urlscan.io logo urlscan.io
SecurityTrails logo

ynnus4.life Open in urlscan Pro
95.216.29.188  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&plac...
Effective URL: https://ynnus4.life/click.php?key=35bdl1q2vi01eaz5fgg4&clickid=utm_source=557030_3k4fcald&utm_medium=yeesshh&utm_con...
Submission: On May 11 via api from US — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 6 countries across 11 domains to perform 7 HTTP transactions. The main IP is 95.216.29.188, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is ynnus4.life. The Cisco Umbrella rank of the primary domain is 507611.
TLS certificate: Issued by R3 on April 4th 2024. Valid for: 3 months.
This is the only time ynnus4.life was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 51.68.85.158 16276 (OVH)
4 4 104.26.6.190 13335 (CLOUDFLAR...)
1 1 34.91.234.242 396982 (GOOGLE-CL...)
1 188.114.96.3 13335 (CLOUDFLAR...)
1 1 188.114.97.3 13335 (CLOUDFLAR...)
1 3 188.114.96.9 13335 (CLOUDFLAR...)
1 172.67.137.17 13335 (CLOUDFLAR...)
1 172.67.185.188 13335 (CLOUDFLAR...)
1 1 51.161.115.163 16276 (OVH)
1 1 2604:9e00:1:1... 27257 (WEBAIR-IN...)
2 95.216.29.188 24940 (HETZNER-AS)
7 5
3    51.68.85.158 (United Kingdom)

ASN16276 (OVH, FR)
trimbuilder.foundation
4    104.26.6.190 (None, )

ASN13335 (CLOUDFLARENET, US)
admoustache.aftrad-visit.com
armorads.aftrad-visit.com
dolpusads.aftrad-visit.com
1    34.91.234.242 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 242.234.91.34.bc.googleusercontent.com
harrenmedia.g2afse.com
1    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
manuqas.com
1    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
sylvinanorrey.com
3    188.114.96.9 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
trk118.zzzperform.com
1    172.67.137.17 (United States)

ASN13335 (CLOUDFLARENET, US)
applinker.store
1    172.67.185.188 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
1    51.161.115.163 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net
t1.blowingwnd.com
1    2604:9e00:1:129::2:b2a (United States)

ASN27257 (WEBAIR-INTERNET, US)
go.savethereef.xyz
2    95.216.29.188 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.188.29.216.95.clients.your-server.de
ynnus4.life
Apex Domain
Subdomains		 Transfer
4 aftrad-visit.com
admoustache.aftrad-visit.com
armorads.aftrad-visit.com
dolpusads.aftrad-visit.com
2 KB
3 zzzperform.com
trk118.zzzperform.com
14 KB
3 trimbuilder.foundation
trimbuilder.foundation
1 KB
2 ynnus4.life
ynnus4.life — Cisco Umbrella Rank: 507611
2 KB
1 savethereef.xyz
go.savethereef.xyz — Cisco Umbrella Rank: 397502
514 B
1 blowingwnd.com
t1.blowingwnd.com — Cisco Umbrella Rank: 563739
485 B
1 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 587636
1014 B
1 applinker.store
applinker.store — Cisco Umbrella Rank: 708176
984 B
1 sylvinanorrey.com
sylvinanorrey.com
590 B
1 manuqas.com
manuqas.com — Cisco Umbrella Rank: 207428
1 KB
1 g2afse.com
harrenmedia.g2afse.com
318 B
7 11
Domain Requested by
3 trk118.zzzperform.com 1 redirects manuqas.com
3 trimbuilder.foundation 3 redirects
2 ynnus4.life applinker.store
2 admoustache.aftrad-visit.com 2 redirects
1 go.savethereef.xyz 1 redirects
1 t1.blowingwnd.com 1 redirects
1 cdn.addlnk.com applinker.store
1 applinker.store trk118.zzzperform.com
1 sylvinanorrey.com 1 redirects
1 manuqas.com
1 dolpusads.aftrad-visit.com 1 redirects
1 armorads.aftrad-visit.com 1 redirects
1 harrenmedia.g2afse.com 1 redirects
7 13

This site contains no links.

Subject Issuer Validity Valid
manuqas.com
GTS CA 1P5		 2024-04-02 -
2024-07-01		 3 months crt.sh
zzzperform.com
GTS CA 1P5		 2024-03-16 -
2024-06-14		 3 months crt.sh
applinker.store
GTS CA 1P5		 2024-04-03 -
2024-07-02		 3 months crt.sh
addlnk.com
GTS CA 1P5		 2024-04-03 -
2024-07-02		 3 months crt.sh
ynnus4.life
R3		 2024-04-04 -
2024-07-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ynnus4.life/click.php?key=35bdl1q2vi01eaz5fgg4&clickid=utm_source=557030_3k4fcald&utm_medium=yeesshh&utm_content=6201496&utm_campaign=2747676&utm_conversion=o*L5YO6NRr4&bid=0.00001&source=557030.3k4fcald&pubfeed=557030&country=fr
Frame ID: 89CE2D49D8A9037F88B5E793971E3862
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Age confirmation

Page URL History Show full URLs

  1. http://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website... HTTP 307
    https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website... HTTP 302
    https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000f... HTTP 307
    https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website... HTTP 302
    https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=310005... HTTP 302
    https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=34&network_id=1&click_id=201JUjs... HTTP 307
    https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website... HTTP 302
    https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=310002... HTTP 302
    https://harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=88&sub1=201GQN4KVTvAwCH9osgR9fM951fkwiVwf... HTTP 302
    https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=663fe2... HTTP 301
    https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=663fe2... HTTP 302
    https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D Page URL
  2. https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false HTTP 302
    https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false Page URL
  3. https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false&code=52Y3VvBDU8Nzw8Pz... HTTP 302
    https://trk118.zzzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fapplinker.store%2Frc%2F3d8a3d97e5... Page URL
  4. https://applinker.store/rc/3d8a3d97e5?affclick=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66... Page URL
  5. https://t1.blowingwnd.com/d.php?p=c%3As_8942pggbfij953c&d1=557030&d=631f396258fd6b044f727c62&pid=pubc1... HTTP 302
    https://go.savethereef.xyz/redirect?feed=557030&url=t1.blowingwnd.com&subid=3k4fcald&query=&pub_clickid... HTTP 302
    https://ynnus4.life/click.php?key=35bdl1q2vi01eaz5fgg4&clickid=utm_source=557030_3k4fcald&utm_me... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

7
Requests

100 %
HTTPS

9 %
IPv6

11
Domains

13
Subdomains

5
IPs

6
Countries

18 kB
Transfer

43 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1 HTTP 307
    https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1 HTTP 302
    https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000f230554cc75ead19eaad21a32491160b0511-202405-flb*5768231-bead7*m7367469419334729814*sl_5768231-bead7*904330955bfb970e3f5e3b4075998606b8f2945b*22040-b30cf673*22040 HTTP 307
    https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1 HTTP 302
    https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000580cb35d6cd4ce45e8c5a9b3053b59c50511-202405-flb*5768231-bead7*m7367469419334729814*sl_5768231-bead7*904330955bfb970e3f5e3b4075998606b8f2945b*22040-b30cf673*22040 HTTP 302
    https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=34&network_id=1&click_id=201JUjsjjkojqWxfyjVBhQcSe1CJr1JhQemopuX6CLe7nwAeLDj1HDbjwYJTW6e8gi1CBK&source= HTTP 307
    https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1 HTTP 302
    https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000279803c0f707813a67c30d69cc649f260511-202405-flb*5768231-bead7*m7367469419334729814*sl_5768231-bead7*904330955bfb970e3f5e3b4075998606b8f2945b*22040-b30cf673*22040 HTTP 302
    https://harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=88&sub1=201GQN4KVTvAwCH9osgR9fM951fkwiVwfGnJiMcfPCc5zkyGbrawaNqMnzhjsBDZQauenV&sub2=1B7fmUHKE HTTP 302
    https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=663fe230fe6ae40001a075dc&source=88&sub_source= HTTP 301
    https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=663fe230fe6ae40001a075dc&source=88&sub_source= HTTP 302
    https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D Page URL
  2. https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false HTTP 302
    https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false Page URL
  3. https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false&code=52Y3VvBDU8Nzw8PzxCPEI.RUURhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2np0FydHN0Rae.SXqAe3xNr7dRgjIxMgN4fwc0OTs6C26Cd3MREXV.eRZHF3uEfRxMHY2RjpUjI5qTiihvmJmSmJJOeJ6UYDOcqJyaOa2ssKE9pLGtQqiksLirR72qS5i7x7e7vLIvNjAzJC1dcHZteYJ-LVxjMEJCQURQNm6Bh1BPVz2WVVRKQmSUlZKMf46MdpWhXWRjaGBmalVegoCNh4doXaqoq6ZiiqmosbZxaY2zvry7tH.CMjUwMzI1NDcoXGtxbX93PkVESUFHSxZ4jhpSG4CKH1cgglZWJVVWWFhZWiuNYWIwYGEyppo2Zmdoajqhoj5vcHBBpauoRndHrrXATLKuusK1UWNpbwQ1NjcHdHdxDD09Pj8QhIaFexZHSElKS0xMHY2Sg5GXJCSVmIubnowsXl1eYmBiYmo0mqyjpjptbjyvo6VBqba3tLiAdne2q7nBvq-CfrRvbjEDdmdpagk6Oj1BPj9EQxF1gYiFFxePh4ccHJSFi5Yia5GYipJHcZeNWSyQkpYxYmNkZWZnaGlpamttbm9wcXJzdHV2d3h5ent8fX5-gIGBMTIzNDU2Nzg5Ojs7PT4-QEFCQ0RFRkdISUpLTE1NTh.DipckVVZXV1laW1xdXl9gYWJjZGRmZmhpamtsPLSzs0G4cHN-vHSgfp.ghsN7wIO.v25vPXoycTp1dnd4RoM7gkWFTIlBWWCDT24ZhYeKhB.Ejk53dl.KlCeanZ4sYV0um5GgMzOcoak4aDmorz1ub29wcnJzdXZGvqxKe3x8r4BPs8N4AlJHSiVccG2Ab32IdnyDdYOAdIBChnt.RpCEgZSDkVtkipWTkotHeG1wS4KWk6aVo66coqmbqaaapmisoaRstqqnuqm3gYqwu7m4tcK7b6CVRiFYbGl8a3mEcnh-cX98cHw.gnd6QoyAfZB-jVdqh4KSkJWSiplGbIyQj0t8cXRPhpqXqpmnsqCmrZ.tqp6qbLClqHC6rqu.rbuForGvmbjEcWJ2a294Mm91KFlOUYh2fIN1g4B0gEKGe35GkISBlIORIJSFhyVXWiebmY4sXmEuk6CjM2Q0o5mbOWpqO6mxrkBxdg__&_tdf=18 HTTP 302
    https://trk118.zzzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fapplinker.store%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad%26pubid%3D579_65798hgddtt&vId=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&hash=12951695aa65a83b3992&ete=true Page URL
  4. https://applinker.store/rc/3d8a3d97e5?affclick=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&pubid=579_65798hgddtt Page URL
  5. https://t1.blowingwnd.com/d.php?p=c%3As_8942pggbfij953c&d1=557030&d=631f396258fd6b044f727c62&pid=pubc152775f606642eb9752ec84db5b6cc5&s=3k4fcald HTTP 302
    https://go.savethereef.xyz/redirect?feed=557030&url=t1.blowingwnd.com&subid=3k4fcald&query=&pub_clickid=663fe23193e75e2a5a6a84f4&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP 302
    https://ynnus4.life/click.php?key=35bdl1q2vi01eaz5fgg4&clickid=utm_source=557030_3k4fcald&utm_medium=yeesshh&utm_content=6201496&utm_campaign=2747676&utm_conversion=o*L5YO6NRr4&bid=0.00001&source=557030.3k4fcald&pubfeed=557030&country=fr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1 HTTP 307
  • https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1 HTTP 302
  • https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000f230554cc75ead19eaad21a32491160b0511-202405-flb*5768231-bead7*m7367469419334729814*sl_5768231-bead7*904330955bfb970e3f5e3b4075998606b8f2945b*22040-b30cf673*22040 HTTP 307
  • https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1 HTTP 302
  • https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000580cb35d6cd4ce45e8c5a9b3053b59c50511-202405-flb*5768231-bead7*m7367469419334729814*sl_5768231-bead7*904330955bfb970e3f5e3b4075998606b8f2945b*22040-b30cf673*22040 HTTP 302
  • https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=34&network_id=1&click_id=201JUjsjjkojqWxfyjVBhQcSe1CJr1JhQemopuX6CLe7nwAeLDj1HDbjwYJTW6e8gi1CBK&source= HTTP 307
  • https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1 HTTP 302
  • https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000279803c0f707813a67c30d69cc649f260511-202405-flb*5768231-bead7*m7367469419334729814*sl_5768231-bead7*904330955bfb970e3f5e3b4075998606b8f2945b*22040-b30cf673*22040 HTTP 302
  • https://harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=88&sub1=201GQN4KVTvAwCH9osgR9fM951fkwiVwfGnJiMcfPCc5zkyGbrawaNqMnzhjsBDZQauenV&sub2=1B7fmUHKE HTTP 302
  • https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=663fe230fe6ae40001a075dc&source=88&sub_source= HTTP 301
  • https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=663fe230fe6ae40001a075dc&source=88&sub_source= HTTP 302
  • https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
Request Chain 1
  • https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false HTTP 302
  • https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false
Request Chain 2
  • https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false&code=52Y3VvBDU8Nzw8PzxCPEI.RUURhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2np0FydHN0Rae.SXqAe3xNr7dRgjIxMgN4fwc0OTs6C26Cd3MREXV.eRZHF3uEfRxMHY2RjpUjI5qTiihvmJmSmJJOeJ6UYDOcqJyaOa2ssKE9pLGtQqiksLirR72qS5i7x7e7vLIvNjAzJC1dcHZteYJ-LVxjMEJCQURQNm6Bh1BPVz2WVVRKQmSUlZKMf46MdpWhXWRjaGBmalVegoCNh4doXaqoq6ZiiqmosbZxaY2zvry7tH.CMjUwMzI1NDcoXGtxbX93PkVESUFHSxZ4jhpSG4CKH1cgglZWJVVWWFhZWiuNYWIwYGEyppo2Zmdoajqhoj5vcHBBpauoRndHrrXATLKuusK1UWNpbwQ1NjcHdHdxDD09Pj8QhIaFexZHSElKS0xMHY2Sg5GXJCSVmIubnowsXl1eYmBiYmo0mqyjpjptbjyvo6VBqba3tLiAdne2q7nBvq-CfrRvbjEDdmdpagk6Oj1BPj9EQxF1gYiFFxePh4ccHJSFi5Yia5GYipJHcZeNWSyQkpYxYmNkZWZnaGlpamttbm9wcXJzdHV2d3h5ent8fX5-gIGBMTIzNDU2Nzg5Ojs7PT4-QEFCQ0RFRkdISUpLTE1NTh.DipckVVZXV1laW1xdXl9gYWJjZGRmZmhpamtsPLSzs0G4cHN-vHSgfp.ghsN7wIO.v25vPXoycTp1dnd4RoM7gkWFTIlBWWCDT24ZhYeKhB.Ejk53dl.KlCeanZ4sYV0um5GgMzOcoak4aDmorz1ub29wcnJzdXZGvqxKe3x8r4BPs8N4AlJHSiVccG2Ab32IdnyDdYOAdIBChnt.RpCEgZSDkVtkipWTkotHeG1wS4KWk6aVo66coqmbqaaapmisoaRstqqnuqm3gYqwu7m4tcK7b6CVRiFYbGl8a3mEcnh-cX98cHw.gnd6QoyAfZB-jVdqh4KSkJWSiplGbIyQj0t8cXRPhpqXqpmnsqCmrZ.tqp6qbLClqHC6rqu.rbuForGvmbjEcWJ2a294Mm91KFlOUYh2fIN1g4B0gEKGe35GkISBlIORIJSFhyVXWiebmY4sXmEuk6CjM2Q0o5mbOWpqO6mxrkBxdg__&_tdf=18 HTTP 302
  • https://trk118.zzzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fapplinker.store%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad%26pubid%3D579_65798hgddtt&vId=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&hash=12951695aa65a83b3992&ete=true

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
unite
manuqas.com/kalo/
Redirect Chain
  • http://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1
  • https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1
  • https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000f230554cc75ead19eaad21a32491160b0511-202405-flb*5768231-bead7*m7367469419334729814*sl...
  • https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1
  • https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000580cb35d6cd4ce45e8c5a9b3053b59c50511-202405-flb*5768231-bead7*m7367469419334729814*sl...
  • https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=34&network_id=1&click_id=201JUjsjjkojqWxfyjVBhQcSe1CJr1JhQemopuX6CLe7nwAeLDj1HDbjwYJTW6e8gi1CBK&source=
  • https://trimbuilder.foundation/?sl=5768231-bead7&data1=track1&data2=track2&tag=m7367469419334729814&website=22040-b30cf673&placement=22040&eyeg=1
  • https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=31000279803c0f707813a67c30d69cc649f260511-202405-flb*5768231-bead7*m7367469419334729814*sl...
  • https://harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=88&sub1=201GQN4KVTvAwCH9osgR9fM951fkwiVwfGnJiMcfPCc5zkyGbrawaNqMnzhjsBDZQauenV&sub2=1B7fmUHKE
  • https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=663fe230fe6ae40001a075dc&source=88&sub_source=
  • https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=663fe230fe6ae40001a075dc&source=88&sub_source=
  • https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache
cf-cache-status
DYNAMIC
cf-ray
88253d509da2006d-CDG
content-encoding
br
content-type
text/html;charset=ISO-8859-1
date
Sat, 11 May 2024 21:25:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0JrNfxPtBfO1l9Y7zP5%2BkMTzUMQ3pOS4HhZKyBI6jcnW%2FpO9PqIUUdovI5mJsi12%2F6sRxvg61wv1Re4Ihq0TwebYCBdqXRPvxWSHKu4LMkRppe194TW7f06l2bVYtw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
88253d500cd79ef7-CDG
content-length
89
content-type
text/html; charset=utf-8
date
Sat, 11 May 2024 21:25:04 GMT
location
https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lLhSP8YekUmU59RVI5TjRvnj35n5%2FgPqnnX4qQ1Ck9BeOHDywYIxJ9UP00utlF445tM45C22kiIHgkCf9naSSQMzU73sZlzoMTiqzI0SDNTl56AM6R1Q5NEjL2%2FviD61fD%2B74mAom%2FeDweNv"}],"group":"cf-nel","max_age":604800}
server
cloudflare
12951695aa65a83b3992.js
trk118.zzzperform.com/l/
Redirect Chain
  • https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false
  • https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false
36 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false
Requested by
Host: manuqas.com
URL: https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
1129
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
88253d52589400c6-CDG
content-encoding
br
content-type
text/html
date
Sat, 11 May 2024 21:25:05 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Wed, 27 Sep 2023 17:56:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wtEk9vBftXicslUXWWnrHMVAmWV9P6wb4QR5qbL6v4AM1U5w5iDOHnay6qJyy2y%2BkMHQJrABOa%2BxSfscsxizPR%2BkI629BhQw2dC7uUAYob7%2F2yyU0K0i7Z9BeG%2BJaZZz75Cs9DOvSfA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
88253d51dd0a2285-CDG
content-length
143
content-type
text/html
date
Sat, 11 May 2024 21:25:04 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aTi%2FByJ4SpN1qWU6T%2BtKMPvEiyOhN8Bc83wD0EvGWbz%2Bh0JDCWVp9RICBxoy0tr0MN%2BveTDNcfSGD%2FhDZawamJwPiRtyvZ6RPALJ17lx%2Fv%2BliRtmjqP8bylyj04ELm%2FPxwBvEg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
gw.js
trk118.zzzperform.com/
Redirect Chain
  • https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false&code=52Y3VvBDU8Nzw8PzxCPEI.RUURhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2np0FydHN0Rae.SXqAe3xNr...
  • https://trk118.zzzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fapplinker.store%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad%26pubid%3D579_6579...
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trk118.zzzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fapplinker.store%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad%26pubid%3D579_65798hgddtt&vId=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&hash=12951695aa65a83b3992&ete=true
Requested by
Host: manuqas.com
URL: https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://trk118.zzzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
1463
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
88253d53293300c6-CDG
content-encoding
br
content-type
text/html
date
Sat, 11 May 2024 21:25:05 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Fri, 22 Sep 2023 11:17:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=REobRALbY7oPsl%2FzEqd%2B6o%2BhM98dAkO0mi%2FyLE7VR%2F5YJd0KPf7ttH%2B2RNlbRiKgQ7Zl2Ob4jjED8b2B8oU5DBrF3TR5oPUMwcuF70TooL14P0xfrDFn2MMs4B30ED75eAu6pgUrLMk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
88253d52d8f200c6-CDG
date
Sat, 11 May 2024 21:25:05 GMT
location
https://trk118.zzzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fapplinker.store%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad%26pubid%3D579_65798hgddtt&vId=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&hash=12951695aa65a83b3992&ete=true
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dHEsa6JAgPlfD%2BlRF4Uk3zryYMlCY%2Fw1IrZ8qJpLUGR81Z6l58LKiFd00iNicX%2BRXAzpGvZPNPfY22ODWtKp8xupL4%2FmiqL%2F5euUyg9oiu99kXSGzQysqRf5I2O4CgdXeIa1pxKWeiA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
3d8a3d97e5
applinker.store/rc/ 		1 KB
984 B 		Document
General
Check archive.org
Download Go to
Full URL
https://applinker.store/rc/3d8a3d97e5?affclick=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&pubid=579_65798hgddtt
Requested by
Host: trk118.zzzperform.com
URL: https://trk118.zzzperform.com/l/12951695aa65a83b3992?source=65798hgddtt&url=https%3A%2F%2Fapplinker.store%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad%26pubid%3D579_65798hgddtt&vId=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&hash=12951695aa65a83b3992&ete=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.137.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5370c000c2c13acfb18e03f183085222bf0d4797a6ba6b96eaec4ee94c0d385

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://trk118.zzzperform.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
88253d53bad79ed8-CDG
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Sat, 11 May 2024 21:25:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lw712GWNQvvuM2ombR1MYtD85m3dci7Yc5EoGWDcqeL%2FDtxWiz1vw6puK1h6WzZpGBRhUIRoV8G8Qk1NrudKdKo2oh%2BPxj6RYjkdoXh7MSJnQMMlFHgrR33ilpY5Do9YCVc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
redirect.css
cdn.addlnk.com/ 		1 KB
1014 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: applinker.store
URL: https://applinker.store/rc/3d8a3d97e5?affclick=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&pubid=579_65798hgddtt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.185.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 11 May 2024 21:25:05 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
9Y5H53MPPDZ4JW1N
age
1661
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ABK4LHd5BkWX3/c/hcU2GrF0tgItpobY02ILKLlE0Gnv930KitdQQFoyEaDAwN2s6VhByUjFrDc=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lKsgBm%2Fl5Kfg7jANMOemZwvIHCOHhoAI7OhkdyFxMuWlXd6HUqtamL8xf7vVsNrmHkeRlXoDQAeodORCECPSx1atES6otRwqQDscHvkPOSASoG9ImlR6MvGEHl4jU9Pfng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
88253d54bd84792d-CDG
Primary Request click.php
ynnus4.life/
Redirect Chain
  • https://t1.blowingwnd.com/d.php?p=c%3As_8942pggbfij953c&d1=557030&d=631f396258fd6b044f727c62&pid=pubc152775f606642eb9752ec84db5b6cc5&s=3k4fcald
  • https://go.savethereef.xyz/redirect?feed=557030&url=t1.blowingwnd.com&subid=3k4fcald&query=&pub_clickid=663fe23193e75e2a5a6a84f4&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf...
  • https://ynnus4.life/click.php?key=35bdl1q2vi01eaz5fgg4&clickid=utm_source=557030_3k4fcald&utm_medium=yeesshh&utm_content=6201496&utm_campaign=2747676&utm_conversion=o*L5YO6NRr4&bid=0.00001&source=5...
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ynnus4.life/click.php?key=35bdl1q2vi01eaz5fgg4&clickid=utm_source=557030_3k4fcald&utm_medium=yeesshh&utm_content=6201496&utm_campaign=2747676&utm_conversion=o*L5YO6NRr4&bid=0.00001&source=557030.3k4fcald&pubfeed=557030&country=fr
Requested by
Host: applinker.store
URL: https://applinker.store/rc/3d8a3d97e5?affclick=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&pubid=579_65798hgddtt
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
95.216.29.188 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.188.29.216.95.clients.your-server.de
Software
nginx/1.24.0 /
Resource Hash
f4f4e82dc999e4cfb126b7d5d3a9d3ea8383ac1124aaebd25acfe2c4555937ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://applinker.store/rc/3d8a3d97e5?affclick=bmconv_20240511232505_24ccab64_5ba4_43db_8fea_07b6a66630ad&pubid=579_65798hgddtt
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Sat, 11 May 2024 21:25:06 GMT
Server
nginx/1.24.0
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked

Redirect headers

Accept-CH
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model
Cache-Control
no-store
Connection
keep-alive
Content-Length
0
Date
Sat, 11 May 2024 21:25:06 GMT
Location
https://ynnus4.life/click.php?key=35bdl1q2vi01eaz5fgg4&clickid=utm_source=557030_3k4fcald&utm_medium=yeesshh&utm_content=6201496&utm_campaign=2747676&utm_conversion=o*L5YO6NRr4&bid=0.00001&source=557030.3k4fcald&pubfeed=557030&country=fr
Server
nginx
favicon.ico
ynnus4.life/ 		0
270 B 		Other
General
Check archive.org
Download Go to
Full URL
https://ynnus4.life/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
95.216.29.188 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.188.29.216.95.clients.your-server.de
Software
nginx/1.24.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://ynnus4.life/click.php?key=35bdl1q2vi01eaz5fgg4&clickid=utm_source=557030_3k4fcald&utm_medium=yeesshh&utm_content=6201496&utm_campaign=2747676&utm_conversion=o*L5YO6NRr4&bid=0.00001&source=557030.3k4fcald&pubfeed=557030&country=fr
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 11 May 2024 21:25:06 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Server
nginx/1.24.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| back_ntb_link

4 Cookies

Domain/Path Name / Value
harrenmedia.g2afse.com/ Name: afclick
Value: 663fe230fe6ae40001a075dc
trk118.zzzperform.com/ Name: BSESSID
Value: trk291d690f-d462-448e-a2db-2b0c4ceb1fe0
ynnus4.life/ Name: uclick
Value: ir1zhq1zfe
ynnus4.life/ Name: uclickhash
Value: ir1zhq1zfe-ir1zhq1zfe-2t0-0-2t0-2te2-2tb7-65fc79