clk.tradedoubler.com Open in urlscan Pro
52.17.153.202 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.ainans.com/rc/79971c7567?affclick=kGB25GP20000V81003530OTO204NT8WF0MIP1LRac6TU00O604NT800&pubid=MmwxV21BM3F...
Effective URL:
https://clk.tradedoubler.com/click?p=284851&a=3045055&g=24095694
Submission: On October 29 via manual (October 29th 2018, 1:12:00 am UTC) from IN

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 10 domains to perform 12 HTTP transactions. The main IP is 52.17.153.202, located in Dublin, Ireland and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is clk.tradedoubler.com.
TLS certificate: Issued by GlobalSign Domain Validation CA - SHA... on September 28th 2015. Valid for: 3 years.

This is the only time clk.tradedoubler.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:30:... 2606:4700:30::ac40:aa24	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2606:4700:30:... 2606:4700:30::ac40:6c24	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	52.70.252.235 52.70.252.235	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	34.237.48.183 34.237.48.183	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	34.196.152.168 34.196.152.168	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	2606:4700:10:... 2606:4700:10::6814:812e	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 2	18.214.7.142 18.214.7.142	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.2.253.219 52.2.253.219	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	136.243.6.169 136.243.6.169	24940 (HETZNER-AS) (HETZNER-AS)
1 3	144.76.85.254 144.76.85.254	24940 (HETZNER-AS) (HETZNER-AS)
1 1	18.232.226.105 18.232.226.105	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.17.153.202 52.17.153.202	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
12	9

1 2606:4700:30::ac40:aa24 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.ainans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:30::ac40:6c24 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.70.252.235 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-70-252-235.compute-1.amazonaws.com

sax.peakonspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.237.48.183 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-237-48-183.compute-1.amazonaws.com

cgg.peakexc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.196.152.168 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-196-152-168.compute-1.amazonaws.com

tys.peakonsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:812e (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.214.7.142 (Cambridge, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-214-7-142.compute-1.amazonaws.com

sp.popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.2.253.219 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-2-253-219.compute-1.amazonaws.com

xml.auxml.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 136.243.6.169 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: sync.1dmp.io

sync.1dmp.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 144.76.85.254 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.254.85.76.144.clients.your-server.de

x01.aidata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.232.226.105 (Cambridge, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-232-226-105.compute-1.amazonaws.com

xml.auxml.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.153.202 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-17-153-202.eu-west-1.compute.amazonaws.com

clk.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	aidata.io 1 redirects x01.aidata.io	11 KB
3	popcash.net 2 redirects popcash.net sp.popcash.net	1 KB
2	1dmp.io 1 redirects sync.1dmp.io	774 B
2	auxml.com 1 redirects xml.auxml.com	1 KB
2	peakexc.com cgg.peakexc.com	3 KB
2	addlnk.com cdn.addlnk.com	2 KB
1	tradedoubler.com clk.tradedoubler.com vht.tradedoubler.com Failed	3 KB
1	peakonsrv.com 1 redirects tys.peakonsrv.com	740 B
1	peakonspot.com 1 redirects sax.peakonspot.com	449 B
1	ainans.com www.ainans.com	1 KB
12	10

	Domain	Requested by
3	x01.aidata.io	1 redirects xml.auxml.com
2	sync.1dmp.io	1 redirects xml.auxml.com
2	xml.auxml.com	1 redirects sp.popcash.net
2	sp.popcash.net	1 redirects cgg.peakexc.com
2	cgg.peakexc.com	cdn.addlnk.com cgg.peakexc.com
2	cdn.addlnk.com	www.ainans.com
1	clk.tradedoubler.com	xml.auxml.com
1	popcash.net	1 redirects
1	tys.peakonsrv.com	1 redirects
1	sax.peakonspot.com	1 redirects
1	www.ainans.com
0	vht.tradedoubler.com Failed	clk.tradedoubler.com
12	12

This site contains no links.

Subject Issuer	Validity	Valid
cgg.peakexc.com COMODO RSA Domain Validation Secure Server CA	`2018-04-05` - `2019-04-05`	a year	crt.sh
*.auxml.com Let's Encrypt Authority X3	`2018-10-26` - `2019-01-24`	3 months	crt.sh
sync.1dmp.io Let's Encrypt Authority X3	`2018-09-30` - `2018-12-29`	3 months	crt.sh
my.aidata.me COMODO RSA Domain Validation Secure Server CA	`2018-03-12` - `2019-03-18`	a year	crt.sh
*.tradedoubler.com GlobalSign Domain Validation CA - SHA256 - G2	`2015-09-28` - `2018-12-28`	3 years	crt.sh

This page contains 2 frames:

Primary Page: https://clk.tradedoubler.com/click?p=284851&a=3045055&g=24095694
Frame ID: C5A4A4E3080F3B3E9CA24915832750BB
Requests: 11 HTTP requests in this frame

Frame: https://x01.aidata.io/stats?pixel=PLATFORMIO&id=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&v=1540775514776&pid=PLATFORMIO&js=1&bounce=1&pid=PLATFORMIO&js=1&sid=f840fddfb58c4699a6c12786bf2c8917&payload=%7B%22event%22%3A%22referrer%22%2C%22type%22%3A%22referrer%22%2C%22data%22%3A%7B%22value%22%3A%22http%3A//sp.popcash.net/go/161339/429757%22%7D%7D
Frame ID: A4249FF3015CEC085D0D874D1171FB41
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.ainans.com/rc/79971c7567?affclick=kGB25GP20000V81003530OTO204NT8WF0MIP1LRac6TU00O604NT8... Page URL
https://sax.peakonspot.com/dep.php?pid=6621&cid=pubf58d6fdb70a34d98bbf1ef9e8fc4a33b&subid=68cee9b9_Mmwx... HTTP 302
https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621 Page URL
https://tys.peakonsrv.com/?&version=1&id=15407755103256126341409981&tid=6621&sr=ep&ftype=js&filter=1&n... HTTP 302
https://popcash.net/world/go/161339/429757 HTTP 301
http://sp.popcash.net/go/161339/429757 Page URL
http://sp.popcash.net/sgo/ad?p=161339&w=429757&t=4c15cef92f7bf721&r=&vw=1600&vh=1200 HTTP 303
https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b5... Page URL
http://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b5... HTTP 302
https://clk.tradedoubler.com/click?p=284851&a=3045055&g=24095694 Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i

Page Statistics

12
Requests

58 %
HTTPS

25 %
IPv6

10
Domains

12
Subdomains

9
IPs

3
Countries

21 kB
Transfer

25 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.ainans.com/rc/79971c7567?affclick=kGB25GP20000V81003530OTO204NT8WF0MIP1LRac6TU00O604NT800&pubid=MmwxV21BM3FBSEE9_... Page URL
https://sax.peakonspot.com/dep.php?pid=6621&cid=pubf58d6fdb70a34d98bbf1ef9e8fc4a33b&subid=68cee9b9_MmwxV21BM3FBSEE9_... HTTP 302
https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621 Page URL
https://tys.peakonsrv.com/?&version=1&id=15407755103256126341409981&tid=6621&sr=ep&ftype=js&filter=1&nf=14&trs=15407755117073547&end=1&fwidth=1600&fheight=1200&fiframe=false&fiframesandbox=undefined&rfp= HTTP 302
https://popcash.net/world/go/161339/429757 HTTP 301
http://sp.popcash.net/go/161339/429757 Page URL
http://sp.popcash.net/sgo/ad?p=161339&w=429757&t=4c15cef92f7bf721&r=&vw=1600&vh=1200 HTTP 303
https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775 Page URL
http://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775&token=98e63a90f2e1687e45362b5fb066ab0e HTTP 302
https://clk.tradedoubler.com/click?p=284851&a=3045055&g=24095694 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://sax.peakonspot.com/dep.php?pid=6621&cid=pubf58d6fdb70a34d98bbf1ef9e8fc4a33b&subid=68cee9b9_MmwxV21BM3FBSEE9_... HTTP 302
https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621

Request Chain 5

https://tys.peakonsrv.com/?&version=1&id=15407755103256126341409981&tid=6621&sr=ep&ftype=js&filter=1&nf=14&trs=15407755117073547&end=1&fwidth=1600&fheight=1200&fiframe=false&fiframesandbox=undefined&rfp= HTTP 302
https://popcash.net/world/go/161339/429757 HTTP 301
http://sp.popcash.net/go/161339/429757

Request Chain 6

http://sp.popcash.net/sgo/ad?p=161339&w=429757&t=4c15cef92f7bf721&r=&vw=1600&vh=1200 HTTP 303
https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775

Request Chain 7

https://sync.1dmp.io/pixel.gif?cid=01588c02-4268-4040-922a-2deb7e2efe79&brid=9ccde4d1-b6dd-4702-86fe-21c5dece65d0&pid=w&uid=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835 HTTP 302
https://sync.1dmp.io/pixel.gif?cid=01588c02-4268-4040-922a-2deb7e2efe79&brid=9ccde4d1-b6dd-4702-86fe-21c5dece65d0&pid=w&uid=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&cs=1

Request Chain 8

https://x01.aidata.io/pixel.js?pixel=PLATFORMIO&id=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&v=1540775514776 HTTP 302
https://x01.aidata.io/pixel.js?pixel=PLATFORMIO&id=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&v=1540775514776&pid=PLATFORMIO&js=1&bounce=1

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set 79971c7567 Show response www.ainans.com/rc/	979 B 1 KB	56ms 51ms	Document text/html	2606:4700:30::ac40:aa24 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://www.ainans.com/rc/79971c7567?affclick=kGB25GP20000V81003530OTO204NT8WF0MIP1LRac6TU00O604NT800&pubid=MmwxV21BM3FBSEE9_... Protocol HTTP/1.1 Server 2606:4700:30::ac40:aa24 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `29627238c0e332b67a6150be0b6b9c744dc9dc9b0d2f285e1f92ef507bf1d234` Request headers Host www.ainans.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 29 Oct 2018 01:11:50 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=d9655e34dbc7d23636e21073de66a43bd1540775510; expires=Tue, 29-Oct-19 01:11:50 GMT; path=/; domain=.ainans.com; HttpOnly AWSELB=15D73F410E5FA483605B347B65C4FEB7F037FB60950E7359F9D3EDF9C78A40BFC522B5B66943C9871FFE5B39CF0B560B3DF4CA1F528C38CB82EF25B279B44BF93740FEE512;PATH=/;MAX-AGE=360 Cache-control no-cache="set-cookie" Content-Language en-us Vary Accept-Encoding,Accept-Language,Cookie Server cloudflare CF-RAY 4711c53995ba63eb-FRA Content-Encoding gzip
GET H/1.1	200 OK	redirect.css cdn.addlnk.com/	1 KB 1 KB	15ms 8ms	Stylesheet text/css	2606:4700:30::ac40:6c24 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://cdn.addlnk.com/redirect.css Requested by Host: www.ainans.com URL: http://www.ainans.com/rc/79971c7567?affclick=kGB25GP20000V81003530OTO204NT8WF0MIP1LRac6TU00O604NT800&pubid=MmwxV21BM3FBSEE9_... Protocol HTTP/1.1 Server 2606:4700:30::ac40:6c24 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 29 Oct 2018 01:11:50 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Tue, 12 Jun 2018 15:14:20 GMT Server cloudflare x-amz-request-id 39D14491A6DD8D36 ETag W/"3ae56d32551602b41f9046c14d1cfde2" Vary Accept-Encoding x-amz-id-2 FQbKyS2WNrp8qMKgwJRGlt6eP4jItCw4wIWur9hl+/P/bXU6UZS8SLK1znSkcA2lzPDCdbFSbhg= Content-Type text/css Transfer-Encoding chunked Connection keep-alive CF-RAY 4711c53a0591c27e-FRA Cf-Polished origSize=1680 Cf-Bgj minify
GET H/1.1	200 OK	app.js Show response cdn.addlnk.com/	436 B 957 B	14ms 8ms	Script application/javascript	2606:4700:30::ac40:6c24 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://cdn.addlnk.com/app.js Requested by Host: www.ainans.com URL: http://www.ainans.com/rc/79971c7567?affclick=kGB25GP20000V81003530OTO204NT8WF0MIP1LRac6TU00O604NT800&pubid=MmwxV21BM3FBSEE9_... Protocol HTTP/1.1 Server 2606:4700:30::ac40:6c24 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `025bc1088c56914113594c058e87400102700f802d3455b0a7039915bd47d494` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 29 Oct 2018 01:11:50 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Wed, 04 Jul 2018 00:27:37 GMT Server cloudflare x-amz-request-id F8E8CDC488E1BE1D ETag W/"4b536df3016f4c5296b2426f05812989" Vary Accept-Encoding x-amz-id-2 IijKCbVbYp5oMz0+xosK2jd2m3ihMmkrhED9vjHV3fIB7zAK9FD9a3oqLfowRqDwB+Q3AcV1HW0= Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive CF-RAY 4711c53a07e1c2dd-FRA Cf-Polished origSize=516 Cf-Bgj minify
GET H/1.1	200 OK	fep.php Show response cgg.peakexc.com/ Redirect Chain https://sax.peakonspot.com/dep.php?pid=6621&cid=pubf58d6fdb70a34d98bbf1ef9e8fc4a33b&subid=68cee9b9_MmwxV21BM3FBSEE9_... https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621	8 KB 3 KB	423ms 102ms	Document text/html	34.237.48.183 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621 Requested by Host: cdn.addlnk.com URL: http://cdn.addlnk.com/app.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.237.48.183 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-34-237-48-183.compute-1.amazonaws.com Software nginx / Resource Hash `b3f54130786739e8873b2de473fdeaa4fbb45297c56e8d3e61d4fa071281f4b0` Request headers Host cgg.peakexc.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Cache-Control no-store, no-cache, must-revalidate Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 29 Oct 2018 01:11:51 GMT Expires Sat, 26 Jul 1997 05:00:00 GMT Server nginx Content-Length 2914 Connection keep-alive Redirect headers Cache-Control no-cache, must-revalidate Content-Type text/html; charset=UTF-8 Date Mon, 29 Oct 2018 01:11:50 GMT Expires Sat, 26 Jul 1997 05:00:00 GMT Location https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621 Server nginx Set-Cookie uuid=15407755107333867860957981; expires=Wed, 28-Nov-2018 01:11:50 GMT; Max-Age=2592000 Content-Length 0 Connection keep-alive
POST H/1.1	200 OK	li.php cgg.peakexc.com/	0 199 B	103ms 102ms	XHR text/html	34.237.48.183 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cgg.peakexc.com/li.php Requested by Host: cgg.peakexc.com URL: https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.237.48.183 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-34-237-48-183.compute-1.amazonaws.com Software nginx / Resource Hash Request headers Pragma no-cache Origin https://cgg.peakexc.com Accept-Encoding gzip, deflate Host cgg.peakexc.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/json Accept / Cache-Control no-cache Referer https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621 Connection keep-alive Content-Length 50 Referer https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621 Origin https://cgg.peakexc.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/json Response headers Date Mon, 29 Oct 2018 01:11:52 GMT Content-Encoding gzip Server nginx Connection keep-alive Content-Length 20 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	429757 sp.popcash.net/go/161339/ Redirect Chain https://tys.peakonsrv.com/?&version=1&id=15407755103256126341409981&tid=6621&sr=ep&ftype=js&filter=1&nf=14&trs=15407755117073547&end=1&fwidth=1600&fheight=1200&fiframe=false&fiframesandbox=undefine... https://popcash.net/world/go/161339/429757 http://sp.popcash.net/go/161339/429757	427 B 486 B	230ms 101ms	Document text/html	18.214.7.142 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://sp.popcash.net/go/161339/429757 Requested by Host: cgg.peakexc.com URL: https://cgg.peakexc.com/fep.php?rd=tys.peakonsrv.com&sr=ep&id=15407755103256126341409981&tid=6621 Protocol HTTP/1.1 Server 18.214.7.142 Cambridge, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-18-214-7-142.compute-1.amazonaws.com Software nginx/1.15.5 / Resource Hash Request headers Host sp.popcash.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Cookie __cfduid=df00b7427f9b31809d7941bcb1f1464051540775513 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Encoding gzip Content-Type text/html Date Mon, 29 Oct 2018 01:11:53 GMT Server nginx/1.15.5 Vary Accept-Encoding transfer-encoding chunked Connection keep-alive Redirect headers status 301 date Mon, 29 Oct 2018 01:11:53 GMT content-type text/html content-length 169 set-cookie __cfduid=df00b7427f9b31809d7941bcb1f1464051540775513; expires=Tue, 29-Oct-19 01:11:53 GMT; path=/; domain=.popcash.net; HttpOnly location http://sp.popcash.net/go/161339/429757 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 4711c54ce826c2c9-FRA
GET H2	200	log Show response xml.auxml.com/ Redirect Chain http://sp.popcash.net/sgo/ad?p=161339&w=429757&t=4c15cef92f7bf721&r=&vw=1600&vh=1200 https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775	2 KB 1 KB	784ms 565ms	Document text/html	52.2.253.219 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775 Requested by Host: sp.popcash.net URL: http://sp.popcash.net/go/161339/429757 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.2.253.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-2-253-219.compute-1.amazonaws.com Software openresty/1.13.6.2 / Resource Hash `698be07b73a21cfd6fc880375c6d235abaaef6e6110535a8c6bb8a806fbdebf5` Request headers :method GET :authority xml.auxml.com :scheme https :path /log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 referer http://sp.popcash.net/go/161339/429757 accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://sp.popcash.net/go/161339/429757 Response headers status 200 server openresty/1.13.6.2 date Mon, 29 Oct 2018 01:11:54 GMT content-type text/html;charset=UTF-8 content-encoding gzip Redirect headers Content-Type text/html; charset=utf-8 Date Mon, 29 Oct 2018 01:11:53 GMT Location https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775#pc190434 Server nginx/1.15.5 Content-Length 183 Connection keep-alive
GET H/1.1	200 OK	pixel.gif sync.1dmp.io/ Redirect Chain https://sync.1dmp.io/pixel.gif?cid=01588c02-4268-4040-922a-2deb7e2efe79&brid=9ccde4d1-b6dd-4702-86fe-21c5dece65d0&pid=w&uid=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835 https://sync.1dmp.io/pixel.gif?cid=01588c02-4268-4040-922a-2deb7e2efe79&brid=9ccde4d1-b6dd-4702-86fe-21c5dece65d0&pid=w&uid=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&cs=1	35 B 270 B	5ms 5ms	Image image/gif	136.243.6.169 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://sync.1dmp.io/pixel.gif?cid=01588c02-4268-4040-922a-2deb7e2efe79&brid=9ccde4d1-b6dd-4702-86fe-21c5dece65d0&pid=w&uid=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&cs=1 Requested by Host: xml.auxml.com URL: https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 136.243.6.169 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS sync.1dmp.io Software nginx / Resource Hash `8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015` Request headers Referer https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 29 Oct 2018 01:11:54 GMT Cache-Control private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate Server nginx Connection keep-alive Content-Type image/gif Content-Length 35 Expires 0 Redirect headers Location /pixel.gif?cid=01588c02-4268-4040-922a-2deb7e2efe79&brid=9ccde4d1-b6dd-4702-86fe-21c5dece65d0&pid=w&uid=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&cs=1 Date Mon, 29 Oct 2018 01:11:54 GMT Cache-Control private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate Server nginx Connection keep-alive Content-Length 0 Expires 0
GET H/1.1	200 OK	pixel.js Show response x01.aidata.io/ Redirect Chain https://x01.aidata.io/pixel.js?pixel=PLATFORMIO&id=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&v=1540775514776 https://x01.aidata.io/pixel.js?pixel=PLATFORMIO&id=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&v=1540775514776&pid=PLATFORMIO&js=1&bounce=1	10 KB 10 KB	2ms 1ms	Script application/javascript	144.76.85.254 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://x01.aidata.io/pixel.js?pixel=PLATFORMIO&id=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&v=1540775514776&pid=PLATFORMIO&js=1&bounce=1 Requested by Host: xml.auxml.com URL: https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.76.85.254 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.254.85.76.144.clients.your-server.de Software nginx / Resource Hash `7c792ece21b16447178a763a0157d1b1f44d77b5359cf1636874be7265459830` Request headers Referer https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Mon, 29 Oct 2018 01:11:54 GMT Last-Modified Mon, 29 Oct 2018 01:11:53 GMT Server nginx Transfer-Encoding chunked P3P CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA' Cache-Control no-cache, no-store, must-revalidate, post-check=0, pre-check=0 Connection keep-alive Content-Type application/javascript Expires Mon, 29 Oct 2018 01:11:53 GMT Redirect headers Pragma no-cache Date Mon, 29 Oct 2018 01:11:54 GMT Last-Modified Mon, 29 Oct 2018 01:11:53 GMT Server nginx P3P CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA' Location https://x01.aidata.io/pixel.js?pixel=PLATFORMIO&id=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&v=1540775514776&pid=PLATFORMIO&js=1&bounce=1 Cache-Control no-cache, no-store, must-revalidate, post-check=0, pre-check=0 Connection keep-alive Content-Length 0 Expires Mon, 29 Oct 2018 01:11:53 GMT
GET H/1.1	204 No Content	stats x01.aidata.io/ Frame A424	0 103 B	3ms 0ms	Image text/plain	144.76.85.254 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://x01.aidata.io/stats?pixel=PLATFORMIO&id=desktop%3Aac7d31b99e1ed0fd9ee2e90fa1164835&v=1540775514776&pid=PLATFORMIO&js=1&bounce=1&pid=PLATFORMIO&js=1&sid=f840fddfb58c4699a6c12786bf2c8917&payload=%7B%22event%22%3A%22referrer%22%2C%22type%22%3A%22referrer%22%2C%22data%22%3A%7B%22value%22%3A%22http%3A//sp.popcash.net/go/161339/429757%22%7D%7D Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.76.85.254 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.254.85.76.144.clients.your-server.de Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Connection keep-alive Date Mon, 29 Oct 2018 01:11:54 GMT Server nginx
GET H/1.1	200 OK	Primary Request Cookie set click Show response clk.tradedoubler.com/ Redirect Chain http://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775&token=98e63a90f2e1687e45362b5fb066ab0e https://clk.tradedoubler.com/click?p=284851&a=3045055&g=24095694	2 KB 3 KB	133ms 28ms	Document text/html	52.17.153.202 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://clk.tradedoubler.com/click?p=284851&a=3045055&g=24095694 Requested by Host: xml.auxml.com URL: https://xml.auxml.com/log?action=click&key=1287-popcash-non-adult-87a92947-0ac2-44c4-a570-76c872b516cd&strategy=155169&ts=1540775513775 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.17.153.202 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-52-17-153-202.eu-west-1.compute.amazonaws.com Software TXServerHttp / Resource Hash `55a823ccd88c26afc315cc6b20dbc61bce957cf45cb490c9d8c48fc223310f30` Request headers Host clk.tradedoubler.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Access-Control-Allow-Origin * Cache-Control private, max-age=0 Content-Type text/html; charset=ISO-8859-1 Date Mon, 29 Oct 2018 01:11:55 GMT P3P policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR" Pragma no-cache Server TXServerHttp Set-Cookie SYNC=1z11zzYrz195PBXzy1540775515664;expires=Tue, 29-Oct-2019 01:11:55 GMT;path=/;domain=.tradedoubler.com Content-Length 2252 Connection keep-alive Redirect headers Server openresty/1.13.6.2 Date Mon, 29 Oct 2018 01:11:55 GMT Content-Length 0 Connection keep-alive Location https://clk.tradedoubler.com/click?p=284851&a=3045055&g=24095694
GET		prefs.js vht.tradedoubler.com/fp/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: vht.tradedoubler.com
URL: https://vht.tradedoubler.com/fp/prefs.js

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.addlnk.com
cgg.peakexc.com
clk.tradedoubler.com
popcash.net
sax.peakonspot.com
sp.popcash.net
sync.1dmp.io
tys.peakonsrv.com
vht.tradedoubler.com
www.ainans.com
x01.aidata.io
xml.auxml.com
vht.tradedoubler.com
136.243.6.169
144.76.85.254
18.214.7.142
18.232.226.105
2606:4700:10::6814:812e
2606:4700:30::ac40:6c24
2606:4700:30::ac40:aa24
34.196.152.168
34.237.48.183
52.17.153.202
52.2.253.219
52.70.252.235
025bc1088c56914113594c058e87400102700f802d3455b0a7039915bd47d494
29627238c0e332b67a6150be0b6b9c744dc9dc9b0d2f285e1f92ef507bf1d234
55a823ccd88c26afc315cc6b20dbc61bce957cf45cb490c9d8c48fc223310f30
698be07b73a21cfd6fc880375c6d235abaaef6e6110535a8c6bb8a806fbdebf5
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
7c792ece21b16447178a763a0157d1b1f44d77b5359cf1636874be7265459830
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
b3f54130786739e8873b2de473fdeaa4fbb45297c56e8d3e61d4fa071281f4b0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

clk.tradedoubler.com Open in urlscan Pro 52.17.153.202 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

58 %HTTPS

25 %IPv6

10 Domains

12 Subdomains

9 IPs

3 Countries

21 kBTransfer

25 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

clk.tradedoubler.com Open in urlscan Pro
52.17.153.202 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

58 %
HTTPS

25 %
IPv6

10
Domains

12
Subdomains

9
IPs

3
Countries

21 kB
Transfer

25 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions