urlscan.io logo urlscan.io
SecurityTrails logo

secure.um-bredirect.com Open in urlscan Pro
95.217.83.245  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://berhilpress.info/r.php?v=dD1jJmQ9OTI1NiZsPTc5OCZjPTU3MDc2MQ==
Effective URL: https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48...
Submission: On October 20 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 7 countries across 8 domains to perform 8 HTTP transactions. The main IP is 95.217.83.245, located in Finland and belongs to HETZNER-AS, DE. The main domain is secure.um-bredirect.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 2nd 2020. Valid for: 3 months.
This is the only time secure.um-bredirect.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 144.217.171.217 16276 (OVH)
1 1 109.234.162.107 50474 (O2SWITCH)
1 1 185.66.200.220 201702 (SKHOSTING-EU)
1 185.66.201.34 201702 (SKHOSTING-EU)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 99.198.106.194 32475 (SINGLEHOP...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 95.217.83.245 24940 (HETZNER-AS)
8 7
1    144.217.171.217 (Beauharnois, Canada)

ASN16276 (OVH, FR)
berhilpress.info
1    109.234.162.107 (France)

ASN50474 (O2SWITCH, FR)
PTR: 109-234-162-107.reverse.odns.fr
riftv.net
1    185.66.200.220 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.220.skhosting.eu
buleor.com
1    185.66.201.34 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: at-public.skhosting.eu
emula.net
1    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    99.198.106.194 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
offer.mntzr-january2019.com
1    2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    95.217.83.245 (Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.245.83.217.95.clients.your-server.de
secure.um-bredirect.com
Domain Requested by
3 offer.mntzr-january2019.com 1 redirects emula.net
offer.mntzr-january2019.com
2 www.google-analytics.com emula.net
www.google-analytics.com
1 secure.um-bredirect.com offer.mntzr-january2019.com
1 stats.g.doubleclick.net www.google-analytics.com
1 emula.net
1 buleor.com 1 redirects
1 riftv.net 1 redirects
1 berhilpress.info 1 redirects
8 8

This site contains no links.

Subject Issuer Validity Valid
emula.net
Let's Encrypt Authority X3		 2020-09-01 -
2020-11-30		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-09-22 -
2020-12-15		 3 months crt.sh
offer.mntzr-january2019.com
Let's Encrypt Authority X3		 2020-09-19 -
2020-12-18		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
secure.um-bredirect.com
Let's Encrypt Authority X3		 2020-10-02 -
2020-12-31		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48-d4335e54&subid=M6885518571976262407&app_name=unknown
Frame ID: 6BADD4D4ABD36B2FEB595C919AB63017
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://berhilpress.info/r.php?v=dD1jJmQ9OTI1NiZsPTc5OCZjPTU3MDc2MQ== HTTP 302
    https://riftv.net/dYzmv?sub1=1&sub2=9256&sub3=12318&sub4=798&sub5=570761 HTTP 301
    https://buleor.com/fullpage.php?section=General&pub=651335&ga=a HTTP 302
    https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpC... Page URL
  2. https://offer.mntzr-january2019.com/?utm_medium=cd6c753757753ff83d9978f700b37ec4ef37cc2a&utm_campaign=adult&1=1&... Page URL
  3. https://offer.mntzr-january2019.com/?utm_term=6885518571976262407&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
  4. https://offer.mntzr-january2019.com/proc.php?07e4f3cdae1709f69b083217c2eb47f540b6997c HTTP 302
    https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=12... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

8
Requests

88 %
HTTPS

33 %
IPv6

8
Domains

8
Subdomains

7
IPs

7
Countries

25 kB
Transfer

59 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://berhilpress.info/r.php?v=dD1jJmQ9OTI1NiZsPTc5OCZjPTU3MDc2MQ== HTTP 302
    https://riftv.net/dYzmv?sub1=1&sub2=9256&sub3=12318&sub4=798&sub5=570761 HTTP 301
    https://buleor.com/fullpage.php?section=General&pub=651335&ga=a HTTP 302
    https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f Page URL
  2. https://offer.mntzr-january2019.com/?utm_medium=cd6c753757753ff83d9978f700b37ec4ef37cc2a&utm_campaign=adult&1=1&2=2&3=3&4=4&5=5&cid=90affC1603159721affe2b0665c36481a457a825 Page URL
  3. https://offer.mntzr-january2019.com/?utm_term=6885518571976262407&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d Page URL
  4. https://offer.mntzr-january2019.com/proc.php?07e4f3cdae1709f69b083217c2eb47f540b6997c HTTP 302
    https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48-d4335e54&subid=M6885518571976262407&app_name=unknown Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://berhilpress.info/r.php?v=dD1jJmQ9OTI1NiZsPTc5OCZjPTU3MDc2MQ== HTTP 302
  • https://riftv.net/dYzmv?sub1=1&sub2=9256&sub3=12318&sub4=798&sub5=570761 HTTP 301
  • https://buleor.com/fullpage.php?section=General&pub=651335&ga=a HTTP 302
  • https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
Request Chain 6
  • https://offer.mntzr-january2019.com/proc.php?07e4f3cdae1709f69b083217c2eb47f540b6997c HTTP 302
  • https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48-d4335e54&subid=M6885518571976262407&app_name=unknown

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
emula.net/70715d1a00/bc5ff2967e/
Redirect Chain
  • http://berhilpress.info/r.php?v=dD1jJmQ9OTI1NiZsPTc5OCZjPTU3MDc2MQ==
  • https://riftv.net/dYzmv?sub1=1&sub2=9256&sub3=12318&sub4=798&sub5=570761
  • https://buleor.com/fullpage.php?section=General&pub=651335&ga=a
  • https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09...
999 B
840 B 		Document
General
Check archive.org
Download Go to
Full URL
https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.66.201.34 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
at-public.skhosting.eu
Software
nginx /
Resource Hash
aee7fe13b3915419b528c68e680e1fb3b1db3cdb174ab1fcb9e225406d2eea05

Request headers

:method
GET
:authority
emula.net
:scheme
https
:path
/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
server
nginx
date
Tue, 20 Oct 2020 02:08:41 GMT
content-type
text/html; charset=UTF-8
set-cookie
total_impressions=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; secure; SameSite=None used_ad2290232=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; SameSite=None
expires
Sun, 01 Jan 2014 00:00:00 GMT
cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma
no-cache
x-robots-tag
noindex,nofollow
content-encoding
br

Redirect headers

status
302
server
nginx
date
Tue, 20 Oct 2020 02:08:41 GMT
content-type
text/html; charset=UTF-8
location
https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
expires
Tue, 20 Oct 2020 02:08:41 GMT
last-modified
Tue, 20 Oct 2020 02:08:41 GMT
cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma
no-cache
x-robots-tag
noindex, nofollow, noarchive, nosnippet
set-cookie
used_ad2290232=1; expires=Tue, 20-Oct-2020 04:00:00 GMT; Max-Age=6679; path=/; domain=buleor.com; secure; HttpOnly; SameSite=None total_impressions=1; expires=Tue, 20-Oct-2020 04:00:00 GMT; Max-Age=6679; path=/; domain=buleor.com; secure; HttpOnly; SameSite=None cpa_875164=popup_551167532_4; expires=Thu, 19-Nov-2020 02:08:41 GMT; Max-Age=2592000; path=/; domain=buleor.com; secure; SameSite=None
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: emula.net
URL: https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
3172
date
Tue, 20 Oct 2020 01:15:49 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Tue, 20 Oct 2020 03:15:49 GMT
/
offer.mntzr-january2019.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offer.mntzr-january2019.com/?utm_medium=cd6c753757753ff83d9978f700b37ec4ef37cc2a&utm_campaign=adult&1=1&2=2&3=3&4=4&5=5&cid=90affC1603159721affe2b0665c36481a457a825
Requested by
Host: emula.net
URL: https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.198.106.194 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
460621884ac28bad9dac9274d9ff8f843571b13b868e99c8f1f2421bb0ee29de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
offer.mntzr-january2019.com
:scheme
https
:path
/?utm_medium=cd6c753757753ff83d9978f700b37ec4ef37cc2a&utm_campaign=adult&1=1&2=2&3=3&4=4&5=5&cid=90affC1603159721affe2b0665c36481a457a825
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f

Response headers

status
200
server
nginx
date
Tue, 20 Oct 2020 02:08:41 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=950148c0e7a5d230735a7dda29cad09f; expires=Wed, 20-Oct-2021 02:08:41 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
collect
www.google-analytics.com/j/ 		4 B
425 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&a=792704809&t=pageview&_s=1&dl=https%3A%2F%2Femula.net%2F70715d1a00%2Fbc5ff2967e%2F%3FplacementName%3DROTATOR%26type%3Da%26cv%3DXGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674%26adApiR%3Dloaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667%26refferer%3D4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20%3D%26yxDom%3DYnVsZW9yLmNvbQ%3D%3D_927bc1f915095284db284dd68f5ec62f&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1523580933&gjid=1903073544&cid=1122938819.1603159722&tid=UA-68398243-1&_gid=2034595033.1603159722&_r=1&_slc=1&z=608051749
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 20 Oct 2020 02:08:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://emula.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
459 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-68398243-1&cid=1122938819.1603159722&jid=1523580933&gjid=1903073544&_gid=2034595033.1603159722&_u=IEBAAEAAAAAAAC~&z=1768664709
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://emula.net/70715d1a00/bc5ff2967e/?placementName=ROTATOR&type=a&cv=XGiCAArrdGAiZCdikZZpCpCjZNrxZNrjNrrpCrCkjCrxCrixCjiCrCrGCxCidrriAGiCCr_19674&adApiR=loaded_string_8767632d537bf4439c9e23cb09958ff63cbb6_2290232_1603159721.1665_60667&refferer=4188647925_aHR0cDovLzY1MTMzNS55bGxpeC5jb20=&yxDom=YnVsZW9yLmNvbQ==_927bc1f915095284db284dd68f5ec62f
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 20 Oct 2020 02:08:41 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://emula.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
offer.mntzr-january2019.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offer.mntzr-january2019.com/?utm_term=6885518571976262407&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
Requested by
Host: offer.mntzr-january2019.com
URL: https://offer.mntzr-january2019.com/?utm_medium=cd6c753757753ff83d9978f700b37ec4ef37cc2a&utm_campaign=adult&1=1&2=2&3=3&4=4&5=5&cid=90affC1603159721affe2b0665c36481a457a825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.198.106.194 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
ea850ab78d7b84198a1d64d97e69cffa9862346942143c36684236737c1271df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
offer.mntzr-january2019.com
:scheme
https
:path
/?utm_term=6885518571976262407&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://offer.mntzr-january2019.com/?utm_medium=cd6c753757753ff83d9978f700b37ec4ef37cc2a&utm_campaign=adult&1=1&2=2&3=3&4=4&5=5&cid=90affC1603159721affe2b0665c36481a457a825
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
u=950148c0e7a5d230735a7dda29cad09f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://offer.mntzr-january2019.com/?utm_medium=cd6c753757753ff83d9978f700b37ec4ef37cc2a&utm_campaign=adult&1=1&2=2&3=3&4=4&5=5&cid=90affC1603159721affe2b0665c36481a457a825

Response headers

status
200
server
nginx
date
Tue, 20 Oct 2020 02:08:41 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
click.php
secure.um-bredirect.com/
Redirect Chain
  • https://offer.mntzr-january2019.com/proc.php?07e4f3cdae1709f69b083217c2eb47f540b6997c
  • https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48-d4335e54&subid=M6885518571976262407&app_name=unknown
0
0
Primary Request click.php
secure.um-bredirect.com/
Redirect Chain
  • https://offer.mntzr-january2019.com/proc.php?07e4f3cdae1709f69b083217c2eb47f540b6997c
  • https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48-d4335e54&subid=M6885518571976262407&app_name=unknown
559 B
632 B 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48-d4335e54&subid=M6885518571976262407&app_name=unknown
Requested by
Host: offer.mntzr-january2019.com
URL: https://offer.mntzr-january2019.com/?utm_term=6885518571976262407&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
95.217.83.245 , Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.245.83.217.95.clients.your-server.de
Software
nginx/1.16.1 /
Resource Hash
002b9143bb8ef9570b2eb2b823f7b90d78d2870e2e8709ae1dfd9ecdc304bde1

Request headers

:method
GET
:authority
secure.um-bredirect.com
:scheme
https
:path
/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48-d4335e54&subid=M6885518571976262407&app_name=unknown
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://offer.mntzr-january2019.com/?utm_term=6885518571976262407&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://offer.mntzr-january2019.com/?utm_term=6885518571976262407&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d#

Response headers

status
502
server
nginx/1.16.1
date
Tue, 20 Oct 2020 02:08:54 GMT
content-type
text/html
content-length
559

Redirect headers

status
302
server
nginx
date
Tue, 20 Oct 2020 02:08:54 GMT
content-type
text/html; charset=UTF-8
location
https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48-d4335e54&subid=M6885518571976262407&app_name=unknown
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secure.um-bredirect.com
URL
https://secure.um-bredirect.com/click.php?key=n2ebxlr2nhxa3dh97395&clickid=M6885518571976262407&bid=0&pub=1263&pid=1263-755caf48-d4335e54&subid=M6885518571976262407&app_name=unknown

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes string| pm_appKey function| pm_denyAction string| pm_tag function| pm_allowAction

1 Cookies

Domain/Path Name / Value
offer.mntzr-january2019.com/ Name: u
Value: 950148c0e7a5d230735a7dda29cad09f