urlscan.io logo urlscan.io
SecurityTrails logo

ps.popcash.net Open in urlscan Pro
54.205.43.136  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://topictraff.com/l/270285362a1cdd4846f9?sub=6396aa7cdf3fd80001b11cd0&source=49
Effective URL: http://ps.popcash.net/go/134600/317194
Submission: On December 19 via api from JP — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 4 countries across 7 domains to perform 5 HTTP transactions. The main IP is 54.205.43.136, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is ps.popcash.net. The Cisco Umbrella rank of the primary domain is 217977.
This is the only time ps.popcash.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 3 2606:4700:e0:... 13335 (CLOUDFLAR...)
2 2 51.161.115.163 16276 (OVH)
2 2 5.161.78.177 213230 (HETZNER-C...)
2 3 51.83.143.92 16276 (OVH)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 54.205.43.136 14618 (AMAZON-AES)
1 168.119.32.96 24940 (HETZNER-AS)
5 4
1    2a06:98c1:3121::c (United States)

ASN13335 (CLOUDFLARENET, US)
topictraff.com
3    2606:4700:e0::ac40:6212 (United States)

ASN13335 (CLOUDFLARENET, US)
trk51.zzzperform.com
2    51.161.115.163 (Canada)

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net
t3.lowtid.com
t5.lowtid.com
2    5.161.78.177 (United States)

ASN213230 (HETZNER-CLOUD2-AS, DE)
PTR: static.177.78.161.5.clients.your-server.de
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
3    51.83.143.92 (France)

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu
cola.trffclb.com
samba.trffclb.com
1    2606:4700:3034::ac43:c2cb (United States)

ASN13335 (CLOUDFLARENET, US)
popcash.net
2    54.205.43.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-43-136.compute-1.amazonaws.com
ps.popcash.net
1    168.119.32.96 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.96.32.119.168.clients.your-server.de
adeumssp.com
Apex Domain
Subdomains		 Transfer
3 popcash.net
popcash.net — Cisco Umbrella Rank: 59069
ps.popcash.net — Cisco Umbrella Rank: 217977
1 KB
3 trffclb.com
cola.trffclb.com — Cisco Umbrella Rank: 256410
samba.trffclb.com — Cisco Umbrella Rank: 216705
2 KB
3 zzzperform.com
trk51.zzzperform.com
14 KB
2 lowsea.fun
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun — Cisco Umbrella Rank: 183200
566 B
2 lowtid.com
t3.lowtid.com — Cisco Umbrella Rank: 122384
t5.lowtid.com
729 B
1 adeumssp.com
adeumssp.com — Cisco Umbrella Rank: 90663
1 topictraff.com
topictraff.com — Cisco Umbrella Rank: 440612
568 B
5 7
Domain Requested by
3 trk51.zzzperform.com 1 redirects trk51.zzzperform.com
2 ps.popcash.net 1 redirects samba.trffclb.com
2 samba.trffclb.com 1 redirects trk51.zzzperform.com
2 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun 2 redirects
1 adeumssp.com ps.popcash.net
1 popcash.net 1 redirects
1 cola.trffclb.com 1 redirects
1 t5.lowtid.com 1 redirects
1 t3.lowtid.com 1 redirects
1 topictraff.com 1 redirects
5 10

This site contains no links.

Subject Issuer Validity Valid
*.zzzperform.com
E1		 2022-11-29 -
2023-02-27		 3 months crt.sh
lone-star.landingtrack.com
R3		 2022-12-19 -
2023-03-19		 3 months crt.sh
adeumssp.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-08 -
2023-06-08		 a year crt.sh

This page contains 1 frames:

Frame: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Frame ID: F8D1156D8210BB30646B801EA580F280
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://topictraff.com/l/270285362a1cdd4846f9?sub=6396aa7cdf3fd80001b11cd0&source=49 HTTP 302
    https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49 Page URL
  2. https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49&code=25Y3Vv... HTTP 302
    https://trk51.zzzperform.com/gw.js?sub=6396aa7cdf3fd80001b11cd0&source=49&url=https%3A%2F%2Ft3.lowtid.com... Page URL
  3. https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_2022121921... HTTP 302
    https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.59363_49.nl.&k=bfb&url=https%3A%2F%2Ftrk51.zzzperform.com%2... HTTP 307
    https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63a0c4776833485aa... HTTP 302
    https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.67.59363_49.nl..nl.&k=bfb&url=https%3A%2F%2Ftrk51.zzzperfo... HTTP 307
    https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63a0c477184422302... HTTP 302
    https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49... Page URL
  4. https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49... HTTP 302
    https://popcash.net/world/go/134600/317194 HTTP 301
    http://ps.popcash.net/go/134600/317194 Page URL

Page Statistics

5
Requests

80 %
HTTPS

38 %
IPv6

7
Domains

10
Subdomains

4
IPs

4
Countries

14 kB
Transfer

39 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://topictraff.com/l/270285362a1cdd4846f9?sub=6396aa7cdf3fd80001b11cd0&source=49 HTTP 302
    https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49 Page URL
  2. https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49&code=25Y3VvBDU7PTg8QTo-P0VDP0URhYV3Fn.GGI9-jR1PVB.JhYMkVTEBcm94Bl1wdjw8C4BwdhAQeokURUtGRxiCghxNT05PIIKZJFU2MTIDZW0HODo5OguAhw8-EHOHfHgWFnqDfhtMHICJgiFRIpKWbnUDA3pzaghPeHlyeHIuWH50QBN8iHx6GY2MkIEdhJGNIoiEkHNmAnhlBlN2gnJ2d208Qz1AMTpqfYN6ho.MOmlwPU9PTlFdQ3tpbzg3PyV.PTwyKkx8fXp0Z3Z0Xn2JRUxLUEhOUj1Gamh1b29QIG1rbmklTWxrdHk0LFB2gX9.d0JFRU5FSEdPTlFWTFBSVUJ2hWZidGwzOjk.NjxAC22DD0cQdX8UTBV3S0saSktNTU5PIIJWVyUwMQJ2agY2Nzg5CnFyDj9AQBF1e3gWRxd.hZAcgn6KkoUhhYuRATIzNARxdG4JOjo7PA2Bg4J4E0RFRkdISUkaio.AjpQhIZKViHN2ZAQ2NTY6ODo6QgxyhHt.EkVGFId7fRkZjH1-gB9QUFNXVFU1NAJmcnl2CAiAeHgNDYV2fIcTXIKJe4M4Yoh.Sh2Bg4ciU1RVMTIzNDU1Njc5Ojo7PT4-QEFCQ0RFRkdISUpLTE1NT1BRUlNUVTEyMzQ0Njc4OTo7PD0.P0BBQkNERUZGSBh8g5AdTk9QUFJTVFUxMjM0NTY3ODg6Ojw9Pj9AEIiHhxWMREdTkEh0UnN0WpdPlFeSbm9wPnszcjt2d3h5R4Q8g0aGTYpCWmGEUG8ahoiLhSCFj094dztmcAN2eXoIOAl2bHsODnd8hBNDFIOKGElKSktNTU5QUSGZhyUxMjJlNgVpeYAKTXN.fHt0MGFWWTRlgox-goiXhYuShJKPg49RcGVoMHpua35te0VOdH99fHUxYldaNWyAfZB-jZiKhomGg4.Hi2NnbGVmdWdsd3N5cXt1fXR2eHt4fH93gFNne4.Fk4M-Y42LiJJ0fWtxeGp4dWl1N3ltcHo8gH2Hen2DFop7fRtNUB2Rj4QiVFckZHF0BDUFdGpsCjs7DHqCfxFCRw__&_tdf=33 HTTP 302
    https://trk51.zzzperform.com/gw.js?sub=6396aa7cdf3fd80001b11cd0&source=49&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703%26s%3D59363_49&vId=bmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703&hash=270285362a1cdd4846f9&ete=true Page URL
  3. https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703&s=59363_49 HTTP 302
    https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.59363_49.nl.&k=bfb&url=https%3A%2F%2Ftrk51.zzzperform.com%2F&xrw=&lid=63a0c4776833485aa7207a16&fid=67 HTTP 307
    https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63a0c4776833485aa7207a16&source=67.59363_49.nl. HTTP 302
    https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.67.59363_49.nl..nl.&k=bfb&url=https%3A%2F%2Ftrk51.zzzperform.com%2F&xrw=&lid=63a0c47718442230217fb80b&fid=888 HTTP 307
    https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63a0c47718442230217fb80b&source=888.67.59363_49.nl..nl. HTTP 302
    https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49.nl..nl. Page URL
  4. https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49.nl..nl.&bv=1 HTTP 302
    https://popcash.net/world/go/134600/317194 HTTP 301
    http://ps.popcash.net/go/134600/317194 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://topictraff.com/l/270285362a1cdd4846f9?sub=6396aa7cdf3fd80001b11cd0&source=49 HTTP 302
  • https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49
Request Chain 1
  • https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49&code=25Y3VvBDU7PTg8QTo-P0VDP0URhYV3Fn.GGI9-jR1PVB.JhYMkVTEBcm94Bl1wdjw8C4BwdhAQeokURUtGRxiCghxNT05PIIKZJFU2MTIDZW0HODo5OguAhw8-EHOHfHgWFnqDfhtMHICJgiFRIpKWbnUDA3pzaghPeHlyeHIuWH50QBN8iHx6GY2MkIEdhJGNIoiEkHNmAnhlBlN2gnJ2d208Qz1AMTpqfYN6ho.MOmlwPU9PTlFdQ3tpbzg3PyV.PTwyKkx8fXp0Z3Z0Xn2JRUxLUEhOUj1Gamh1b29QIG1rbmklTWxrdHk0LFB2gX9.d0JFRU5FSEdPTlFWTFBSVUJ2hWZidGwzOjk.NjxAC22DD0cQdX8UTBV3S0saSktNTU5PIIJWVyUwMQJ2agY2Nzg5CnFyDj9AQBF1e3gWRxd.hZAcgn6KkoUhhYuRATIzNARxdG4JOjo7PA2Bg4J4E0RFRkdISUkaio.AjpQhIZKViHN2ZAQ2NTY6ODo6QgxyhHt.EkVGFId7fRkZjH1-gB9QUFNXVFU1NAJmcnl2CAiAeHgNDYV2fIcTXIKJe4M4Yoh.Sh2Bg4ciU1RVMTIzNDU1Njc5Ojo7PT4-QEFCQ0RFRkdISUpLTE1NT1BRUlNUVTEyMzQ0Njc4OTo7PD0.P0BBQkNERUZGSBh8g5AdTk9QUFJTVFUxMjM0NTY3ODg6Ojw9Pj9AEIiHhxWMREdTkEh0UnN0WpdPlFeSbm9wPnszcjt2d3h5R4Q8g0aGTYpCWmGEUG8ahoiLhSCFj094dztmcAN2eXoIOAl2bHsODnd8hBNDFIOKGElKSktNTU5QUSGZhyUxMjJlNgVpeYAKTXN.fHt0MGFWWTRlgox-goiXhYuShJKPg49RcGVoMHpua35te0VOdH99fHUxYldaNWyAfZB-jZiKhomGg4.Hi2NnbGVmdWdsd3N5cXt1fXR2eHt4fH93gFNne4.Fk4M-Y42LiJJ0fWtxeGp4dWl1N3ltcHo8gH2Hen2DFop7fRtNUB2Rj4QiVFckZHF0BDUFdGpsCjs7DHqCfxFCRw__&_tdf=33 HTTP 302
  • https://trk51.zzzperform.com/gw.js?sub=6396aa7cdf3fd80001b11cd0&source=49&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703%26s%3D59363_49&vId=bmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703&hash=270285362a1cdd4846f9&ete=true
Request Chain 2
  • https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703&s=59363_49 HTTP 302
  • https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.59363_49.nl.&k=bfb&url=https%3A%2F%2Ftrk51.zzzperform.com%2F&xrw=&lid=63a0c4776833485aa7207a16&fid=67 HTTP 307
  • https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63a0c4776833485aa7207a16&source=67.59363_49.nl. HTTP 302
  • https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.67.59363_49.nl..nl.&k=bfb&url=https%3A%2F%2Ftrk51.zzzperform.com%2F&xrw=&lid=63a0c47718442230217fb80b&fid=888 HTTP 307
  • https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63a0c47718442230217fb80b&source=888.67.59363_49.nl..nl. HTTP 302
  • https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49.nl..nl.
Request Chain 3
  • http://ps.popcash.net/ad/ad?p=134600&w=317194&t=b1ab6a2c7ef0927c&r=&vw=1600&vh=1200 HTTP 303
  • https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
270285362a1cdd4846f9.js
trk51.zzzperform.com/l/
Redirect Chain
  • https://topictraff.com/l/270285362a1cdd4846f9?sub=6396aa7cdf3fd80001b11cd0&source=49
  • https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49
36 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6212 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

age
387
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
77c2c3845f250ea0-AMS
content-encoding
br
content-type
text/html
date
Mon, 19 Dec 2022 20:07:18 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Thu, 15 Oct 2020 14:13:33 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ncnkxtxgPkAYaBYHeWYVzzQrVKmEDih3tm5DFrAfgQnWnAY%2BMyxBZ4It5dIMZtDefcVEVnH48Lt7toYfLPvV9MJkmxBlr3V6VSjAwDe37WJyx%2BHv%2Fb3PgVaojb0ygLMgMvzgZbk24g6%2F5NaGLaWssNsZfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
77c2c383c901d0bd-AMS
date
Mon, 19 Dec 2022 20:07:18 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HLEUpG56ymi%2FAnljPQgtdJpzfbmKVw2%2BU6w6ipCjlLy5b0I8omRMtTaJ2vrZPai5nuvFwpnrbhF4HP2rNvjFYdwmfSsU2RlhILFdFmQIS1wfJ4plBVJiPganrWjB1kt22R9KMnz55WWsWgaROQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
gw.js
trk51.zzzperform.com/
Redirect Chain
  • https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49&code=25Y3VvBDU7PTg8QTo-P0VDP0URhYV3Fn.GGI9-jR1PVB.JhYMkVTEBcm94Bl1wdjw8C4BwdhAQeokURUtGRxiCghxNT05PIIKZ...
  • https://trk51.zzzperform.com/gw.js?sub=6396aa7cdf3fd80001b11cd0&source=49&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_202212192...
1 KB
984 B 		Document
General
Check archive.org
Download Go to
Full URL
https://trk51.zzzperform.com/gw.js?sub=6396aa7cdf3fd80001b11cd0&source=49&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703%26s%3D59363_49&vId=bmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703&hash=270285362a1cdd4846f9&ete=true
Requested by
Host: trk51.zzzperform.com
URL: https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6212 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://trk51.zzzperform.com/l/270285362a1cdd4846f9.js?sub=6396aa7cdf3fd80001b11cd0&source=49
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

age
405
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
77c2c385f8ff0ea0-AMS
content-encoding
br
content-type
text/html
date
Mon, 19 Dec 2022 20:07:18 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Thu, 15 Oct 2020 14:13:33 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VkGHQcgv1Xphu2%2Bi%2FYlE7yjnU%2FaTtxu7ysMmnX8qfT2FRtfkY5Ypmvf36XhUxjrsW%2B7cevHS%2BuxPysAWFf95a27MlONhNlyCWtJ%2BJt7K6artckmVBEn5%2BAHtOZk0ZexzycK6WGsuoAw38aclJ31RceeEkA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
77c2c385b8b00ea0-AMS
date
Mon, 19 Dec 2022 20:07:18 GMT
location
https://trk51.zzzperform.com/gw.js?sub=6396aa7cdf3fd80001b11cd0&source=49&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703%26s%3D59363_49&vId=bmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703&hash=270285362a1cdd4846f9&ete=true
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9DSospuUhqvyP250oZh8yGQr1zCv1lLJbRpzj8xrKWP9gRlE4G2X4IJICleqDyPqSTrs2ST4wVcP8q88%2BvTFleMi6hkOhLUVdBnwR8BdSSD0QumksldWIhUt%2FiwtglNM5y5Hyhqf5JtB7YUe1nwUEPyxMw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
l.php
samba.trffclb.com/
Redirect Chain
  • https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703&s=59363_49
  • https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.59363_49.nl.&k=bfb&url=https%3A%2F%2Ftrk51.zzzperform.com%2F&xrw=&lid=63a0c4776833485aa7207a16&fid=67
  • https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63a0c4776833485aa7207a16&source=67.59363_49.nl.
  • https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.67.59363_49.nl..nl.&k=bfb&url=https%3A%2F%2Ftrk51.zzzperform.com%2F&xrw=&lid=63a0c47718442230217fb80b&fid=888
  • https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63a0c47718442230217fb80b&source=888.67.59363_49.nl..nl.
  • https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49.nl..nl.
901 B
871 B 		Document
General
Check archive.org
Download Go to
Full URL
https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49.nl..nl.
Requested by
Host: trk51.zzzperform.com
URL: https://trk51.zzzperform.com/l/270285362a1cdd4846f9?sub=6396aa7cdf3fd80001b11cd0&source=49&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703%26s%3D59363_49&vId=bmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703&hash=270285362a1cdd4846f9&ete=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.83.143.92 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3155458.ip-51-83-143.eu
Software
nginx /
Resource Hash

Request headers

Referer
https://trk51.zzzperform.com/l/270285362a1cdd4846f9?sub=6396aa7cdf3fd80001b11cd0&source=49&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703%26s%3D59363_49&vId=bmconv_20221219210718_4d9f3111_e03b_4670_a56d_1033a34ed703&hash=270285362a1cdd4846f9&ete=true
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 19 Dec 2022 20:07:20 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Mon, 19 Dec 2022 20:07:19 GMT
Location
https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49.nl..nl.
Raund
2tz
Round
11hx4alk7e
Server
nginx
Primary Request 317194
ps.popcash.net/go/134600/
Redirect Chain
  • https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49.nl..nl.&bv=1
  • https://popcash.net/world/go/134600/317194
  • http://ps.popcash.net/go/134600/317194
426 B
459 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ps.popcash.net/go/134600/317194
Requested by
Host: samba.trffclb.com
URL: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49.nl..nl.
Protocol
HTTP/1.1
Server
54.205.43.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-43-136.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6eb4b904be083fbb72e2cfd474aeb71896d248e919834e60283c16a4d568cffb

Request headers

Referer
https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.67.59363_49.nl..nl.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Length
271
Content-Type
text/html
Date
Mon, 19 Dec 2022 20:07:20 GMT
Server
nginx
Vary
Accept-Encoding

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
77c2c38ffd869177-FRA
content-length
162
content-type
text/html
date
Mon, 19 Dec 2022 20:07:20 GMT
location
http://ps.popcash.net/go/134600/317194
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RG4tMeS97PqYkf3fRyoyCRFOnZaFUF56%2Fk4agwf2P7tJ%2BDT9QaJI1p5V9I9pw9YqPdzRQNVFfjC%2Fb4iT0N7bPE2yo0gyAZy6GgwUIi60%2B1bmQgvmpMajzSIdUR4%2FKGNHfVW4mKnaSVey"}],"group":"cf-nel","max_age":604800}
server
cloudflare
smart
adeumssp.com/
Redirect Chain
  • http://ps.popcash.net/ad/ad?p=134600&w=317194&t=b1ab6a2c7ef0927c&r=&vw=1600&vh=1200
  • https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Requested by
Host: ps.popcash.net
URL: http://ps.popcash.net/go/134600/317194
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
168.119.32.96 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.96.32.119.168.clients.your-server.de
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

date
Mon, 19 Dec 2022 20:07:20 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Mon, 19 Dec 2022 20:07:20 GMT
Location
https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server
nginx

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange number| x number| y

2 Cookies

Domain/Path Name / Value
trk51.zzzperform.com/ Name: BSESSID
Value: trka1bc984a-7a3f-4f48-85b0-a871eee214e8
.lowsea.fun/ Name: emwxcid_4_1
Value: 1Rm9B2swhpw2rHXsMSZ59rERa5eP3aAhd7wvJjdaRJggdCHBSS