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AnW7dr8AAAF4XjINJAAA0u8AAAAHAAAAAA

Request Chain 6

• https://click.kanmobi.net/tracking/click?clickid=NCT_iphone_pl_ofid8079274_pid744_sub1_sub2744_sub3adsappppre_nat7_sub4_sub5&trafficsource=1373692397&offerid=429542000011063284&pub_subid=564310744_744&sub_placement=id285755462 HTTP 302
• https://lemmonclk.azurewebsites.net/adclick/?campaigntoken=EB47E4207579BDD5B53B84A51E2BABDE&subpubid=Ml9mZTRkMWM0ZjhmOTBiMmUwOGJlYWNjNWIwZGQwZWY0Yw==_2622164912510511232430&clickid=1616488041000T2705&idfa=

Request Chain 8

• https://adcrt.trckswrm.com/click?offer_id=115737&pub_id=9&pub_click_id=NCT_iphone_pl_ofid10772981_pid744_sub1_sub2744_sub3adsappppre_nat9_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285755462 HTTP 302
• https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid}

Request Chain 9

• https://firearc.g2afse.com/click?pid=328&offer_id=13957037&sub1=NCT_iphone_pl_ofid10602201_pid744_sub1_sub2744_sub3adsappppre_nat10_sub4_sub5&sub2=564310744_744&sub3=id285755462 HTTP 302
• https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=652&cid=&sid=328_564310744_744&udid=&name=&info=tabtofb&blockTime=0 HTTP 302
• https://adsperfection.g2afse.com/click?pid=691&offer_id=121361&ref_id=NCT_iphone_pl_ofid9604680_pid616_sub1_sub2328_564310744_744_sub3tabtofb_nat11_sub4_sub5&sub1=564310616_328_564310744_744&sub3=id1400134578&sub5=id1400134578 HTTP 302
• https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=552&info=adsperfectionppre&blockTime=0 HTTP 302
• https://click.kanmobi.net/tracking/click?clickid=NCT_iphone_pl_ofid8079274_pid616_sub1,_sub2,_sub3adsperfectionppre_nat7_sub4_sub5&trafficsource=1373692397&offerid=429542000011063284&pub_subid=564310616_,&sub_placement=id1502447854 HTTP 302
• https://lemmonclk.azurewebsites.net/adclick/?campaigntoken=EB47E4207579BDD5B53B84A51E2BABDE&subpubid=Ml9mZTRkMWM0ZjhmOTBiMmUwOGJlYWNjNWIwZGQwZWY0Yw==_2622164912510511235848&clickid=1616488042000W452&idfa=

Request Chain 12

• https://adsperfection.go2affise.com/click?pid=691&offer_id=181447&ref_id=NCT_iphone_pl_ofid10651869_pid744_sub1_sub2744_sub3adsappppre_nat13_sub4_sub5&sub1=564310744_744&sub3=id285755462&sub5=id285755462 HTTP 302
• https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=552&info=adsperfectionppre&blockTime=0 HTTP 302
• https://aptrt.trckswrm.com/click?offer_id=423&pub_id=44&pub_click_id=NCT_iphone_pl_ofid10449139_pid616_sub1,_sub2,_sub3adsperfectionppre_nat11_sub4_sub5&pub_sub_id=564310616&pub_sub_sub_id=,&app=id1389111413

Request Chain 13

• https://apnp.trckswrm.com/click?offer_id=8842&pub_id=7&pub_id=7&pub_click_id=NCT_iphone_pl_ofid9683987_pid744_sub1_sub2744_sub3adsappppre_nat14_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285755462 HTTP 302
• https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AtVYFvYAAAF4XjINNwAAIooAAAAHAAAAAA HTTP 302
• https://funimete.com/0--plmednbgasdasg?adTagId=ee795150-730c-11e8-800a-0ae8b840b174&cpm=0.05&fallbackUrl=https%3A%2F%2Fbercioles.com%2Fredirect%3Fid%3D28%26auth%3D6037b3ba2320807b900d41f05b729f40577437e1 HTTP 302
• https://bercioles.com/redirect?id=28&auth=6037b3ba2320807b900d41f05b729f40577437e1&clickid=96f47ed2-8bb1-11eb-8a14-122690171a51 HTTP 302
• https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D

Request Chain 14

• https://digitalfuture.g2afse.com/click?pid=2&offer_id=1300425&sub1=NCT_iphone_pl_ofid10280871_pid744_sub1_sub2744_sub3adsappppre_nat15_sub4_sub5&sub2=564310744_744&sub5=id285755462 HTTP 302
• https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=886&cid=&sid=2&udid=&name=&info=ElishaSL&blockTime=0 HTTP 302
• https://aptrt.trckswrm.com/click?offer_id=13653&pub_id=29&pub_id=29&pub_click_id=NCT_iphone_pl_ofid10815182_pid616_sub1_sub22_sub3ElishaSL_nat17_sub4_sub5&pub_sub_id=564310616&pub_sub_sub_id=2&app=id1197354394

Request Chain 17

• https://lambadapp.go2affise.com/click?pid=46&offer_id=3664468&sub1=NCT_iphone_pl_ofid9712289_pid744_sub1_sub2744_sub3adsappppre_nat18_sub4_sub5&sub2=564310744_744&sub3=id285755462&sub4=B2453481-1468-4E33-9D62-B735537E8BB7&sub5=B2453481-1468-4E33-9D62-B735537E8BB7 HTTP 302
• https://mobee.g2afse.com/click?pid=4&offer_id=876454 HTTP 302
• https://mobee.g2afse.com/click?pid=27&offer_id=1910753

Request Chain 18

• https://click.mnmnck.com/tracking/clicks?clickid=NCT_iphone_pl_ofid10667083_pid744_sub1_sub2744_sub3adsappppre_nat19_sub4_sub5&trafficsource=1373697408&offerid=433608797707864961&sub_placement=id285755462&pub_subid=564310744_744 HTTP 302
• https://spinx.g2afse.com/click?pid=2&offer_id=30860&sub1=Ml8xMzczNjk3NDA4&sub2=1231248131630&sub3=003_20210323082721O3150&sub4=&sub5=id285755462

Request Chain 19

• https://aver-leer.com/2Nk?pubref=NCT_iphone_pl_ofid10810504_pid744_sub1_sub2744_sub3adsappppre_nat20_sub4_sub5&pubref=NCT_iphone_pl_ofid10810504_pid744_sub1_sub2744_sub3adsappppre_nat20_sub4_sub5&affpubid=564310744&subid4=744 HTTP 302
• https://app.appsflyer.com/id905953485?af_siteid=116_564310744&pid=valuadle_int&af_click_lookback=7d&clickid=1785e320dcc6a1do2175oad32038261e2&idfa=&af_installpostback=false&subid4=744&pubref=NCT_iphone_pl_ofid10810504_pid744_sub1_sub2744_sub3adsappppre_nat20_sub4_sub5&lpid=0&tsp=8565&drc=MQ== HTTP 302
• https://apps.apple.com/US/app/id905953485?mt=8

Request Chain 20

• https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D HTTP 302
• https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7 HTTP 302
• https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D

Request Chain 21

• https://cellonltd.g2afse.com/click?pid=122&offer_id=624331&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744 HTTP 302
• https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6= HTTP 302
• https://cellonltd.go2affise.com/sl?id=&pid=55&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6=

Request Chain 22

• https://labmediasolutions.g2afse.com/click?pid=3&offer_id=150327&sub1=NCT_iphone_pl_ofid10769117_pid744_sub1_sub2744_sub3adsappppre_nat4_sub4_sub5&sub2=564310744_744&sub3=id285755462 HTTP 0
• http://labmediasolutions.g2afse.com/disabled.html

Request Chain 23

• https://track.themedia.site/click?pid=5&offer_id=58944&sub1=NCT_iphone_pl_ofid10707462_pid744_sub1_sub2744_sub3adsappppre_nat5_sub4_sub5&sub2=564310744_744&sub7=id285755462&sub8=id285755462 HTTP 0
• http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Request Chain 24

• https://apnp.trckswrm.com/click?offer_id=53999&pub_id=7&pub_id=7&pub_click_id=NCT_iphone_pl_ofid10737737_pid744_sub1_sub2744_sub3adsappppre_nat6_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285755462 HTTP 302
• https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=ArUE2ecAAAF4XjIPlgAA0u8AAAAHAAAAAA HTTP 302
• https://funimete.com/0--plmednbgasdasg?adTagId=ee795150-730c-11e8-800a-0ae8b840b174&cpm=0.05&fallbackUrl=https%3A%2F%2Fbercioles.com%2Fredirect%3Fid%3D28%26auth%3D6037b3ba2320807b900d41f05b729f40577437e1 HTTP 302
• https://bercioles.com/redirect?id=28&auth=6037b3ba2320807b900d41f05b729f40577437e1&clickid=9728fc5d-8bb1-11eb-8a14-122690171a51 HTTP 302
• https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 0
• http://tare.pro/go/216668/575137

Request Chain 25

• https://adcrt.trckswrm.com/click?offer_id=115737&pub_id=9&pub_click_id=NCT_iphone_pl_ofid10772981_pid744_sub1_sub2744_sub3adsappppre_nat9_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285755462 HTTP 302
• https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid}

Request Chain 26

• https://track.themedia.site/click?pid=5&offer_id=54569&sub1=NCT_iphone_pl_ofid10560470_pid744_sub1_sub2744_sub3adsappppre_nat11_sub4_sub5&sub2=564310744_744&sub7=id285755462&sub8=id285755462 HTTP 0
• http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Request Chain 27

• https://bondika.g2afse.com/click?pid=2&offer_id=59527&sub1=564310744&sub2=744&sub3=NCT_iphone_pl_ofid10624688_pid744_sub1_sub2744_sub3adsappppre_nat12_sub4_sub5&sub5=id285755462 HTTP 0
• http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=139&sub1=&sub2=2&sub3=564310744

Request Chain 28

• https://apnp.trckswrm.com/click?offer_id=8842&pub_id=7&pub_id=7&pub_click_id=NCT_iphone_pl_ofid9683987_pid744_sub1_sub2744_sub3adsappppre_nat14_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285755462 HTTP 302
• https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AunIwMUAAAF4XjITGgAAIooAAAAHAAAAAA HTTP 0
• http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=20&sub1=AunIwMUAAAF4XjITGgAAIooAAAAHAAAAAA&sub2=&sub3=

Request Chain 29

• https://track.themedia.site/click?pid=5&offer_id=53181&sub1=NCT_iphone_pl_ofid10544317_pid744_sub1_sub2744_sub3adsappppre_nat16_sub4_sub5&sub2=564310744_744&sub7=id285755462&sub8=id285755462 HTTP 0
• http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Request Chain 30

• https://lambadapp.go2affise.com/click?pid=46&offer_id=3664468&sub1=NCT_iphone_pl_ofid9712289_pid744_sub1_sub2744_sub3adsappppre_nat18_sub4_sub5&sub2=564310744_744&sub3=id285755462&sub4=B2453481-1468-4E33-9D62-B735537E8BB7&sub5=B2453481-1468-4E33-9D62-B735537E8BB7 HTTP 302
• https://mobee.g2afse.com/click?pid=4&offer_id=876454 HTTP 302
• https://mobee.g2afse.com/click?pid=27&offer_id=1910753 HTTP 0
• http://xml.blueparrot.media/redirect?feed=223869&auth=9tpPZk&url=http://www.google.com&subid=27_

Request Chain 31

• https://click.mnmnck.com/tracking/clicks?clickid=NCT_iphone_pl_ofid10667083_pid744_sub1_sub2744_sub3adsappppre_nat19_sub4_sub5&trafficsource=1373697408&offerid=433608797707864961&sub_placement=id285755462&pub_subid=564310744_744 HTTP 302
• https://spinx.g2afse.com/click?pid=2&offer_id=30860&sub1=Ml8xMzczNjk3NDA4&sub2=123124814030&sub3=003_20210323082723J3071&sub4=&sub5=id285755462 HTTP 0
• http://spinx.g2afse.com/disabled.html

Request Chain 32

• https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D HTTP 302
• https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7 HTTP 302
• https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 0
• http://tare.pro/go/216668/575137

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request fantastic.html Show response cpi-offers.com/ Redirect Chain http://track.mobtraff.de/?offer_id=2971372&aff_id=1&aff_sub=checkoffer https://adsapp.gotrackier.com/click?campaign_id=103597&pub_id=99&p1=8208d9b7aa80d419e0d51f33&p2=9918f94e32751423.&p4=b3c88bfb-0658-44c5-8a75-12c0247f5cd2&p3= https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0	5 KB 1 KB	184ms 60ms	Document text/html	3.65.8.91 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.65.8.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-65-8-91.eu-central-1.compute.amazonaws.com Software nginx/1.14.1 / Express Resource Hash d9ae4b0ccc5423d42795c6766d8064b2087a4dffb87bb61c1cef9d23ff89aa78 Request headers :method GET :authority cpi-offers.com :scheme https :path /fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 08:27:21 GMT content-type text/html; charset=utf-8 server nginx/1.14.1 x-powered-by Express access-control-allow-origin * etag W/"144b-8clNEunZQ4Kz1b1VvzdV/3K/3Ks" content-encoding gzip Redirect headers date Tue, 23 Mar 2021 08:27:21 GMT content-type text/html set-cookie __cfduid=d5ebb4d458d057d5c5fa0be830c875cdf1616488041; expires=Thu, 22-Apr-21 08:27:21 GMT; path=/; domain=.gotrackier.com; HttpOnly; SameSite=Lax; Secure __cf_bm=9bb57d3855bb1459c5cd3329f0b7dd9c8ddd9a96-1616488041-1800-Ae4751XFx58/xUs495Eud/d6twcSQQHrrxSvWdElpJ86kcfOaahJnaMzB7mMiNqqHmAe06BLsb6ySwHonVjPZgQ=; path=/; expires=Tue, 23-Mar-21 08:57:21 GMT; domain=.gotrackier.com; HttpOnly; Secure; SameSite=None x-err OFFER_NOT_ACTIVE location https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 x-rt 2 via 1.1 google cf-cache-status DYNAMIC cf-request-id 08ffcb23d600004a8b6c125000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2Br8LIovLl7wEwNtf1a67v2q5QuNEABjSW1f2CZ6kwI1yuSJStL5Wp%2BK4fOKYw1Lqq1vl3yI7ebr6%2FKYvZ3e%2FGIWmqrZFTNacp56jlsSs2RI7VHCJrgVwcFDBkK3qzCWyrf8%3D"}]} nel {"max_age":604800,"report_to":"cf-nel"} server cloudflare cf-ray 634647b2fe1e4a8b-FRA
GET H/1.1	404 Not Found	aff_c wmadv.go2cloud.org/ Redirect Chain https://apply.g2afse.com/click?pid=3&offer_id=67915&sub1=NCT_iphone_pl_ofid9094160_pid744_sub1_sub2744_sub3adsappppre_nat1_sub4_sub5&sub4=id285755462&sub2=564310744_744 https://wmadv.go2cloud.org/aff_c?offer_id=13063043&aff_id=6266&aff_sub=6059a669a4b9770001b762e1&source=3&ios_ifa=&google_aid=&aff_sub5=id285755462&aff_sub3=id285755462	0 0	251ms 62ms	Stylesheet text/html	52.210.174.128 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://wmadv.go2cloud.org/aff_c?offer_id=13063043&aff_id=6266&aff_sub=6059a669a4b9770001b762e1&source=3&ios_ifa=&google_aid=&aff_sub5=id285755462&aff_sub3=id285755462 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.210.174.128 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-210-174-128.eu-west-1.compute.amazonaws.com Software / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Redirect headers location https://wmadv.go2cloud.org/aff_c?offer_id=13063043&aff_id=6266&aff_sub=6059a669a4b9770001b762e1&source=3&ios_ifa=&google_aid=&aff_sub5=id285755462&aff_sub3=id285755462 date Tue, 23 Mar 2021 08:27:21 GMT server nginx content-length 0
GET H2	400	sl cellonltd.go2affise.com/ Redirect Chain https://cellonltd.g2afse.com/click?pid=122&offer_id=624331&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744 https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6= https://cellonltd.go2affise.com/sl?id=&pid=55&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6=	0 0	179ms 59ms	Stylesheet text/plain	213.227.134.238 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://cellonltd.go2affise.com/sl?id=&pid=55&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6= Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.227.134.238 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 08:27:22 GMT server nginx content-length 42 content-type text/plain; charset=utf-8 Redirect headers location https://cellonltd.go2affise.com/sl?id=&pid=55&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6= date Tue, 23 Mar 2021 08:27:21 GMT server nginx content-length 0
GET H2	200	click click.kanmobi.net/tracking/	0 80 B	145ms 52ms	Stylesheet text/plain	35.241.13.125 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://click.kanmobi.net/tracking/click?clickid=NCT_iphone_pl_ofid7968977_pid744_sub1_sub2744_sub3adsappppre_nat3_sub4_sub5&trafficsource=1373692397&offerid=429286066131035250&pub_subid=564310744_744&sub_placement=id285755462 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.241.13.125 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 125.13.241.35.bc.googleusercontent.com Software / Express Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 08:27:21 GMT via 1.1 google x-powered-by Express alt-svc clear content-length 0
GET		click labmediasolutions.g2afse.com/	0 0
GET		click track.themedia.site/	0 0
GET		hurried zappiering.com/noid/ Redirect Chain https://apnp.trckswrm.com/click?offer_id=53999&pub_id=7&pub_id=7&pub_click_id=NCT_iphone_pl_ofid10737737_pid744_sub1_sub2744_sub3adsappppre_nat6_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&ap... https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AnW7dr8AAAF4XjINJAAA0u8AAAAHAAAAAA	0 0
GET H/1.1	200 OK	/ lemmonclk.azurewebsites.net/adclick/ Redirect Chain https://click.kanmobi.net/tracking/click?clickid=NCT_iphone_pl_ofid8079274_pid744_sub1_sub2744_sub3adsappppre_nat7_sub4_sub5&trafficsource=1373692397&offerid=429542000011063284&pub_subid=564310744_... https://lemmonclk.azurewebsites.net/adclick/?campaigntoken=EB47E4207579BDD5B53B84A51E2BABDE&subpubid=Ml9mZTRkMWM0ZjhmOTBiMmUwOGJlYWNjNWIwZGQwZWY0Yw==_2622164912510511232430&clickid=1616488041000T27...	0 444 B	603ms 142ms	Stylesheet text/plain	52.177.206.73 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://lemmonclk.azurewebsites.net/adclick/?campaigntoken=EB47E4207579BDD5B53B84A51E2BABDE&subpubid=Ml9mZTRkMWM0ZjhmOTBiMmUwOGJlYWNjNWIwZGQwZWY0Yw==_2622164912510511232430&clickid=1616488041000T2705&idfa= Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.177.206.73 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 23 Mar 2021 08:27:22 GMT Server Microsoft-IIS/10.0 X-Powered-By ASP.NET Content-Length 0 Redirect headers location https://lemmonclk.azurewebsites.net/adclick/?campaigntoken=EB47E4207579BDD5B53B84A51E2BABDE&subpubid=Ml9mZTRkMWM0ZjhmOTBiMmUwOGJlYWNjNWIwZGQwZWY0Yw==_2622164912510511232430&clickid=1616488041000T2705&idfa= date Tue, 23 Mar 2021 08:27:21 GMT via 1.1 google x-powered-by Express alt-svc clear
GET H/1.1	200 OK	click apts.trckswrm.com/	0 75 B	158ms 50ms	Stylesheet text/plain	5.9.6.203 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://apts.trckswrm.com/click?offer_id=44380&pub_id=10&pub_click_id=NCT_iphone_pl_ofid10131657_pid744_sub1_sub2744_sub3adsappppre_nat8_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285755462 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 5.9.6.203 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.203.6.9.5.clients.your-server.de Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 08:27:21 GMT content-length 0
GET H/1.1	400 Bad Request	redirect mob.palmparadise.info/ Redirect Chain https://adcrt.trckswrm.com/click?offer_id=115737&pub_id=9&pub_click_id=NCT_iphone_pl_ofid10772981_pid744_sub1_sub2744_sub3adsappppre_nat9_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285... https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid}	0 0	371ms 121ms	Stylesheet text/plain	198.134.116.30 WEBAIR-INTERNET
General Check archive.org Show headers Download Go to Full URL https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid} Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.134.116.30 Grapevine, United States, ASN27257 (WEBAIR-INTERNET, US), Reverse DNS Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Mar 2021 08:27:22 GMT Cache-Control no-store Server nginx Connection keep-alive Age 0 Content-Length 38 Redirect headers location https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid} date Tue, 23 Mar 2021 08:27:21 GMT content-length 0
GET H/1.1	200 OK	/ lemmonclk.azurewebsites.net/adclick/ Redirect Chain https://firearc.g2afse.com/click?pid=328&offer_id=13957037&sub1=NCT_iphone_pl_ofid10602201_pid744_sub1_sub2744_sub3adsappppre_nat10_sub4_sub5&sub2=564310744_744&sub3=id285755462 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=652&cid=&sid=328_564310744_744&udid=&name=&info=tabtofb&blockTime=0 https://adsperfection.g2afse.com/click?pid=691&offer_id=121361&ref_id=NCT_iphone_pl_ofid9604680_pid616_sub1_sub2328_564310744_744_sub3tabtofb_nat11_sub4_sub5&sub1=564310616_328_564310744_744&sub3=i... https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=552&info=adsperfectionppre&blockTime=0 https://click.kanmobi.net/tracking/click?clickid=NCT_iphone_pl_ofid8079274_pid616_sub1,_sub2,_sub3adsperfectionppre_nat7_sub4_sub5&trafficsource=1373692397&offerid=429542000011063284&pub_subid=5643... https://lemmonclk.azurewebsites.net/adclick/?campaigntoken=EB47E4207579BDD5B53B84A51E2BABDE&subpubid=Ml9mZTRkMWM0ZjhmOTBiMmUwOGJlYWNjNWIwZGQwZWY0Yw==_2622164912510511235848&clickid=1616488042000W45...	0 444 B	385ms 142ms	Stylesheet text/plain	52.177.206.73 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://lemmonclk.azurewebsites.net/adclick/?campaigntoken=EB47E4207579BDD5B53B84A51E2BABDE&subpubid=Ml9mZTRkMWM0ZjhmOTBiMmUwOGJlYWNjNWIwZGQwZWY0Yw==_2622164912510511235848&clickid=1616488042000W452&idfa= Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.177.206.73 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 23 Mar 2021 08:27:22 GMT Server Microsoft-IIS/10.0 X-Powered-By ASP.NET Content-Length 0 Redirect headers location https://lemmonclk.azurewebsites.net/adclick/?campaigntoken=EB47E4207579BDD5B53B84A51E2BABDE&subpubid=Ml9mZTRkMWM0ZjhmOTBiMmUwOGJlYWNjNWIwZGQwZWY0Yw==_2622164912510511235848&clickid=1616488042000W452&idfa= date Tue, 23 Mar 2021 08:27:22 GMT via 1.1 google x-powered-by Express alt-svc clear
GET		click track.themedia.site/	0 0
GET		click bondika.g2afse.com/	0 0
GET H/1.1	200 OK	click aptrt.trckswrm.com/ Redirect Chain https://adsperfection.go2affise.com/click?pid=691&offer_id=181447&ref_id=NCT_iphone_pl_ofid10651869_pid744_sub1_sub2744_sub3adsappppre_nat13_sub4_sub5&sub1=564310744_744&sub3=id285755462&sub5=id285... https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=552&info=adsperfectionppre&blockTime=0 https://aptrt.trckswrm.com/click?offer_id=423&pub_id=44&pub_click_id=NCT_iphone_pl_ofid10449139_pid616_sub1,_sub2,_sub3adsperfectionppre_nat11_sub4_sub5&pub_sub_id=564310616&pub_sub_sub_id=,&app=id...	0 75 B	51ms 50ms	Stylesheet text/plain	148.251.132.216 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://aptrt.trckswrm.com/click?offer_id=423&pub_id=44&pub_click_id=NCT_iphone_pl_ofid10449139_pid616_sub1,_sub2,_sub3adsperfectionppre_nat11_sub4_sub5&pub_sub_id=564310616&pub_sub_sub_id=,&app=id1389111413 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.251.132.216 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.216.132.251.148.clients.your-server.de Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 08:27:21 GMT content-length 0 Redirect headers date Tue, 23 Mar 2021 08:27:21 GMT server nginx/1.14.1 location https://aptrt.trckswrm.com/click?offer_id=423&pub_id=44&pub_click_id=NCT_iphone_pl_ofid10449139_pid616_sub1,_sub2,_sub3adsperfectionppre_nat11_sub4_sub5&pub_sub_id=564310616&pub_sub_sub_id=,&app=id1389111413 x-powered-by Express vary Accept content-type text/plain; charset=utf-8 access-control-allow-origin * content-length 229
GET		slope poqueras.com/noid/ Redirect Chain https://apnp.trckswrm.com/click?offer_id=8842&pub_id=7&pub_id=7&pub_click_id=NCT_iphone_pl_ofid9683987_pid744_sub1_sub2744_sub3adsappppre_nat14_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app... https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AtVYFvYAAAF4XjINNwAAIooAAAAHAAAAAA https://funimete.com/0--plmednbgasdasg?adTagId=ee795150-730c-11e8-800a-0ae8b840b174&cpm=0.05&fallbackUrl=https%3A%2F%2Fbercioles.com%2Fredirect%3Fid%3D28%26auth%3D6037b3ba2320807b900d41f05b729f4057... https://bercioles.com/redirect?id=28&auth=6037b3ba2320807b900d41f05b729f40577437e1&clickid=96f47ed2-8bb1-11eb-8a14-122690171a51 https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D	0 0
GET H/1.1	200 OK	click aptrt.trckswrm.com/ Redirect Chain https://digitalfuture.g2afse.com/click?pid=2&offer_id=1300425&sub1=NCT_iphone_pl_ofid10280871_pid744_sub1_sub2744_sub3adsappppre_nat15_sub4_sub5&sub2=564310744_744&sub5=id285755462 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=886&cid=&sid=2&udid=&name=&info=ElishaSL&blockTime=0 https://aptrt.trckswrm.com/click?offer_id=13653&pub_id=29&pub_id=29&pub_click_id=NCT_iphone_pl_ofid10815182_pid616_sub1_sub22_sub3ElishaSL_nat17_sub4_sub5&pub_sub_id=564310616&pub_sub_sub_id=2&app=...	0 75 B	95ms 50ms	Stylesheet text/plain	148.251.132.216 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://aptrt.trckswrm.com/click?offer_id=13653&pub_id=29&pub_id=29&pub_click_id=NCT_iphone_pl_ofid10815182_pid616_sub1_sub22_sub3ElishaSL_nat17_sub4_sub5&pub_sub_id=564310616&pub_sub_sub_id=2&app=id1197354394 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.251.132.216 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.216.132.251.148.clients.your-server.de Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 08:27:21 GMT content-length 0 Redirect headers date Tue, 23 Mar 2021 08:27:21 GMT server nginx/1.14.1 location https://aptrt.trckswrm.com/click?offer_id=13653&pub_id=29&pub_id=29&pub_click_id=NCT_iphone_pl_ofid10815182_pid616_sub1_sub22_sub3ElishaSL_nat17_sub4_sub5&pub_sub_id=564310616&pub_sub_sub_id=2&app=id1197354394 x-powered-by Express vary Accept content-type text/plain; charset=utf-8 access-control-allow-origin * content-length 231
GET		click track.themedia.site/	0 0
GET H/1.1	200 OK	click aptrt.trckswrm.com/	0 75 B	156ms 50ms	Stylesheet text/plain	148.251.132.216 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://aptrt.trckswrm.com/click?offer_id=13653&pub_id=44&pub_click_id=NCT_iphone_pl_ofid10815499_pid744_sub1_sub2744_sub3adsappppre_nat17_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285755462 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.251.132.216 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.216.132.251.148.clients.your-server.de Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 08:27:21 GMT content-length 0
GET		click mobee.g2afse.com/ Redirect Chain https://lambadapp.go2affise.com/click?pid=46&offer_id=3664468&sub1=NCT_iphone_pl_ofid9712289_pid744_sub1_sub2744_sub3adsappppre_nat18_sub4_sub5&sub2=564310744_744&sub3=id285755462&sub4=B2453481-146... https://mobee.g2afse.com/click?pid=4&offer_id=876454 https://mobee.g2afse.com/click?pid=27&offer_id=1910753	0 0
GET		click spinx.g2afse.com/ Redirect Chain https://click.mnmnck.com/tracking/clicks?clickid=NCT_iphone_pl_ofid10667083_pid744_sub1_sub2744_sub3adsappppre_nat19_sub4_sub5&trafficsource=1373697408&offerid=433608797707864961&sub_placement=id28... https://spinx.g2afse.com/click?pid=2&offer_id=30860&sub1=Ml8xMzczNjk3NDA4&sub2=1231248131630&sub3=003_20210323082721O3150&sub4=&sub5=id285755462	0 0
GET H2	200	id905953485 apps.apple.com/US/app/ Redirect Chain https://aver-leer.com/2Nk?pubref=NCT_iphone_pl_ofid10810504_pid744_sub1_sub2744_sub3adsappppre_nat20_sub4_sub5&pubref=NCT_iphone_pl_ofid10810504_pid744_sub1_sub2744_sub3adsappppre_nat20_sub4_sub5&a... https://app.appsflyer.com/id905953485?af_siteid=116_564310744&pid=valuadle_int&af_click_lookback=7d&clickid=1785e320dcc6a1do2175oad32038261e2&idfa=&af_installpostback=false&subid4=744&pubref=NCT_ip... https://apps.apple.com/US/app/id905953485?mt=8	0 0	1069ms 955ms	Stylesheet text/html	2a02:26f0:7100:3a3::2a1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://apps.apple.com/US/app/id905953485?mt=8 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100:3a3::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin * Redirect headers date Tue, 23 Mar 2021 08:27:22 GMT via 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront) server http-kit x-amz-cf-pop DUS51-C1 strict-transport-security max-age=31536000; includeSubDomains x-cache Miss from cloudfront content-type application/octet-stream location https://apps.apple.com/US/app/id905953485?mt=8 content-length 0 x-amz-cf-id STElAAm3VP1zAIxCe9m-xUcwdZaDCx-b-DfpBCJ502fMs0ufy3e5tw==
GET		slope poqueras.com/noid/ Redirect Chain https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7 https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D	0 0
GET H2	400	sl cellonltd.go2affise.com/ Redirect Chain https://cellonltd.g2afse.com/click?pid=122&offer_id=624331&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744 https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6= https://cellonltd.go2affise.com/sl?id=&pid=55&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6=	0 0	58ms 57ms	Stylesheet text/plain	213.227.134.238 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://cellonltd.go2affise.com/sl?id=&pid=55&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6= Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.227.134.238 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 08:27:22 GMT server nginx content-length 42 content-type text/plain; charset=utf-8 Redirect headers location https://cellonltd.go2affise.com/sl?id=&pid=55&sub1=NCT_iphone_pl_ofid10090519_pid744_sub1_sub2744_sub3adsappppre_nat2_sub4_sub5&sub2=564310744_744&sub3=&sub4=&sub5=&sub6= date Tue, 23 Mar 2021 08:27:22 GMT server nginx content-length 0
GET		disabled.html labmediasolutions.g2afse.com/ Redirect Chain https://labmediasolutions.g2afse.com/click?pid=3&offer_id=150327&sub1=NCT_iphone_pl_ofid10769117_pid744_sub1_sub2744_sub3adsappppre_nat4_sub4_sub5&sub2=564310744_744&sub3=id285755462 http://labmediasolutions.g2afse.com/disabled.html	0 0
GET		sl zorkamarket.g2afse.com/ Redirect Chain https://track.themedia.site/click?pid=5&offer_id=58944&sub1=NCT_iphone_pl_ofid10707462_pid744_sub1_sub2744_sub3adsappppre_nat5_sub4_sub5&sub2=564310744_744&sub7=id285755462&sub8=id285755462 http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215	0 0
GET		575137 tare.pro/go/216668/ Redirect Chain https://apnp.trckswrm.com/click?offer_id=53999&pub_id=7&pub_id=7&pub_click_id=NCT_iphone_pl_ofid10737737_pid744_sub1_sub2744_sub3adsappppre_nat6_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&ap... https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=ArUE2ecAAAF4XjIPlgAA0u8AAAAHAAAAAA https://funimete.com/0--plmednbgasdasg?adTagId=ee795150-730c-11e8-800a-0ae8b840b174&cpm=0.05&fallbackUrl=https%3A%2F%2Fbercioles.com%2Fredirect%3Fid%3D28%26auth%3D6037b3ba2320807b900d41f05b729f4057... https://bercioles.com/redirect?id=28&auth=6037b3ba2320807b900d41f05b729f40577437e1&clickid=9728fc5d-8bb1-11eb-8a14-122690171a51 https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D http://tare.pro/go/216668/575137	0 0
GET H/1.1	400 Bad Request	redirect mob.palmparadise.info/ Redirect Chain https://adcrt.trckswrm.com/click?offer_id=115737&pub_id=9&pub_click_id=NCT_iphone_pl_ofid10772981_pid744_sub1_sub2744_sub3adsappppre_nat9_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app=id285... https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid}	0 0	121ms 121ms	Stylesheet text/plain	198.134.116.30 WEBAIR-INTERNET
General Check archive.org Show headers Download Go to Full URL https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid} Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=744&cid=&sid={pid}&udid=&name=&info=adsappppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.134.116.30 Grapevine, United States, ASN27257 (WEBAIR-INTERNET, US), Reverse DNS Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Mar 2021 08:27:23 GMT Cache-Control no-store Server nginx Connection keep-alive Age 0 Content-Length 38 Redirect headers location https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid} date Tue, 23 Mar 2021 08:27:22 GMT content-length 0
GET		sl zorkamarket.g2afse.com/ Redirect Chain https://track.themedia.site/click?pid=5&offer_id=54569&sub1=NCT_iphone_pl_ofid10560470_pid744_sub1_sub2744_sub3adsappppre_nat11_sub4_sub5&sub2=564310744_744&sub7=id285755462&sub8=id285755462 http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215	0 0
GET		sl tracking.armorads.com/ Redirect Chain https://bondika.g2afse.com/click?pid=2&offer_id=59527&sub1=564310744&sub2=744&sub3=NCT_iphone_pl_ofid10624688_pid744_sub1_sub2744_sub3adsappppre_nat12_sub4_sub5&sub5=id285755462 http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=139&sub1=&sub2=2&sub3=564310744	0 0
GET		sl tracking.armorads.com/ Redirect Chain https://apnp.trckswrm.com/click?offer_id=8842&pub_id=7&pub_id=7&pub_click_id=NCT_iphone_pl_ofid9683987_pid744_sub1_sub2744_sub3adsappppre_nat14_sub4_sub5&pub_sub_id=564310744&pub_sub_sub_id=744&app... https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AunIwMUAAAF4XjITGgAAIooAAAAHAAAAAA http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=20&sub1=AunIwMUAAAF4XjITGgAAIooAAAAHAAAAAA&sub2=&sub3=	0 0
GET		sl zorkamarket.g2afse.com/ Redirect Chain https://track.themedia.site/click?pid=5&offer_id=53181&sub1=NCT_iphone_pl_ofid10544317_pid744_sub1_sub2744_sub3adsappppre_nat16_sub4_sub5&sub2=564310744_744&sub7=id285755462&sub8=id285755462 http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215	0 0
GET		redirect xml.blueparrot.media/ Redirect Chain https://lambadapp.go2affise.com/click?pid=46&offer_id=3664468&sub1=NCT_iphone_pl_ofid9712289_pid744_sub1_sub2744_sub3adsappppre_nat18_sub4_sub5&sub2=564310744_744&sub3=id285755462&sub4=B2453481-146... https://mobee.g2afse.com/click?pid=4&offer_id=876454 https://mobee.g2afse.com/click?pid=27&offer_id=1910753 http://xml.blueparrot.media/redirect?feed=223869&auth=9tpPZk&url=http://www.google.com&subid=27_	0 0
GET		disabled.html spinx.g2afse.com/ Redirect Chain https://click.mnmnck.com/tracking/clicks?clickid=NCT_iphone_pl_ofid10667083_pid744_sub1_sub2744_sub3adsappppre_nat19_sub4_sub5&trafficsource=1373697408&offerid=433608797707864961&sub_placement=id28... https://spinx.g2afse.com/click?pid=2&offer_id=30860&sub1=Ml8xMzczNjk3NDA4&sub2=123124814030&sub3=003_20210323082723J3071&sub4=&sub5=id285755462 http://spinx.g2afse.com/disabled.html	0 0
GET		575137 tare.pro/go/216668/ Redirect Chain https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7 https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D http://tare.pro/go/216668/575137	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

labmediasolutions.g2afse.com

URL

https://labmediasolutions.g2afse.com/click?pid=3&offer_id=150327&sub1=NCT_iphone_pl_ofid10769117_pid744_sub1_sub2744_sub3adsappppre_nat4_sub4_sub5&sub2=564310744_744&sub3=id285755462

Domain

track.themedia.site

URL

https://track.themedia.site/click?pid=5&offer_id=58944&sub1=NCT_iphone_pl_ofid10707462_pid744_sub1_sub2744_sub3adsappppre_nat5_sub4_sub5&sub2=564310744_744&sub7=id285755462&sub8=id285755462

Domain

zappiering.com

URL

https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AnW7dr8AAAF4XjINJAAA0u8AAAAHAAAAAA

Domain

track.themedia.site

URL

https://track.themedia.site/click?pid=5&offer_id=54569&sub1=NCT_iphone_pl_ofid10560470_pid744_sub1_sub2744_sub3adsappppre_nat11_sub4_sub5&sub2=564310744_744&sub7=id285755462&sub8=id285755462

Domain

bondika.g2afse.com

URL

https://bondika.g2afse.com/click?pid=2&offer_id=59527&sub1=564310744&sub2=744&sub3=NCT_iphone_pl_ofid10624688_pid744_sub1_sub2744_sub3adsappppre_nat12_sub4_sub5&sub5=id285755462

Domain

poqueras.com

URL

https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D

Domain

track.themedia.site

URL

https://track.themedia.site/click?pid=5&offer_id=53181&sub1=NCT_iphone_pl_ofid10544317_pid744_sub1_sub2744_sub3adsappppre_nat16_sub4_sub5&sub2=564310744_744&sub7=id285755462&sub8=id285755462

Domain

mobee.g2afse.com

URL

https://mobee.g2afse.com/click?pid=27&offer_id=1910753

Domain

spinx.g2afse.com

URL

https://spinx.g2afse.com/click?pid=2&offer_id=30860&sub1=Ml8xMzczNjk3NDA4&sub2=1231248131630&sub3=003_20210323082721O3150&sub4=&sub5=id285755462

Domain

poqueras.com

URL

https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D

Domain

labmediasolutions.g2afse.com

URL

http://labmediasolutions.g2afse.com/disabled.html

Domain

zorkamarket.g2afse.com

URL

http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Domain

tare.pro

URL

http://tare.pro/go/216668/575137

Domain

zorkamarket.g2afse.com

URL

http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Domain

tracking.armorads.com

URL

http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=139&sub1=&sub2=2&sub3=564310744

Domain

tracking.armorads.com

URL

http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=20&sub1=AunIwMUAAAF4XjITGgAAIooAAAAHAAAAAA&sub2=&sub3=

Domain

zorkamarket.g2afse.com

URL

http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Domain

xml.blueparrot.media

URL

http://xml.blueparrot.media/redirect?feed=223869&auth=9tpPZk&url=http://www.google.com&subid=27_

Domain

spinx.g2afse.com

URL

http://spinx.g2afse.com/disabled.html

Domain

tare.pro

URL

http://tare.pro/go/216668/575137

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adcrt.trckswrm.com
adsapp.gotrackier.com
adsperfection.g2afse.com
adsperfection.go2affise.com
app.appsflyer.com
apply.g2afse.com
apps.apple.com
aptrt.trckswrm.com
apts.trckswrm.com
aver-leer.com
bondika.g2afse.com
cellonltd.g2afse.com
cellonltd.go2affise.com
click.kanmobi.net
cpi-offers.com
digitalfuture.g2afse.com
firearc.g2afse.com
labmediasolutions.g2afse.com
lemmonclk.azurewebsites.net
mob.palmparadise.info
mobee.g2afse.com
poqueras.com
spinx.g2afse.com
tare.pro
track.mobtraff.de
track.themedia.site
tracking.armorads.com
wmadv.go2cloud.org
xml.blueparrot.media
zappiering.com
zorkamarket.g2afse.com
bondika.g2afse.com
labmediasolutions.g2afse.com
mobee.g2afse.com
poqueras.com
spinx.g2afse.com
tare.pro
track.themedia.site
tracking.armorads.com
xml.blueparrot.media
zappiering.com
zorkamarket.g2afse.com
107.178.241.150
13.226.134.232
148.251.132.216
198.134.116.30
213.227.134.196
213.227.134.200
213.227.134.236
213.227.134.238
213.227.135.207
213.227.156.19
2606:4700:3039::6815:c016
2a02:26f0:7100:3a3::2a1
3.65.8.91
35.241.13.125
46.4.30.210
5.9.6.203
52.177.206.73
52.210.174.128
d9ae4b0ccc5423d42795c6766d8064b2087a4dffb87bb61c1cef9d23ff89aa78
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855