1d656c28c28.trccmpnsl.com Open in urlscan Pro
188.40.16.102 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://redgiftverify.com/
Effective URL:
https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=5ff56a8e85a71e00011c1170
Submission: On January 06 via automatic, source certstream-suspicious (January 6th 2021, 7:45:31 am UTC)

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 11 domains to perform 7 HTTP transactions. The main IP is 188.40.16.102, located in Germany and belongs to HETZNER-AS, DE. The main domain is 1d656c28c28.trccmpnsl.com.
TLS certificate: Issued by R3 on December 4th 2020. Valid for: 3 months.

This is the only time 1d656c28c28.trccmpnsl.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	185.199.111.153 185.199.111.153	54113 (FASTLY) (FASTLY)
2 2	67.199.248.11 67.199.248.11	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1	185.199.108.153 185.199.108.153	54113 (FASTLY) (FASTLY)
1	2606:4700:303... 2606:4700:3031::ac43:c5f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	212.32.252.129 212.32.252.129	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 3	65.60.9.234 65.60.9.234	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	104.27.131.164 104.27.131.164	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	213.227.156.11 213.227.156.11	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	188.40.16.102 188.40.16.102	24940 (HETZNER-AS) (HETZNER-AS)
7	6

1 185.199.111.153 (United States)

ASN54113 (FASTLY, US)

redgiftverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.199.248.11 (United States) 2 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.108.153 (United States)

ASN54113 (FASTLY, US)

mrrobot-code.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:c5f7 (United States)

ASN13335 (CLOUDFLARENET, US)

smrturl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.32.252.129 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

m.banhmidigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mish.bucksmein.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.60.9.234 (Chicago, United States) 1 redirects

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

jump.totopcontent.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.27.131.164 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tracking.armorads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.156.11 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

harrenmedia.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.40.16.102 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.102.16.40.188.clients.your-server.de

1d656c28c28.trccmpnsl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	totopcontent.xyz 1 redirects jump.totopcontent.xyz	7 KB
2	bit.ly 2 redirects bit.ly	416 B
1	trccmpnsl.com 1d656c28c28.trccmpnsl.com	855 B
1	g2afse.com 1 redirects harrenmedia.g2afse.com	250 B
1	armorads.com 1 redirects tracking.armorads.com	950 B
1	bucksmein.com 1 redirects mish.bucksmein.com	278 B
1	banhmidigital.com 1 redirects m.banhmidigital.com	198 B
1	smrturl.co smrturl.co	2 KB
1	github.io mrrobot-code.github.io	815 B
1	redgiftverify.com redgiftverify.com	602 B
0	servyourads.com Failed servyourads.com Failed
7	11

	Domain	Requested by
3	jump.totopcontent.xyz	1 redirects smrturl.co jump.totopcontent.xyz
2	bit.ly	2 redirects
1	1d656c28c28.trccmpnsl.com	jump.totopcontent.xyz
1	harrenmedia.g2afse.com	1 redirects
1	tracking.armorads.com	1 redirects
1	mish.bucksmein.com	1 redirects
1	m.banhmidigital.com	1 redirects
1	smrturl.co	bit.ly
1	mrrobot-code.github.io	redgiftverify.com
1	redgiftverify.com
0	servyourads.com Failed
7	11

This site contains no links.

Subject Issuer	Validity	Valid
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-08` - `2021-07-08`	a year	crt.sh
jump.totopcontent.xyz R3	`2020-12-05` - `2021-03-05`	3 months	crt.sh
*.trccmpnsl.com R3	`2020-12-04` - `2021-03-04`	3 months	crt.sh

This page contains 1 frames:

Frame: https://servyourads.com/sl/691?f=a&pub_id=12356&smartlink_id=571&pub_sub=unknown&sub_pub_id=unknown
Frame ID: 526B2B41162F5DE0285F27FF63F944F9
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://redgiftverify.com/ Page URL
https://bit.ly/3njEO6A HTTP 301
https://smrturl.co/o/137822/53176718?s1= Page URL
https://m.banhmidigital.com/click?pid=1309&offer_id=59823&sub1=823415225&sub5=137822 HTTP 302
https://mish.bucksmein.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=59823&sub4=%2AIn-House%2A+%5BPI... HTTP 302
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=130... Page URL
https://jump.totopcontent.xyz/?utm_term=6914549961031942368&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
https://jump.totopcontent.xyz/proc.php?1addbd6c96480f176e2a207fd831398911a3f008 HTTP 302
http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6914549961031942368&sub2=15494&su... HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=84&sub1=5ff56a8ed402c00001f82947&sub2=4 HTTP 302
https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=5ff56a8e85a71e00011c1170 Page URL

Detected technologies

Ruby (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /^GitHub\.com$/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

headers server /^GitHub\.com$/i

GitHub Pages (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^GitHub\.com$/i

Page Statistics

7
Requests

71 %
HTTPS

11 %
IPv6

11
Domains

11
Subdomains

6
IPs

3
Countries

10 kB
Transfer

16 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://redgiftverify.com/ Page URL
https://bit.ly/3njEO6A HTTP 301
https://smrturl.co/o/137822/53176718?s1= Page URL
https://m.banhmidigital.com/click?pid=1309&offer_id=59823&sub1=823415225&sub5=137822 HTTP 302
https://mish.bucksmein.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=59823&sub4=%2AIn-House%2A+%5BPIN%5D+DE++Phone+Cleaner HTTP 302
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ff56a8eb301010001944271 Page URL
https://jump.totopcontent.xyz/?utm_term=6914549961031942368&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e Page URL
https://jump.totopcontent.xyz/proc.php?1addbd6c96480f176e2a207fd831398911a3f008 HTTP 302
http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6914549961031942368&sub2=15494&sub3=15494-651cd233 HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=84&sub1=5ff56a8ed402c00001f82947&sub2=4 HTTP 302
https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=5ff56a8e85a71e00011c1170 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://bit.ly/38ihySw HTTP 301
https://mrrobot-code.github.io/blendjs/redirect.js

Request Chain 2

https://bit.ly/3njEO6A HTTP 301
https://smrturl.co/o/137822/53176718?s1=

Request Chain 3

https://m.banhmidigital.com/click?pid=1309&offer_id=59823&sub1=823415225&sub5=137822 HTTP 302
https://mish.bucksmein.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=59823&sub4=%2AIn-House%2A+%5BPIN%5D+DE++Phone+Cleaner HTTP 302
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ff56a8eb301010001944271

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
redgiftverify.com/ 259 B
602 B 149ms
107ms Document
text/html 185.199.111.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://redgiftverify.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: c2df1f5045a40ce98508b647fe80b9c81115fb85d0f00be593314f167985fc5a

Request headers

:method: GET
:authority: redgiftverify.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
server: GitHub.com
x-origin-cache: HIT
last-modified: Wed, 06 Jan 2021 07:44:52 GMT
access-control-allow-origin: *
etag: W/"5ff56a74-103"
expires: Wed, 06 Jan 2021 07:55:16 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: C3C6:E7D2:6B6B8B3:7297043:5FF56A8C
accept-ranges: bytes
date: Wed, 06 Jan 2021 07:45:16 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-ams21038-AMS
x-cache: MISS
x-cache-hits: 0
x-timer: S1609919116.185191,VS0,VE92
vary: Accept-Encoding
x-fastly-request-id: 8d73f648337f58ceef8803b0fe59b88b22835378
content-length: 208

GET
H2

200

redirect.js
mrrobot-code.github.io/blendjs/
Redirect Chain

https://bit.ly/38ihySw
https://mrrobot-code.github.io/blendjs/redirect.js

1 KB
815 B

120ms
110ms

Script
application/javascript

185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://mrrobot-code.github.io/blendjs/redirect.js

Requested by

Host: redgiftverify.com
URL: https://redgiftverify.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.108.153 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

GitHub.com /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://redgiftverify.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: 36912dfd06f6558e4e4d0eb4293a1456cec7f8fc
strict-transport-security: max-age=31556952
content-encoding: gzip
etag: W/"5ff55acb-44e"
age: 0
x-cache: MISS
content-length: 537
x-served-by: cache-ams21027-AMS
access-control-allow-origin: *
last-modified: Wed, 06 Jan 2021 06:38:03 GMT
server: GitHub.com
x-github-request-id: F328:A41E:8CC0BA:9C9BB1:5FF56A8C
x-timer: S1609919117.524632,VS0,VE96
date: Wed, 06 Jan 2021 07:45:16 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
expires: Wed, 06 Jan 2021 07:55:16 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

Redirect headers

content-security-policy: referrer always;
via: 1.1 google
referrer-policy: unsafe-url
server: nginx
date: Wed, 06 Jan 2021 07:45:16 GMT
content-type: text/html; charset=utf-8
location: https://mrrobot-code.github.io/blendjs/redirect.js
cache-control: private, max-age=90
alt-svc: clear
content-length: 137

GET
H2

200

53176718 Show response
smrturl.co/o/137822/
Redirect Chain

https://bit.ly/3njEO6A
https://smrturl.co/o/137822/53176718?s1=

607 B
2 KB

929ms
896ms

Document
text/html

2606:4700:3031::ac43:c5f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smrturl.co/o/137822/53176718?s1=
Requested by: Host: bit.ly
URL: https://bit.ly/38ihySw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c5f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.11
Resource Hash: 95601bf6008d94b6e74a0e004ac595365add891b5298e29215b61c67a99c7aaa

Request headers

:method: GET
:authority: smrturl.co
:scheme: https
:path: /o/137822/53176718?s1=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://redgiftverify.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://redgiftverify.com/

Response headers

date: Wed, 06 Jan 2021 07:45:17 GMT
content-type: text/html; charset=UTF-8
content-length: 607
set-cookie: __cfduid=debe0c5341fad2ef063afd199460e682a1609919116; expires=Fri, 05-Feb-21 07:45:16 GMT; path=/; domain=.smrturl.co; HttpOnly; SameSite=Lax BUILD_VISITOR_RAND=a8d23d88; expires=Thu, 07-Jan-2021 07:45:17 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None BUILD_VISITOR_ID=686850822; expires=Thu, 07-Jan-2021 07:45:17 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None BUILD_VISITOR_ID_KEY=38c3386ca86217b69ef434b2c94c99e3; expires=Thu, 07-Jan-2021 07:45:17 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None BUILD_CLICK_IDS=%5B823415225%5D; expires=Thu, 07-Jan-2021 07:45:17 GMT; Max-Age=86400; path=/
x-powered-by: PHP/7.4.11
cache-control: no-cache, no-transform
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
cf-cache-status: DYNAMIC
cf-request-id: 0778414df700001f1d890da000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KVxXX5SDvAB12MgkktGhDva%2F7%2Fc9F21eYIsdiJ0FCGBXIj0pQUMx9i2rMJ6xlAKzFMGj2DdE4mokY4v13rDgu%2FnBJ0IFblV4vryjF7aZBAeT8lR3%2FLW6"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 60d3d18ffe971f1d-FRA

Redirect headers

server: nginx
date: Wed, 06 Jan 2021 07:45:16 GMT
content-type: text/html; charset=utf-8
content-length: 127
cache-control: private, max-age=90
content-security-policy: referrer always;
location: https://smrturl.co/o/137822/53176718?s1=
referrer-policy: unsafe-url
set-cookie: _bit=l067Jg-8cd130bbccdc84d79b-00k; Domain=bit.ly; Expires=Mon, 05 Jul 2021 07:45:16 GMT
via: 1.1 google
alt-svc: clear

GET
H2

200

/ Show response
jump.totopcontent.xyz/
Redirect Chain

https://m.banhmidigital.com/click?pid=1309&offer_id=59823&sub1=823415225&sub5=137822
https://mish.bucksmein.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=59823&sub4=%2AIn-House%2A+%5BPIN%5D+DE++Phone+Cleaner
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ff56a8eb301010001944271

3 KB
2 KB

330ms
108ms

Document
text/html

65.60.9.234
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ff56a8eb301010001944271

Requested by

Host: smrturl.co
URL: https://smrturl.co/o/137822/53176718?s1=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.9.234 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/7.4.10

Resource Hash

85aa18fbcf4a32b124acb15130b5dd7f6a20f13df02305f403981b9cf97c98b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

:method: GET
:authority: jump.totopcontent.xyz
:scheme: https
:path: /?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ff56a8eb301010001944271
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://smrturl.co/o/137822/53176718?s1=

Response headers

server: nginx
date: Wed, 06 Jan 2021 07:45:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=95279468370437448eff9a854506b098; expires=Thu, 06-Jan-2022 07:45:18 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip

Redirect headers

server: nginx
date: Wed, 06 Jan 2021 07:45:18 GMT
content-type: text/html; charset=utf-8
content-length: 171
location: https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ff56a8eb301010001944271
referer
referrer-policy: no-referrer
set-cookie: afclick=5ff56a8eb301010001944271; Expires=Thu, 06 Jan 2022 07:45:18 GMT; Secure; SameSite=None

GET
H2 200 / Show response
jump.totopcontent.xyz/ 11 KB
5 KB 114ms
113ms Document
text/html 65.60.9.234
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://jump.totopcontent.xyz/?utm_term=6914549961031942368&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e

Requested by

Host: jump.totopcontent.xyz
URL: https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ff56a8eb301010001944271

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.9.234 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/7.4.10

Resource Hash

811b3892bd1c64072ef43c7a07050fff8f4faf6c1c762428dac4bf84c9a92c94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

:method: GET
:authority: jump.totopcontent.xyz
:scheme: https
:path: /?utm_term=6914549961031942368&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ff56a8eb301010001944271
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: u=95279468370437448eff9a854506b098
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ff56a8eb301010001944271

Response headers

server: nginx
date: Wed, 06 Jan 2021 07:45:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip

GET
H2

200

Primary Request / Show response
1d656c28c28.trccmpnsl.com/
Redirect Chain

https://jump.totopcontent.xyz/proc.php?1addbd6c96480f176e2a207fd831398911a3f008
http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6914549961031942368&sub2=15494&sub3=15494-651cd233
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=84&sub1=5ff56a8ed402c00001f82947&sub2=4
https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=5ff56a8e85a71e00011c1170

842 B
855 B

114ms
55ms

Document
text/html

188.40.16.102
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=5ff56a8e85a71e00011c1170
Requested by: Host: jump.totopcontent.xyz
URL: https://jump.totopcontent.xyz/?utm_term=6914549961031942368&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.40.16.102 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.102.16.40.188.clients.your-server.de
Software: /
Resource Hash: af33c10e9304bdf7096456fe7ea8791fc83928aa1970f6aa83bf60c45dc82725

Request headers

:method: GET
:authority: 1d656c28c28.trccmpnsl.com
:scheme: https
:path: /?p=2155&media_type=mainstream&click_id=5ff56a8e85a71e00011c1170
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://jump.totopcontent.xyz/?utm_term=6914549961031942368&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e#

Response headers

date: Wed, 06 Jan 2021 07:45:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: rts-trck=1; expires=Wed, 06-Jan-2021 07:55:19 GMT; Max-Age=600; path=/; domain=1d656c28c28.trccmpnsl.com
last-modified: Wed, 6 Jan 2021 07:45:19 GMT
expires: Wed, 6 Jan 2021 07:45:19 GMT
cache-control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow
content-encoding: gzip

Redirect headers

server: nginx
date: Wed, 06 Jan 2021 07:45:18 GMT
content-type: text/html; charset=utf-8
content-length: 128
location: https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=5ff56a8e85a71e00011c1170
referer
referrer-policy: no-referrer
set-cookie: afclick=5ff56a8e85a71e00011c1170; Expires=Thu, 06 Jan 2022 07:45:18 GMT; Secure; SameSite=None

GET 691
servyourads.com/sl/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: servyourads.com
URL: https://servyourads.com/sl/691?f=a&pub_id=12356&smartlink_id=571&pub_sub=unknown&sub_pub_id=unknown

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1d656c28c28.trccmpnsl.com
bit.ly
harrenmedia.g2afse.com
jump.totopcontent.xyz
m.banhmidigital.com
mish.bucksmein.com
mrrobot-code.github.io
redgiftverify.com
servyourads.com
smrturl.co
tracking.armorads.com
servyourads.com
104.27.131.164
185.199.108.153
185.199.111.153
188.40.16.102
212.32.252.129
213.227.156.11
2606:4700:3031::ac43:c5f7
65.60.9.234
67.199.248.11
811b3892bd1c64072ef43c7a07050fff8f4faf6c1c762428dac4bf84c9a92c94
85aa18fbcf4a32b124acb15130b5dd7f6a20f13df02305f403981b9cf97c98b1
95601bf6008d94b6e74a0e004ac595365add891b5298e29215b61c67a99c7aaa
af33c10e9304bdf7096456fe7ea8791fc83928aa1970f6aa83bf60c45dc82725
c2df1f5045a40ce98508b647fe80b9c81115fb85d0f00be593314f167985fc5a

1d656c28c28.trccmpnsl.com Open in urlscan Pro 188.40.16.102 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

71 %HTTPS

11 %IPv6

11 Domains

11 Subdomains

6 IPs

3 Countries

10 kBTransfer

16 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

1d656c28c28.trccmpnsl.com Open in urlscan Pro
188.40.16.102 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

11 %
IPv6

11
Domains

11
Subdomains

6
IPs

3
Countries

10 kB
Transfer

16 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions