0.nextyourcontent.com Open in urlscan Pro
2606:4700:30::6812:3f1c Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ladsblue.com/j3j2ek3n?key=76fbb293d1159a250669b2ce2471769b
Effective URL:
https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-8975...
Submission: On December 14 via api (December 14th 2019, 11:04:24 pm UTC) from US

Summary HTTP 18 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 12 IPs in 5 countries across 15 domains to perform 18 HTTP transactions. The main IP is 2606:4700:30::6812:3f1c, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is 0.nextyourcontent.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on September 20th 2019. Valid for: 6 months.

This is the only time 0.nextyourcontent.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	198.134.112.244 198.134.112.244	27257 (WEBAIR-IN...) (WEBAIR-INTERNET - Webair Internet Development Company Inc.)
1 1	149.202.65.142 149.202.65.142	16276 (OVH) (OVH)
1	78.140.165.10 78.140.165.10	35415 (WEBZILLA) (WEBZILLA)
2 2	107.21.145.111 107.21.145.111	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	104.18.4.47 104.18.4.47	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	34.231.89.205 34.231.89.205	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	35.227.196.138 35.227.196.138	15169 (GOOGLE) (GOOGLE - Google LLC)
2	104.20.47.123 104.20.47.123	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2606:4700:30:... 2606:4700:30::6812:3f1c	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:825::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
18	12

1 198.134.112.244 (Garden City, United States) 1 redirects

ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US)

ladsblue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.202.65.142 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: 149-202-65-142.serverhub.ru

149.202.65.142	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.140.165.10 (Netherlands)

ASN35415 (WEBZILLA, NL)

mob1ledev1ces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.21.145.111 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-107-21-145-111.compute-1.amazonaws.com

reroplittrewheck.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.4.47 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ticcopioidyou.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.231.89.205 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-231-89-205.compute-1.amazonaws.com

news-easy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.196.138 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 138.196.227.35.bc.googleusercontent.com

www.performanceonclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.20.47.123 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

feed.r-tb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.r-tb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:30::6812:3f1c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

0.nextyourcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	nextyourcontent.com 0.nextyourcontent.com	4 KB
3	news-easy.com 1 redirects news-easy.com	142 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	r-tb.com feed.r-tb.com t.r-tb.com	871 B
2	performanceonclick.com 1 redirects www.performanceonclick.com	4 KB
2	gstatic.com fonts.gstatic.com	20 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	ticcopioidyou.info ticcopioidyou.info	30 KB
2	reroplittrewheck.pro 2 redirects reroplittrewheck.pro	942 B
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	191 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	160 B
1	googletagmanager.com www.googletagmanager.com	27 KB
1	mob1ledev1ces.com mob1ledev1ces.com	6 KB
1	ladsblue.com 1 redirects ladsblue.com	550 B
18	15

	Domain	Requested by
3	0.nextyourcontent.com	www.performanceonclick.com 0.nextyourcontent.com
3	news-easy.com	1 redirects ticcopioidyou.info news-easy.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	www.performanceonclick.com	1 redirects news-easy.com
2	fonts.gstatic.com	0.nextyourcontent.com
2	fonts.googleapis.com	ticcopioidyou.info 0.nextyourcontent.com
2	ticcopioidyou.info	mob1ledev1ces.com ticcopioidyou.info
2	reroplittrewheck.pro	2 redirects
1	www.google.de	0.nextyourcontent.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	www.googletagmanager.com	0.nextyourcontent.com
1	t.r-tb.com	news-easy.com
1	feed.r-tb.com	news-easy.com
1	mob1ledev1ces.com
1	ladsblue.com	1 redirects
18	16

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-17` - `2020-10-09`	a year	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
news-easy.com Let's Encrypt Authority X3	`2019-10-22` - `2020-01-20`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
ssl367514.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-19` - `2020-03-27`	6 months	crt.sh
sni110177.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-20` - `2020-03-28`	6 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-897541_zone-2575139-2705239445-0&utm_medium=isp-WorldStream%20B.V.&utm_campaign=ssp-Coinis&utm_content=geo-NL_Amsterdam&acsc=113266964
Frame ID: D5D102FB753A1B3EC8159A7103B53939
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ladsblue.com/j3j2ek3n?key=76fbb293d1159a250669b2ce2471769b HTTP 302
http://149.202.65.142/6SQ1p72g HTTP 302
http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword= Page URL
https://reroplittrewheck.pro/redirect?tid=754576&subid=24717&puid=AGBq9V2NYAAAV-cBAE5MNAASAJ2m4XYA HTTP 302
https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe... Page URL
https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=24717 HTTP 302
https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=8017... Page URL
https://news-easy.com/RU7WIP7-iPRAaN-ynfn6gV0zQ1FCmDJFhWduEvdBhFY?clck=QSFz4mTnyyooC4_wbM9Ck4ONTFE... HTTP 302
http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=2dSRJ2xcP2uOxXzQ3-9Cv1nQcT9EGddz7n-5vX-f... Page URL
http://www.performanceonclick.com/jump/next.php?stamat=m%7C%2C%2CwjYjtjfToGU3B_-GH0dEdHP3xP.c75%2CKhD9okOei-31... HTTP 302
https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

18
Requests

89 %
HTTPS

50 %
IPv6

15
Domains

16
Subdomains

12
IPs

5
Countries

252 kB
Transfer

451 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://${mbj.pixel_url}/ad/visit.php?al=1
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ladsblue.com/j3j2ek3n?key=76fbb293d1159a250669b2ce2471769b HTTP 302
http://149.202.65.142/6SQ1p72g HTTP 302
http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword= Page URL
https://reroplittrewheck.pro/redirect?tid=754576&subid=24717&puid=AGBq9V2NYAAAV-cBAE5MNAASAJ2m4XYA HTTP 302
https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL Page URL
https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=24717 HTTP 302
https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD Page URL
https://news-easy.com/RU7WIP7-iPRAaN-ynfn6gV0zQ1FCmDJFhWduEvdBhFY?clck=QSFz4mTnyyooC4_wbM9Ck4ONTFEnD9BDpcvpb2fdNfZEE7dOw13IdgeJEzVw1SHGG6hCpdWhBfxGgtkW1_THsALLkQ3hjuCsguRlvSzu8IDLqzRqxMKi7C7ZTYie-OsZFyJHBBvPwehHlRgSBlnCk4hPubqWnIrrLPbMAu2UFJ4RyLG6oD3X2NVhyYSF0l91&sid=mekito_wp_1010_broad_all_desktop HTTP 302
http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=2dSRJ2xcP2uOxXzQ3-9Cv1nQcT9EGddz7n-5vX-fK9I7fQ5Lbtgu3TWApqjSXVFTlGFH9DVkmVwPSg1pp1tQkfEfYdRPZeGYdh1z1oZnFczL_Ao3U2V19guHUAyDk2_zlf0k-MwDAOBoh7Cn8LmOIRZvddAkykXUjv153m-r7oab0qvXFBrM9xKbv5SDNrzqvksIFNYk1KHyK1x8t4mhPdOVJzNnv8nxKkKZFuUKZ814p7_RlRw2uzmMv9VTfrxtKQJZvu3jYq8Cr-njc7EDLl394H5lCGcaeZRoaJzJr1F7N-gJhe-gbsiS7u-_-byu3IbOKT3yQzzW4ddui-l76htInBGlTbexKCX0H9eUJQpfa3mCYpKN5KI5rUZRBAjRZcDcV3WfzL5z0BrxvVIQcqzH7XVOAXvRw95NG_aiAxrZFvzXIS3pEE3gsG2umNAK&sub1=mekito_wp_1010_broad_all_desktop Page URL
http://www.performanceonclick.com/jump/next.php?stamat=m%7C%2C%2CwjYjtjfToGU3B_-GH0dEdHP3xP.c75%2CKhD9okOei-31UELk1qpOiPV6lM6hpf1ZIC257fPQM2uiQozuKNjJCDjZFOfkqdAOb21a1HCivQkLTgNPqVjXj85On0JjFkwKE1NKPzL-CKYB3sko1J00XjQStsJsVMFnz22tfq3Xn22JkdZgA6UIUlLpBDAeggXYQpVaYei2oWznJMxU9HwqOlcEGcWKdFlMexuK7kh4Sf5oUPi0Al-2frxgpFNiFFk4-DfsQtnSxfQ_cYEPuIuK2aZiRuc1kVmE6p3SEmTF-zkZ9AODouiKoX870SRbDjFYtMEYzT2XQyf708DnseCSn-YHTnXh0HXmrj_je7VVUWJNhygveV7S2vs6AFW_3g9uwEsy_1Oq5EGqOkkL524Knb_dUHvi5uZw3rQWHmglvGZ6OeRHio-7U6zuHm2pOepzPdu2GkOrPhM8XZxTwJUOq0H4lLeG7HlZN6pBKmHSbfJ6hIKM-_YY8qs2xcN_icH8emxvQHILbAcQ1x_DjTrOLsZP6y0TNHGVFNpYQY33PuHBWyyTnXEqJs3PPIilqI-V7rVm4Fimh0cUX-Ile-oy-6aNcNiwM6Ii&cbrandom=0.9343141545362119&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-897541_zone-2575139-2705239445-0&utm_medium=isp-WorldStream%20B.V.&utm_campaign=ssp-Coinis&utm_content=geo-NL_Amsterdam&acsc=113266964 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://ladsblue.com/j3j2ek3n?key=76fbb293d1159a250669b2ce2471769b HTTP 302
http://149.202.65.142/6SQ1p72g HTTP 302
http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=

Request Chain 1

https://reroplittrewheck.pro/redirect?tid=754576&subid=24717&puid=AGBq9V2NYAAAV-cBAE5MNAASAJ2m4XYA HTTP 302
https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL

Request Chain 4

https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=24717 HTTP 302
https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD

Request Chain 10

https://news-easy.com/RU7WIP7-iPRAaN-ynfn6gV0zQ1FCmDJFhWduEvdBhFY?clck=QSFz4mTnyyooC4_wbM9Ck4ONTFEnD9BDpcvpb2fdNfZEE7dOw13IdgeJEzVw1SHGG6hCpdWhBfxGgtkW1_THsALLkQ3hjuCsguRlvSzu8IDLqzRqxMKi7C7ZTYie-OsZFyJHBBvPwehHlRgSBlnCk4hPubqWnIrrLPbMAu2UFJ4RyLG6oD3X2NVhyYSF0l91&sid=mekito_wp_1010_broad_all_desktop HTTP 302
http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=2dSRJ2xcP2uOxXzQ3-9Cv1nQcT9EGddz7n-5vX-fK9I7fQ5Lbtgu3TWApqjSXVFTlGFH9DVkmVwPSg1pp1tQkfEfYdRPZeGYdh1z1oZnFczL_Ao3U2V19guHUAyDk2_zlf0k-MwDAOBoh7Cn8LmOIRZvddAkykXUjv153m-r7oab0qvXFBrM9xKbv5SDNrzqvksIFNYk1KHyK1x8t4mhPdOVJzNnv8nxKkKZFuUKZ814p7_RlRw2uzmMv9VTfrxtKQJZvu3jYq8Cr-njc7EDLl394H5lCGcaeZRoaJzJr1F7N-gJhe-gbsiS7u-_-byu3IbOKT3yQzzW4ddui-l76htInBGlTbexKCX0H9eUJQpfa3mCYpKN5KI5rUZRBAjRZcDcV3WfzL5z0BrxvVIQcqzH7XVOAXvRw95NG_aiAxrZFvzXIS3pEE3gsG2umNAK&sub1=mekito_wp_1010_broad_all_desktop

Request Chain 19

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=344149012&t=pageview&_s=1&dl=https%3A%2F%2F0.nextyourcontent.com%2Findex.php%3Fsub1%3D2575139-2705239445-0%26cid%3D15763646461495687356013061637109364%26utm_source%3Dsite-897541_zone-2575139-2705239445-0%26utm_medium%3Disp-WorldStream%2520B.V.%26utm_campaign%3Dssp-Coinis%26utm_content%3Dgeo-NL_Amsterdam%26acsc%3D113266964&ul=en-us&de=UTF-8&dt=This%20offer%20is%20not%20available%20in%20your%20country&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=223291156&gjid=870167636&cid=163083347.1576364647&tid=UA-123906028-1&_gid=387833778.1576364647&_r=1&gtm=2ouc61&z=797862399 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-123906028-1&cid=163083347.1576364647&jid=223291156&_gid=387833778.1576364647&gjid=870167636&_v=j79&z=797862399 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123906028-1&cid=163083347.1576364647&jid=223291156&_v=j79&z=797862399 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123906028-1&cid=163083347.1576364647&jid=223291156&_v=j79&z=797862399&slf_rd=1&random=793480366

18 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set / Show response
mob1ledev1ces.com/r/
Redirect Chain

https://ladsblue.com/j3j2ek3n?key=76fbb293d1159a250669b2ce2471769b
http://149.202.65.142/6SQ1p72g
http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=

6 KB
6 KB

472ms
452ms

Document
text/html

78.140.165.10
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=
Protocol: HTTP/1.1
Server: 78.140.165.10 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx/1.14.0 /
Resource Hash: 10f85583d4d795cb4ee769343a63005bfd4ad3a6fc2f5b96af939034102c278a

Request headers

Host: mob1ledev1ces.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

Server: nginx/1.14.0
Date: Sat, 14 Dec 2019 23:04:01 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bd_context=wf0te8NPGuMs1BRSwH7Ug19huDkEbmnXf+reuyE6oQpo0qjJOjVQ0MOxL65Y7jOpqTbdhCWwIHXdClqHLci5FcwhNGyy/RcNQgV8TzkZET+YpWHmH8LJhdgQOmtOtnGPhfWzxcjlLQdXNxjVaOSrMKP4Z4dDKvDRIzYI7/eRB/HvdJYQIO5m2BeXtKYMTSxY6C9P6/NMFzqh878uAm6w8H7Qw1dZzJ3uF6eWevX39vkLOcKvU7l1sjswyXaYPUR42aowYaqgFL/kBoajT12xHRqGxQT/JNxz0b2LMmZyoA50LIi0A3U8eBxSpvc8L70ILJnedQF9c+S+Dw==; Expires=Mon, 14 Dec 2020 23:04:01 GMT

Redirect headers

Server: nginx
Date: Sat, 14 Dec 2019 23:04:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Sat, 14 Dec 2019 23:04:00 GMT
Location: http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=
Pragma: no-cache
Set-Cookie: _subid=volen9nl2fu1dgn;Expires=Tuesday, 14-Jan-2020 23:04:00 GMT;Max-Age=2678400;Path=/ 2a2af=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc0XCI6MTU3NjM2NDY0MH0sXCJjYW1wYWlnbnNcIjp7XCIyNVwiOjE1NzYzNjQ2NDB9LFwidGltZVwiOjE1NzYzNjQ2NDB9In0.7fH8Uu3vc8GZ3MjEQVTXVK_DF_bQ9ohQNFli1leUTAI;Expires=Tuesday, 14-Jan-2020 23:04:00 GMT;Max-Age=2678400;Path=/
X-Content-Type-Options: nosniff

GET
H2

200

JJJTGWH Show response
ticcopioidyou.info/
Redirect Chain

https://reroplittrewheck.pro/redirect?tid=754576&subid=24717&puid=AGBq9V2NYAAAV-cBAE5MNAASAJ2m4XYA
https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&...

12 KB
5 KB

208ms
119ms

Document
text/html

104.18.4.47
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL
Requested by: Host: mob1ledev1ces.com
URL: http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.4.47 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9a8ad7063e667592057e08650719f7979bc4ea8d7076eb1d75b9c825f289c2c3

Request headers

:method: GET
:authority: ticcopioidyou.info
:scheme: https
:path: /JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: http://mob1ledev1ces.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://mob1ledev1ces.com/

Response headers

status: 200
date: Sat, 14 Dec 2019 23:04:01 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d29d8a42bbe140cb40f4372732fb0a06e1576364641; expires=Mon, 13-Jan-20 23:04:01 GMT; path=/; domain=.ticcopioidyou.info; HttpOnly; Secure
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5453d082e8489cdc-AMS
content-encoding: br

Redirect headers

status: 302
date: Sat, 14 Dec 2019 23:04:01 GMT
content-type: text/plain
content-length: 0
location: https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL
server: openresty/1.15.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=fe75761f-4568-4217-bdbf-f3af25d8501c fv=rjk6qTr7qdg9riEFqjC7rHg9qTnFvdw=; Expires=Sun, 13 Dec 2020 23:04:01 GMT; Max-Age=31536000; Domain=.reroplittrewheck.pro; Path=/; Version=1

GET
H2 200 dlp Show response
ticcopioidyou.info/ 63 KB
25 KB 115ms
114ms XHR
text/html 104.18.4.47
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://ticcopioidyou.info/dlp?st=1&lp=stanley&geo=NL
Requested by: Host: ticcopioidyou.info
URL: https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.4.47 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 231d164ebcc19822b411ae596c7748df076867087e3de8028e6589f283681ad9

Request headers

Referer: https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 14 Dec 2019 23:04:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cf-ray: 5453d083c8fa9cdc-AMS
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 css
fonts.googleapis.com/ 2 KB
581 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto

Requested by

Host: ticcopioidyou.info
URL: https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 14 Dec 2019 23:04:02 GMT
server: ESF
access-control-allow-origin: *
date: Sat, 14 Dec 2019 23:04:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Sat, 14 Dec 2019 23:04:02 GMT

GET
H/1.1

200
OK

Cookie set 0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo Show response
news-easy.com/
Redirect Chain

https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=24717
https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD

134 KB
134 KB

1943ms
1680ms

Document
text/html

34.231.89.205
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD
Requested by: Host: ticcopioidyou.info
URL: https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.231.89.205 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-231-89-205.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 9e17ba4a68a7dcbd66a3c45db5edb2cd08010ea7e8df6281c606126c89069d08

Request headers

Host: news-easy.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://ticcopioidyou.info/JJJTGWH?tag_id=754576&sub_id1=24717&sub_id2=1293410012799713406&cookie_id=fe75761f-4568-4217-bdbf-f3af25d8501c&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7&geo=NL

Response headers

Date: Sat, 14 Dec 2019 23:04:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: session=8f5ac236-db4f-4e55-9740-30cb22e79d34
Server: nginx

Redirect headers

status: 302
date: Sat, 14 Dec 2019 23:04:02 GMT
content-type: text/plain
content-length: 0
location: https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD
server: openresty/1.15.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: fv=rjk6qTr7qdg9riEFqjC7rHg9qTnGvds=; Expires=Sun, 13 Dec 2020 23:04:02 GMT; Max-Age=31536000; Domain=.reroplittrewheck.pro; Path=/; Version=1

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto
Origin: https://ticcopioidyou.info

Response headers

date: Wed, 20 Nov 2019 05:05:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 2138298
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Thu, 19 Nov 2020 05:05:44 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 45 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d6c3d3b835d2fc7620f5e0a399821edd66f255eb0729cb6794676964e34fb10d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK domains.js Show response
news-easy.com/ 7 KB
7 KB 127ms
126ms Script
application/javascript 34.231.89.205
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://news-easy.com/domains.js
Requested by: Host: news-easy.com
URL: https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.231.89.205 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-231-89-205.compute-1.amazonaws.com
Software: nginx /
Resource Hash: d1addbedc205d5396f6e446b6570ded7c9c17b3dda3c50b9822e9e02223586d3

Request headers

Referer: https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 14 Dec 2019 23:04:04 GMT
Last-Modified: Sat, 14 Dec 2019 22:57:40 GMT
Server: nginx
ETag: "5df568e4-1c6e"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7278

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b4b7d3b40cb6b2ac9bdf2bb261352d0d4d6aeec3b8a095ebc774870d59cb144

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1

200
OK

next.php Show response
www.performanceonclick.com/jump/
Redirect Chain

https://news-easy.com/RU7WIP7-iPRAaN-ynfn6gV0zQ1FCmDJFhWduEvdBhFY?clck=QSFz4mTnyyooC4_wbM9Ck4ONTFEnD9BDpcvpb2fdNfZEE7dOw13IdgeJEzVw1SHGG6hCpdWhBfxGgtkW1_THsALLkQ3hjuCsguRlvSzu8IDLqzRqxMKi7C7ZTYie-O...
http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=2dSRJ2xcP2uOxXzQ3-9Cv1nQcT9EGddz7n-5vX-fK9I7fQ5Lbtgu3TWApqjSXVFTlGFH9DVkmVwPSg1pp1tQkfEfYdRPZeGYdh1z1oZnFczL_Ao3U2V19guHUAyDk2_...

6 KB
3 KB

194ms
140ms

Document
text/html

35.227.196.138
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=2dSRJ2xcP2uOxXzQ3-9Cv1nQcT9EGddz7n-5vX-fK9I7fQ5Lbtgu3TWApqjSXVFTlGFH9DVkmVwPSg1pp1tQkfEfYdRPZeGYdh1z1oZnFczL_Ao3U2V19guHUAyDk2_zlf0k-MwDAOBoh7Cn8LmOIRZvddAkykXUjv153m-r7oab0qvXFBrM9xKbv5SDNrzqvksIFNYk1KHyK1x8t4mhPdOVJzNnv8nxKkKZFuUKZ814p7_RlRw2uzmMv9VTfrxtKQJZvu3jYq8Cr-njc7EDLl394H5lCGcaeZRoaJzJr1F7N-gJhe-gbsiS7u-_-byu3IbOKT3yQzzW4ddui-l76htInBGlTbexKCX0H9eUJQpfa3mCYpKN5KI5rUZRBAjRZcDcV3WfzL5z0BrxvVIQcqzH7XVOAXvRw95NG_aiAxrZFvzXIS3pEE3gsG2umNAK&sub1=mekito_wp_1010_broad_all_desktop
Requested by: Host: news-easy.com
URL: https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD
Protocol: HTTP/1.1
Server: 35.227.196.138 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 138.196.227.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 1f5923466e7e9a37a50230f7b353542192f95f94507ee9cb039c07c242fe05ac

Request headers

Host: www.performanceonclick.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: openresty
Date: Sat, 14 Dec 2019 23:04:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Referrer-Policy: no-referrer
Link: <//www.performanceonclick.com>; rel=dns-prefetch,<//www.performanceonclick.com>; rel=preconnect
Content-Encoding: gzip
Via: 1.1 google

Redirect headers

Date: Sat, 14 Dec 2019 23:04:05 GMT
Content-Type: text/html
Content-Length: 158
Connection: keep-alive
Location: http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=2dSRJ2xcP2uOxXzQ3-9Cv1nQcT9EGddz7n-5vX-fK9I7fQ5Lbtgu3TWApqjSXVFTlGFH9DVkmVwPSg1pp1tQkfEfYdRPZeGYdh1z1oZnFczL_Ao3U2V19guHUAyDk2_zlf0k-MwDAOBoh7Cn8LmOIRZvddAkykXUjv153m-r7oab0qvXFBrM9xKbv5SDNrzqvksIFNYk1KHyK1x8t4mhPdOVJzNnv8nxKkKZFuUKZ814p7_RlRw2uzmMv9VTfrxtKQJZvu3jYq8Cr-njc7EDLl394H5lCGcaeZRoaJzJr1F7N-gJhe-gbsiS7u-_-byu3IbOKT3yQzzW4ddui-l76htInBGlTbexKCX0H9eUJQpfa3mCYpKN5KI5rUZRBAjRZcDcV3WfzL5z0BrxvVIQcqzH7XVOAXvRw95NG_aiAxrZFvzXIS3pEE3gsG2umNAK&sub1=mekito_wp_1010_broad_all_desktop
Server: nginx

GET
H2 200 AFU1kAAPZ-E
feed.r-tb.com/pushes/ 1 KB
871 B 250ms
164ms Fetch
application/json 104.20.47.123
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://feed.r-tb.com/pushes/AFU1kAAPZ-E?acc=51182759&compete=true&src=mekito_wp_1010_broad_all_desktop
Requested by: Host: news-easy.com
URL: https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.123 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD
Origin: https://news-easy.com

Response headers

date: Sat, 14 Dec 2019 23:04:05 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 5453d096d9a8731d-AMS
krcc: NL

GET
H2 204 imp
t.r-tb.com/ 0
0 60ms
31ms Fetch 104.20.47.123
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://t.r-tb.com/imp?l=oS9DTfZPWGZwvFJ7mj_cRJENUGIlpNaLn0_uTw01LQFRk6k0gPcUJ04Ix7-2lbrvlGupDf9nyTxtzxt-CsjxjaD_dywbNrom3lHqDnpgu54fpQXNYXTRJZr6DNz53NJSSDH_kOTc2uYQqFA9UZfxgrw8zfA6iUoBiaJEehVcYdSn5xXQp9Ng3LB3JNebsE52EG_QTlfi5PmJjjomYZST8WEbTPpz90Tq61HiHoodgEK5WV93eoa075Qd8p8tKVhGlEzEqm_ybsLYxwGXAevgKFkfjkXo4hYG2pWwcp71IFE
Requested by: Host: news-easy.com
URL: https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.123 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://news-easy.com/0BO5Zstv1nIIc_OWiR0DxJm1cny7B4b3fa8Uk4-tKOo?cid=5510538926169627915&sid=801790&utm_campaign=NTY4ZwSkMpxJC9HbfP8xO3PgMjE0NoKD
Origin: https://news-easy.com

Response headers

date: Sat, 14 Dec 2019 23:04:05 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 204
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 5453d0981aa6731d-AMS

GET
H2

200

Primary Request index.php Show response
0.nextyourcontent.com/
Redirect Chain

http://www.performanceonclick.com/jump/next.php?stamat=m%7C%2C%2CwjYjtjfToGU3B_-GH0dEdHP3xP.c75%2CKhD9okOei-31UELk1qpOiPV6lM6hpf1ZIC257fPQM2uiQozuKNjJCDjZFOfkqdAOb21a1HCivQkLTgNPqVjXj85On0JjFkwKE1N...
https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-897541_zone-2575139-2705239445-0&utm_medium=isp-WorldStream%20B.V.&utm_camp...

7 KB
3 KB

322ms
261ms

Document
text/html

2606:4700:30::6812:3f1c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-897541_zone-2575139-2705239445-0&utm_medium=isp-WorldStream%20B.V.&utm_campaign=ssp-Coinis&utm_content=geo-NL_Amsterdam&acsc=113266964
Requested by: Host: www.performanceonclick.com
URL: http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=2dSRJ2xcP2uOxXzQ3-9Cv1nQcT9EGddz7n-5vX-fK9I7fQ5Lbtgu3TWApqjSXVFTlGFH9DVkmVwPSg1pp1tQkfEfYdRPZeGYdh1z1oZnFczL_Ao3U2V19guHUAyDk2_zlf0k-MwDAOBoh7Cn8LmOIRZvddAkykXUjv153m-r7oab0qvXFBrM9xKbv5SDNrzqvksIFNYk1KHyK1x8t4mhPdOVJzNnv8nxKkKZFuUKZ814p7_RlRw2uzmMv9VTfrxtKQJZvu3jYq8Cr-njc7EDLl394H5lCGcaeZRoaJzJr1F7N-gJhe-gbsiS7u-_-byu3IbOKT3yQzzW4ddui-l76htInBGlTbexKCX0H9eUJQpfa3mCYpKN5KI5rUZRBAjRZcDcV3WfzL5z0BrxvVIQcqzH7XVOAXvRw95NG_aiAxrZFvzXIS3pEE3gsG2umNAK&sub1=mekito_wp_1010_broad_all_desktop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::6812:3f1c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b37aa0a0ea3174304377e4f0673e7a6a82793cb77290e240af362cc4e0c20d46

Request headers

:method: GET
:authority: 0.nextyourcontent.com
:scheme: https
:path: /index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-897541_zone-2575139-2705239445-0&utm_medium=isp-WorldStream%20B.V.&utm_campaign=ssp-Coinis&utm_content=geo-NL_Amsterdam&acsc=113266964
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Sat, 14 Dec 2019 23:04:06 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d458de86148a3c231fea0553e8867dd081576364646; expires=Mon, 13-Jan-20 23:04:06 GMT; path=/; domain=.nextyourcontent.com; HttpOnly
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5453d0a09e69cbb0-VIE
content-encoding: br

Redirect headers

Server: openresty
Date: Sat, 14 Dec 2019 23:04:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Location: https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-897541_zone-2575139-2705239445-0&utm_medium=isp-WorldStream B.V.&utm_campaign=ssp-Coinis&utm_content=geo-NL_Amsterdam&acsc=113266964
Referrer-Policy: no-referrer
Via: 1.1 google

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1006 B 38ms
38ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Exo:400,700|Open+Sans|Roboto|Roboto+Condensed:400,700

Requested by

Host: 0.nextyourcontent.com
URL: https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-897541_zone-2575139-2705239445-0&utm_medium=isp-WorldStream%20B.V.&utm_campaign=ssp-Coinis&utm_content=geo-NL_Amsterdam&acsc=113266964

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

6bda26d1419c0eef8412279f8c97ce58a1d60d00198e70e3110fc9a432ce81f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 14 Dec 2019 23:04:06 GMT
server: ESF
access-control-allow-origin: *
date: Sat, 14 Dec 2019 23:04:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Sat, 14 Dec 2019 23:04:06 GMT

GET
H2 200 common.css
0.nextyourcontent.com/styles/ 4 KB
1 KB 18ms
18ms Stylesheet
text/css 2606:4700:30::6812:3f1c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://0.nextyourcontent.com/styles/common.css
Requested by: Host: 0.nextyourcontent.com
URL: https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-897541_zone-2575139-2705239445-0&utm_medium=isp-WorldStream%20B.V.&utm_campaign=ssp-Coinis&utm_content=geo-NL_Amsterdam&acsc=113266964
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::6812:3f1c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3532aa6348441f7db17866d2c9cee2681b562eaece51e8473fb20c7278226a00

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 14 Dec 2019 23:04:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 20 Nov 2019 09:57:59 GMT
server: cloudflare
age: 1940
etag: W/"5dd50e27-ee0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5453d0a24a6ccbb0-VIE

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 73 KB
27 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:808::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-123906028-1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8cfef4db4c20392c4763bc7c2a75228e840f768a9d7e88d3f61d7e7205090d6e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 14 Dec 2019 23:04:06 GMT
content-encoding: br
last-modified: Sat, 14 Dec 2019 21:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27813
x-xss-protection: 0
expires: Sat, 14 Dec 2019 23:04:06 GMT

GET
H2 200 green-up-arrow.png
0.nextyourcontent.com/images/ 691 B
778 B 16ms
15ms Image
image/png 2606:4700:30::6812:3f1c
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0.nextyourcontent.com/images/green-up-arrow.png
Requested by: Host: 0.nextyourcontent.com
URL: https://0.nextyourcontent.com/index.php?sub1=2575139-2705239445-0&cid=15763646461495687356013061637109364&utm_source=site-897541_zone-2575139-2705239445-0&utm_medium=isp-WorldStream%20B.V.&utm_campaign=ssp-Coinis&utm_content=geo-NL_Amsterdam&acsc=113266964
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::6812:3f1c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ec70d32dbe754677768f28b1c5861efc2e059f46a016a4c48eb7f2a11e674e5

Request headers

Referer: https://0.nextyourcontent.com/styles/common.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 14 Dec 2019 23:04:06 GMT
cf-cache-status: HIT
last-modified: Wed, 20 Nov 2019 09:57:59 GMT
server: cloudflare
age: 1940
etag: "5dd50e27-2b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5453d0a28b01cbb0-VIE
content-length: 691

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Exo:400,700|Open+Sans|Roboto|Roboto+Condensed:400,700
Origin: https://0.nextyourcontent.com

Response headers

date: Tue, 19 Nov 2019 09:15:53 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: sffe
age: 2209693
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9132
x-xss-protection: 0
expires: Wed, 18 Nov 2020 09:15:53 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-123906028-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 1829
date: Sat, 14 Dec 2019 22:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Sun, 15 Dec 2019 00:33:37 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=344149012&t=pageview&_s=1&dl=https%3A%2F%2F0.nextyourcontent.com%2Findex.php%3Fsub1%3D2575139-2705239445-0%26cid%3D15763646461495687356013061...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-123906028-1&cid=163083347.1576364647&jid=223291156&_gid=387833778.1576364647&gjid=870167636&_v=j79&z=797862399
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123906028-1&cid=163083347.1576364647&jid=223291156&_v=j79&z=797862399
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123906028-1&cid=163083347.1576364647&jid=223291156&_v=j79&z=797862399&slf_rd=1&random=793480366

42 B
109 B

17ms
17ms

Image
image/gif

2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123906028-1&cid=163083347.1576364647&jid=223291156&_v=j79&z=797862399&slf_rd=1&random=793480366

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Dec 2019 23:04:06 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 14 Dec 2019 23:04:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-123906028-1&cid=163083347.1576364647&jid=223291156&_v=j79&z=797862399&slf_rd=1&random=793480366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nextyourcontent.com/	1970-01-19 05:54:11	Name: _gid Value: GA1.2.387833778.1576364647
.nextyourcontent.com/	1970-01-19 05:52:44	Name: _gat_gtag_UA_123906028_1 Value: 1
.nextyourcontent.com/	1970-01-19 23:23:56	Name: _ga Value: GA1.2.163083347.1576364647
.nextyourcontent.com/	1970-01-19 06:35:56	Name: __cfduid Value: d458de86148a3c231fea0553e8867dd081576364646

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.nextyourcontent.com
feed.r-tb.com
fonts.googleapis.com
fonts.gstatic.com
ladsblue.com
mob1ledev1ces.com
news-easy.com
reroplittrewheck.pro
stats.g.doubleclick.net
t.r-tb.com
ticcopioidyou.info
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.performanceonclick.com
104.18.4.47
104.20.47.123
107.21.145.111
149.202.65.142
198.134.112.244
2606:4700:30::6812:3f1c
2a00:1450:4001:806::2003
2a00:1450:4001:808::2008
2a00:1450:4001:808::200e
2a00:1450:4001:819::200a
2a00:1450:4001:81e::2003
2a00:1450:4001:825::2004
2a00:1450:400c:c00::9c
34.231.89.205
35.227.196.138
78.140.165.10
10f85583d4d795cb4ee769343a63005bfd4ad3a6fc2f5b96af939034102c278a
1f5923466e7e9a37a50230f7b353542192f95f94507ee9cb039c07c242fe05ac
231d164ebcc19822b411ae596c7748df076867087e3de8028e6589f283681ad9
3532aa6348441f7db17866d2c9cee2681b562eaece51e8473fb20c7278226a00
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
6bda26d1419c0eef8412279f8c97ce58a1d60d00198e70e3110fc9a432ce81f7
8cfef4db4c20392c4763bc7c2a75228e840f768a9d7e88d3f61d7e7205090d6e
9a8ad7063e667592057e08650719f7979bc4ea8d7076eb1d75b9c825f289c2c3
9b4b7d3b40cb6b2ac9bdf2bb261352d0d4d6aeec3b8a095ebc774870d59cb144
9e17ba4a68a7dcbd66a3c45db5edb2cd08010ea7e8df6281c606126c89069d08
9ec70d32dbe754677768f28b1c5861efc2e059f46a016a4c48eb7f2a11e674e5
b37aa0a0ea3174304377e4f0673e7a6a82793cb77290e240af362cc4e0c20d46
d1addbedc205d5396f6e446b6570ded7c9c17b3dda3c50b9822e9e02223586d3
d6c3d3b835d2fc7620f5e0a399821edd66f255eb0729cb6794676964e34fb10d
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

0.nextyourcontent.com Open in urlscan Pro 2606:4700:30::6812:3f1c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

89 %HTTPS

50 %IPv6

15 Domains

16 Subdomains

12 IPs

5 Countries

252 kBTransfer

451 kBSize

4 Cookies

1 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

4 Cookies

Indicators

0.nextyourcontent.com Open in urlscan Pro
2606:4700:30::6812:3f1c Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

89 %
HTTPS

50 %
IPv6

15
Domains

16
Subdomains

12
IPs

5
Countries

252 kB
Transfer

451 kB
Size

4
Cookies

18 HTTP transactions
3 data transactions