ps.popcash.net Open in urlscan Pro
44.194.19.196 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bureause.creditscorereports.us/
Effective URL:
http://ps.popcash.net/go/134600/317194
Submission Tags: phishingrod
Submission: On March 28 via api (March 28th 2023, 12:49:40 am UTC) from DE — Scanned from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 5 countries across 12 domains to perform 14 HTTP transactions. The main IP is 44.194.19.196, located in and belongs to . The main domain is ps.popcash.net.

This is the only time ps.popcash.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	207.244.242.113 207.244.242.113	40021 (CONTABO) (CONTABO)
2 2	34.91.142.64 34.91.142.64	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	2606:4700:303... 2606:4700:3035::6815:51d8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3030::6815:4a8d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	162.242.198.222 162.242.198.222	27357 (RACKSPACE) (RACKSPACE)
2	68.183.246.137 68.183.246.137	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	2606:4700:303... 2606:4700:3037::6815:48d5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.141.179.97 34.141.179.97	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	51.161.115.163 51.161.115.163	16276 (OVH) (OVH)
1 1	51.83.143.92 51.83.143.92	16276 (OVH) (OVH)
1 1	2606:4700:303... 2606:4700:3035::6815:3426	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	44.194.19.196 44.194.19.196	() ()
14	6

1 207.244.242.113 (St Louis, United States) 1 redirects

ASN40021 (CONTABO, US)
PTR: server11.serverdiana.com

bureause.creditscorereports.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.91.142.64 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 64.142.91.34.bc.googleusercontent.com

track.amcmpn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3035::6815:51d8 (United States)

ASN13335 (CLOUDFLARENET, US)

www.mingotime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3030::6815:4a8d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.242.198.222 (United States) 1 redirects

ASN27357 (RACKSPACE, US)

go.doblevialatam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.183.246.137 (Bengaluru, India)

ASN14061 (DIGITALOCEAN-ASN, US)

c.adup.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3037::6815:48d5 (United States)

ASN13335 (CLOUDFLARENET, US)

792a9db8.linkbooster.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.141.179.97 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 97.179.141.34.bc.googleusercontent.com

track.gositego.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.161.115.163 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net

t3.blowingwnd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.83.143.92 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu

ron.trffclb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:3426 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.194.19.196 (None, )

ASN- ()

ps.popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	linkbooster.click 792a9db8.linkbooster.click	18 KB
4	mingotime.com www.mingotime.com	19 KB
2	popcash.net 1 redirects popcash.net — Cisco Umbrella Rank: 31845 ps.popcash.net	871 B
2	adup.app c.adup.app — Cisco Umbrella Rank: 989923	4 KB
2	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 385628	2 KB
2	amcmpn.com 2 redirects track.amcmpn.com	463 B
1	trffclb.com 1 redirects ron.trffclb.com — Cisco Umbrella Rank: 346814	253 B
1	blowingwnd.com 1 redirects t3.blowingwnd.com — Cisco Umbrella Rank: 166664	301 B
1	gositego.live 1 redirects track.gositego.live — Cisco Umbrella Rank: 104158	293 B
1	doblevialatam.com 1 redirects go.doblevialatam.com	247 B
1	creditscorereports.us 1 redirects bureause.creditscorereports.us	234 B
0	floweryduck.cc Failed floweryduck.cc Failed
14	12

	Domain	Requested by
4	792a9db8.linkbooster.click	c.adup.app www.mingotime.com 792a9db8.linkbooster.click
4	www.mingotime.com	www.mingotime.com
2	c.adup.app	www.mingotime.com c.adup.app
2	cdn.addlnk.com	www.mingotime.com 792a9db8.linkbooster.click
2	track.amcmpn.com	2 redirects
1	ps.popcash.net	792a9db8.linkbooster.click
1	popcash.net	1 redirects
1	ron.trffclb.com	1 redirects
1	t3.blowingwnd.com	1 redirects
1	track.gositego.live	1 redirects
1	go.doblevialatam.com	1 redirects
1	bureause.creditscorereports.us	1 redirects
0	floweryduck.cc Failed	ps.popcash.net
14	13

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-26` - `2024-02-25`	a year	crt.sh
adup.app E1	`2023-03-10` - `2023-06-08`	3 months	crt.sh

This page contains 3 frames:

Frame: https://floweryduck.cc/smart?p=6S36gzrUCrHarZZkgCcPWQ2bbFaKnmmtLc3aRqmN4H&s=317194
Frame ID: D53D25121EE0D1CA5A654170EDC7C7F2
Requests: 8 HTTP requests in this frame

Frame: https://www.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679961600
Frame ID: A24784D2769D66CF0BE2B618D7A58310
Requests: 3 HTTP requests in this frame

Frame: https://792a9db8.linkbooster.click/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679961600
Frame ID: 87451A5110B4BC5CD81F312031B8E0A9
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bureause.creditscorereports.us/ HTTP 301
https://track.amcmpn.com/click?pid=14426&offer_id=42904 HTTP 302
https://track.amcmpn.com/click?pid=1915&offer_id=33149 HTTP 302
https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915 Page URL
https://go.doblevialatam.com/1652519235?aff_token=pub944927d900ea4d2cad5918e3d1d5a433&aff_source=639802ce HTTP 307
https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce Page URL
https://792a9db8.linkbooster.click/rc/736006a179?affclick=23C28061937A035679028631npxH2&pubid=5fb8a Page URL
https://track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=pub98f75db6badc4b94a1aac679c9aaf... HTTP 302
https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&p... HTTP 302
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_29d0f8e7_5fb8a HTTP 302
https://popcash.net/world/go/134600/317194 HTTP 301
http://ps.popcash.net/go/134600/317194 Page URL

Page Statistics

14
Requests

86 %
HTTPS

33 %
IPv6

12
Domains

13
Subdomains

6
IPs

5
Countries

44 kB
Transfer

83 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bureause.creditscorereports.us/ HTTP 301
https://track.amcmpn.com/click?pid=14426&offer_id=42904 HTTP 302
https://track.amcmpn.com/click?pid=1915&offer_id=33149 HTTP 302
https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915 Page URL
https://go.doblevialatam.com/1652519235?aff_token=pub944927d900ea4d2cad5918e3d1d5a433&aff_source=639802ce HTTP 307
https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce Page URL
https://792a9db8.linkbooster.click/rc/736006a179?affclick=23C28061937A035679028631npxH2&pubid=5fb8a Page URL
https://track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=pub98f75db6badc4b94a1aac679c9aafaca&sub2=29d0f8e7_5fb8a HTTP 302
https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=642239a2694e3c0001330b8c&s=930_29d0f8e7_5fb8a HTTP 302
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_29d0f8e7_5fb8a HTTP 302
https://popcash.net/world/go/134600/317194 HTTP 301
http://ps.popcash.net/go/134600/317194 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://bureause.creditscorereports.us/ HTTP 301
https://track.amcmpn.com/click?pid=14426&offer_id=42904 HTTP 302
https://track.amcmpn.com/click?pid=1915&offer_id=33149 HTTP 302
https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915

Request Chain 3

https://go.doblevialatam.com/1652519235?aff_token=pub944927d900ea4d2cad5918e3d1d5a433&aff_source=639802ce HTTP 307
https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce

Request Chain 12

http://ps.popcash.net/ad/ad?p=134600&w=317194&t=47b2b6cecf0f04f9&r=&vw=1600&vh=1200 HTTP 303
https://floweryduck.cc/smart?p=6S36gzrUCrHarZZkgCcPWQ2bbFaKnmmtLc3aRqmN4H&s=317194

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	1d7c27011f Show response www.mingotime.com/rc/ Redirect Chain https://bureause.creditscorereports.us/ https://track.amcmpn.com/click?pid=14426&offer_id=42904 https://track.amcmpn.com/click?pid=1915&offer_id=33149 https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915	3 KB 2 KB	593ms 331ms	Document text/html	2606:4700:3035::6815:51d8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:51d8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c80eb7688e915769813e0a8513f3d8af0eaca2f9f7135fb7cfe4340d7951ae78` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7aebdfc59b028da0-MIA content-encoding br content-language en content-type text/html; charset=utf-8 date Tue, 28 Mar 2023 00:49:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zfwYM27ePCNsvhmXyFOY17dgsOu6fbXLgtPIMTPNqH93ut7ZEjPoCPW5eq4nwzQlb0W4GYNj%2BN9K%2F1RJFEJknJEKIuc23SnOJSwgLiMBtqL8pGsCwXHtn3eIGG3MwCuQChWYXJaIPBzZMbk8ai5mqQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding, Accept-Language, Cookie Redirect headers access-control-allow-origin * content-length 0 date Tue, 28 Mar 2023 00:49:35 GMT location https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915 server nginx x-adjust-use-original-forwarded-for 1
GET H2	200	redirect.css cdn.addlnk.com/	1 KB 1 KB	195ms 108ms	Stylesheet text/css	2606:4700:3030::6815:4a8d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.addlnk.com/redirect.css Requested by Host: www.mingotime.com URL: https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:4a8d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:49:36 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id 3MMXD1DCYJ9ENSNG age 3279 cf-polished origSize=1680 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 NjPbqudrzOW/MrS77Cnjq0smOnvxvmHL/hnxc5RwItuZa8/whGN4YSe09oEcw8cF6fS2XobNqcM= cf-bgj minify last-modified Wed, 13 Mar 2019 00:03:12 GMT server cloudflare etag W/"3ae56d32551602b41f9046c14d1cfde2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fwHpQL7QsjDWs7AAxeyLZyAxhKlwGN%2BpU4JAULSSOuxudMHse03GaSMRABJjQFlF3rahyAdcWtoCsGB0Hk2maSM3MhR2Hzh%2FaLF8hK50e44IFqnyw6lrm5ifJDHHkgy4NAOu7A9ik87ILvQAAQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cf-ray 7aebdfc899b009b2-MIA
GET H2	200	invisible.js www.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame A247	31 KB 13 KB	41ms 40ms	Script application/javascript	2606:4700:3035::6815:51d8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679961600 Requested by Host: www.mingotime.com URL: https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:51d8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:49:36 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xKLwfCfH%2FjM4GqEK%2FqOZ%2BwW9Q1EBdoCR3wBMNW91iBefqwuC1o8Bw7Eno%2FgFpKsIcOc3RuDYlpplYv7MzyH8902BxJyRh1PaasotYBGRbTh7%2B7qmmR66fBLrQti6iWt4zaWRdW1iGOJF3LC2hJqnVA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7aebdfc959828da0-MIA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	35679 Show response c.adup.app/ Redirect Chain https://go.doblevialatam.com/1652519235?aff_token=pub944927d900ea4d2cad5918e3d1d5a433&aff_source=639802ce https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce	4 KB 4 KB	972ms 327ms	Document text/html	68.183.246.137 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce Requested by Host: www.mingotime.com URL: https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 68.183.246.137 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software / Express Resource Hash `1dd36507e45a264c869008dcc35aa72c8f2eeafd09530e2dc49b29966d544049` Request headers Referer https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language en-US,en;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate, proxy-revalidate content-length 3826 content-type text/html; charset=utf-8 date Tue, 28 Mar 2023 00:49:37 GMT etag W/"ef2-cR0Cft3HT4G8kuu7vVjtsHo/vWc" expires 0 pragma no-cache surrogate-control no-store vary Accept-Encoding x-powered-by Express Redirect headers cache-control no-store, no-cache, must-revalidate content-type text/html; charset=UTF-8 date Tue, 28 Mar 2023 00:49:36 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce pragma no-cache server nginx/1.20.1 x-powered-by PHP/7.3.33
GET H3	200	pica.js www.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame A247	7 KB 4 KB	40ms 39ms	Other application/javascript	2606:4700:3035::6815:51d8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:51d8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:49:36 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sTA%2Bj4jXMDwPwduE4oDK0yz4FVtcG7H1uZs7mDWAe9WSnFC8%2FLQJ3OiEOfulswWuuEgB6kmzywxjWOaXeV0ThVxe%2BS%2B6GD0vggWhRzm2r0aXqAODmWn2iBn1U9b4EtYuadXJKjbrKwI%2FWiHIw45Jiw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7aebdfc9ba918df1-MIA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	7aebdfc59b028da0 www.mingotime.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame A247	2 B 664 B	56ms 55ms	XHR text/plain	2606:4700:3035::6815:51d8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.mingotime.com/cdn-cgi/challenge-platform/h/b/cv/result/7aebdfc59b028da0 Requested by Host: www.mingotime.com URL: https://www.mingotime.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679961600 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:51d8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Content-Type application/json Response headers date Tue, 28 Mar 2023 00:49:36 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFlh8d2lpcQ0ah%2BmCHvd9qB371%2BVrtyItGAnqIPURcOUCrJlblJqa3NANIsMnn2X5HWfqph6rJpMF2GS02xcb2ODl9j%2FVetit6qX9o08GS2i4H8zOJjqPsudcj1Ep%2BLHapZO%2BwZZtp%2FWm5TFgZbcmg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 7aebdfcbae528df1-MIA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H2	200	23C28061937A035679028631npxH2 c.adup.app/c/	1 B 72 B	271ms 270ms	XHR text/html	68.183.246.137 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://c.adup.app/c/23C28061937A035679028631npxH2 Requested by Host: c.adup.app URL: https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce Protocol H2 Security TLS 1.3, , AES_128_GCM Server 68.183.246.137 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software / Express Resource Hash Request headers Referer https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers pragma no-cache date Tue, 28 Mar 2023 00:49:37 GMT x-powered-by Express surrogate-control no-store vary Accept-Encoding etag W/"1-NWoZK3kTsExUV00Ywo1G5jlUKKs" content-type text/html; charset=utf-8 cache-control no-store, no-cache, must-revalidate, proxy-revalidate content-length 1 expires 0
GET H2	200	736006a179 Show response 792a9db8.linkbooster.click/rc/	3 KB 2 KB	441ms 333ms	Document text/html	2606:4700:3037::6815:48d5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://792a9db8.linkbooster.click/rc/736006a179?affclick=23C28061937A035679028631npxH2&pubid=5fb8a Requested by Host: c.adup.app URL: https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:48d5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1cdf38590ec58c8160b3646770f252ef11e86a565e61dbcc432e6bf1ce5c8815` Request headers Referer https://c.adup.app/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7aebdfd3eddf9aba-MIA content-encoding br content-language en content-type text/html; charset=utf-8 date Tue, 28 Mar 2023 00:49:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6dU1g7EDnWwE5XbBp9vZlBCTExRqgmR62TW2StzbtjgzAW%2FRDrqcYqZAELm5wNF3UjzXW8sMVvWNUz1uM4V6AwCCrFDxRgIz1Vz1tBnbQUN2%2Fw9F9YygjEVM6eK2GfyilQLyOVQ5BLibSzHX2KQk%2BgXB5kEsF8E%2BA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding, Accept-Language, Cookie
GET H2	200	redirect.css cdn.addlnk.com/	1 KB 705 B	44ms 43ms	Stylesheet text/css	2606:4700:3030::6815:4a8d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.addlnk.com/redirect.css Requested by Host: 792a9db8.linkbooster.click URL: https://792a9db8.linkbooster.click/rc/736006a179?affclick=23C28061937A035679028631npxH2&pubid=5fb8a Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:4a8d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:49:38 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id 3MMXD1DCYJ9ENSNG age 3281 cf-polished origSize=1680 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 NjPbqudrzOW/MrS77Cnjq0smOnvxvmHL/hnxc5RwItuZa8/whGN4YSe09oEcw8cF6fS2XobNqcM= cf-bgj minify last-modified Wed, 13 Mar 2019 00:03:12 GMT server cloudflare etag W/"3ae56d32551602b41f9046c14d1cfde2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oTJi2DpALC17IXZMXAev22sEdNNWs94yJ6q78kD3LFPfShMXN0cc7a0k4fEXI0QssTVOOI1hymU36RHti7Jp8V1j6dY2nxQjglnSBmoKYZ9PiqnFv4tq5oabWlzBS8OCNCd9u6dxmrMCrNWL5g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cf-ray 7aebdfd60f2109b2-MIA
GET H2	200	invisible.js Show response 792a9db8.linkbooster.click/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 8745	27 KB 12 KB	41ms 39ms	Script application/javascript	2606:4700:3037::6815:48d5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://792a9db8.linkbooster.click/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679961600 Requested by Host: www.mingotime.com URL: https://www.mingotime.com/rc/1d7c27011f?affclick=6422399f27afb90001c7ad0f&pubid=1915 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:48d5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a7c5c5660ed3d1268369f5f937553034ae0c23f4594201c9ff476e2a652950fd` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:49:38 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xhOrskYe3CsFVgMyt9Esh64g9JdRtDOFMUq%2BzrXFhn6%2BJY4M5kKb4W6D5k9H5U0yw6eutDgtJiEZg4kTcOTpr0yuBw%2Fbm6Kq5XR28FZaRu43TEK9U%2BOCserNkaeEMxkty6UmymBtJMlUh%2BfkVS9s4wvXyO2xJRA0Bw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7aebdfd67b9e9aba-MIA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js 792a9db8.linkbooster.click/cdn-cgi/challenge-platform/h/b/scripts/ Frame 8745	7 KB 4 KB	41ms 41ms	Other application/javascript	2606:4700:3037::6815:48d5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://792a9db8.linkbooster.click/cdn-cgi/challenge-platform/h/b/scripts/pica.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:48d5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:49:38 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QR3sy3%2BAVoHjN5MsLQsNe%2FubiE8kaLuWZWYi%2Ban%2BGJyMhgKVQvC6Cluxb6WBnPPGxoHUvLtwzPjJ9UnEuRizZXNWC6BadmeJvPH%2BYaIwfvFlr3gvjnlhl8ywG6sn83rXaagbuF1jCzgjzKyPWeCFjXRl7rFJ%2F2TiIA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 7aebdfd6cb2621d3-MIA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H/1.1	200 OK	Primary Request 317194 ps.popcash.net/go/134600/ Redirect Chain https://track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=pub98f75db6badc4b94a1aac679c9aafaca&sub2=29d0f8e7_5fb8a https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=642239a2694e3c0001330b8c&s=930_29d0f8e7_5fb8a https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_29d0f8e7_5fb8a https://popcash.net/world/go/134600/317194 http://ps.popcash.net/go/134600/317194	426 B 460 B	166ms 60ms	Document text/html	44.194.19.196
General Check archive.org Show headers Download Go to Full URL http://ps.popcash.net/go/134600/317194 Requested by Host: 792a9db8.linkbooster.click URL: https://792a9db8.linkbooster.click/rc/736006a179?affclick=23C28061937A035679028631npxH2&pubid=5fb8a Protocol HTTP/1.1 Server 44.194.19.196 -, , ASN (), Reverse DNS Software nginx / Resource Hash Request headers Referer https://792a9db8.linkbooster.click/rc/736006a179?affclick=23C28061937A035679028631npxH2&pubid=5fb8a Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Length 272 Content-Type text/html Date Tue, 28 Mar 2023 00:49:40 GMT Server nginx Vary Accept-Encoding Redirect headers cf-cache-status DYNAMIC cf-ray 7aebdfe00b2802e4-MIA content-length 162 content-type text/html date Tue, 28 Mar 2023 00:49:39 GMT location http://ps.popcash.net/go/134600/317194 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2Fx1s1%2FdcUuVbM%2FwoyCup4ybIntS2wX5YEHsnm8Osb6WhrCI6pbanOs9L76Fa5E6jmX7Fmy%2FoqSessFtIewlrt4BhC0Rw9BuOui4i06EKQGk5x17mb889J7CFOUFywGqraerVBQWLzQe"}],"group":"cf-nel","max_age":604800} server cloudflare
POST H3	200	7aebdfd3eddf9aba 792a9db8.linkbooster.click/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 8745	2 B 675 B	64ms 62ms	XHR text/plain	2606:4700:3037::6815:48d5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://792a9db8.linkbooster.click/cdn-cgi/challenge-platform/h/b/cv/result/7aebdfd3eddf9aba Requested by Host: 792a9db8.linkbooster.click URL: https://792a9db8.linkbooster.click/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679961600 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:48d5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Content-Type application/json Response headers date Tue, 28 Mar 2023 00:49:38 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86MyonhoBeEDc8tsjEO7axHJenHUIgQiAL4xcZYyz65xpB1Uz2ZvSPJl9zGT8UWDIeSr1%2Bb2vw9G7i6%2F%2BzsNznQxxdQ82ci1nBult8i9EzezBNkwxIXbOWoaku%2FKc5qDFpX1qfhkk2KwrCqVMnF4XGoJO7XzZH0ZVQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 7aebdfd8be8421d3-MIA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET		smart floweryduck.cc/ Redirect Chain http://ps.popcash.net/ad/ad?p=134600&w=317194&t=47b2b6cecf0f04f9&r=&vw=1600&vh=1200 https://floweryduck.cc/smart?p=6S36gzrUCrHarZZkgCcPWQ2bbFaKnmmtLc3aRqmN4H&s=317194	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: floweryduck.cc
URL: https://floweryduck.cc/smart?p=6S36gzrUCrHarZZkgCcPWQ2bbFaKnmmtLc3aRqmN4H&s=317194

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
track.amcmpn.com/	1970-01-20 19:25:00	Name: afclick Value: 6422399f27afb90001c7ad0f
track.amcmpn.com/	1970-01-20 19:25:00	Name: afoffers Value: {"33149":1679964575}
www.mingotime.com/	1970-01-20 10:49:29	Name: AWSALB Value: tiu/ECOCqao3Go3dPy6J2ZRN350nBB1+1a+jKn/lkSli7iP4fkQy2v8mBOAWj+fERg2wwxR6OR/744wiOes30DNhT+HB7br1ZHOJbXoMubTp4l9kNg/aW8HqCW4c
.mingotime.com/	1970-01-20 10:39:26	Name: __cf_bm Value: oEvfR.bxWXAvKu9XydPWJew8nIb2_merW6K5hMqxuoU-1679964576-0-AdpYSSKNCKDTSa1tKIkVGiuO6lv+FJqVlWvky1yFIfequTsoXp27/MgGZr8cs5xx94I0akGGQV/ghdmslSmcEgLJYTeyBwewewZ7TOPrGqHfUj8PX8RwiFQ+LgGPTATZzw==
go.doblevialatam.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: u7bo3phi1td6utan9or13qmlke
792a9db8.linkbooster.click/	1970-01-20 10:49:29	Name: AWSALB Value: yj7nWy+WkMiZqIICxqclu9srbj/J+8AMXBocMPYJDYLT8fP3eiNq2A/HWK2BJIP92b/W9yMSbh3tNrywduV5xrZ9V7gSqM5xv+fGZGxerDK4xpUc2nSBWPBx11Hu
.linkbooster.click/	1970-01-20 10:39:26	Name: __cf_bm Value: TEY1Cm9BH9WOJ9IFfRf2gC9bZ2LDnpIe7GDKH3PJMIQ-1679964578-0-AdyPPgves2l/1ZKl/k+MizCWlBj7D2KQalKoUKVc45f5tTvuUrlVCPV+ogxE3IiTCn2ZGW2Mkw6qWOoVit8C9twbLcxqWhXPceNqX8U+hhp36ibLubThX8Mws3iOXCNSdQ==
track.gositego.live/	1970-01-20 19:25:00	Name: afclick Value: 642239a2694e3c0001330b8c

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	error	URL: https://c.adup.app/35679?token=d30a48029eb4119c4ce02df2&subid=0278-f5eb87a0ce(Line 1) Message: Failed to set referrer policy: The value 'no-referer' is not one of 'always', 'default', 'never', 'origin-when-crossorigin', 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

792a9db8.linkbooster.click
bureause.creditscorereports.us
c.adup.app
cdn.addlnk.com
floweryduck.cc
go.doblevialatam.com
popcash.net
ps.popcash.net
ron.trffclb.com
t3.blowingwnd.com
track.amcmpn.com
track.gositego.live
www.mingotime.com
floweryduck.cc
162.242.198.222
207.244.242.113
2606:4700:3030::6815:4a8d
2606:4700:3035::6815:3426
2606:4700:3035::6815:51d8
2606:4700:3037::6815:48d5
34.141.179.97
34.91.142.64
44.194.19.196
51.161.115.163
51.83.143.92
68.183.246.137
1cdf38590ec58c8160b3646770f252ef11e86a565e61dbcc432e6bf1ce5c8815
1dd36507e45a264c869008dcc35aa72c8f2eeafd09530e2dc49b29966d544049
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
a7c5c5660ed3d1268369f5f937553034ae0c23f4594201c9ff476e2a652950fd
c80eb7688e915769813e0a8513f3d8af0eaca2f9f7135fb7cfe4340d7951ae78

ps.popcash.net Open in urlscan Pro 44.194.19.196 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

14 Requests

86 %HTTPS

33 %IPv6

12 Domains

13 Subdomains

6 IPs

5 Countries

44 kBTransfer

83 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

8 Cookies

1 Console Messages

Indicators

ps.popcash.net Open in urlscan Pro
44.194.19.196 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

86 %
HTTPS

33 %
IPv6

12
Domains

13
Subdomains

6
IPs

5
Countries

44 kB
Transfer

83 kB
Size

8
Cookies

14 HTTP transactions
0 data transactions