tibu.wijtazo.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://misctraff.com/l/26997115f3e3b5c262a2
Effective URL:
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da78dd1a900014d9bbd&pubid=503
Submission Tags: falconsandbox
Submission: On July 12 via api (July 12th 2022, 12:48:39 pm UTC) from US — Scanned from DE

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 11 domains to perform 21 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is tibu.wijtazo.com. The Cisco Umbrella rank of the primary domain is 164219.
TLS certificate: Issued by E1 on June 19th 2022. Valid for: 3 months.

This is the only time tibu.wijtazo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3035::6815:1ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	62.212.87.140 62.212.87.140	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	2606:4700:303... 2606:4700:3033::ac43:c5db	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:303... 2606:4700:3030::ac43:bfdd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	162.242.198.222 162.242.198.222	27357 (RACKSPACE) (RACKSPACE)
3 3	34.91.234.242 34.91.234.242	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	34.90.46.36 34.90.46.36	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	65.60.58.179 65.60.58.179	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
4 6	51.68.85.158 51.68.85.158	16276 (OVH) (OVH)
21	7

2 2606:4700:3035::6815:1ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

misctraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.212.87.140 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

kingsofpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:c5db (United States)

ASN13335 (CLOUDFLARENET, US)

fanasti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3030::ac43:bfdd (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.242.198.222 (United States) 1 redirects

ASN27357 (RACKSPACE, US)

go.doblevialatam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.91.234.242 (Groningen, Netherlands) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 242.234.91.34.bc.googleusercontent.com

harrenmedia.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.aditserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.90.46.36 (Groningen, Netherlands) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 36.46.90.34.bc.googleusercontent.com

admoustache.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

tibu.wijtazo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 65.60.58.179 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

ad.marootrack.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 51.68.85.158 (France) 4 redirects

ASN16276 (OVH, FR)

www.offermyvist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	offermyvist.com 4 redirects www.offermyvist.com — Cisco Umbrella Rank: 405111	12 KB
6	marootrack.co ad.marootrack.co — Cisco Umbrella Rank: 149187	14 KB
6	wijtazo.com tibu.wijtazo.com — Cisco Umbrella Rank: 164219	29 KB
4	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 224449	4 KB
3	go2affise.com 3 redirects admoustache.go2affise.com — Cisco Umbrella Rank: 95746	628 B
2	aditserve.com 2 redirects track.aditserve.com — Cisco Umbrella Rank: 124067	838 B
2	misctraff.com 1 redirects misctraff.com — Cisco Umbrella Rank: 401984	13 KB
1	g2afse.com 1 redirects harrenmedia.g2afse.com — Cisco Umbrella Rank: 184616	275 B
1	doblevialatam.com 1 redirects go.doblevialatam.com — Cisco Umbrella Rank: 247733	277 B
1	fanasti.com fanasti.com — Cisco Umbrella Rank: 404320	1 KB
1	kingsofpush.com kingsofpush.com	1 KB
21	11

	Domain	Requested by
6	www.offermyvist.com	4 redirects ad.marootrack.co
6	ad.marootrack.co	tibu.wijtazo.com ad.marootrack.co
6	tibu.wijtazo.com	fanasti.com misctraff.com tibu.wijtazo.com www.offermyvist.com
4	cdn.addlnk.com	fanasti.com tibu.wijtazo.com
3	admoustache.go2affise.com	3 redirects
2	track.aditserve.com	2 redirects
2	misctraff.com	1 redirects
1	harrenmedia.g2afse.com	1 redirects
1	go.doblevialatam.com	1 redirects
1	fanasti.com	kingsofpush.com
1	kingsofpush.com	misctraff.com
21	11

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-15` - `2023-06-15`	a year	crt.sh
trk.billysrv.com R3	`2022-06-23` - `2022-09-21`	3 months	crt.sh
*.wijtazo.com E1	`2022-06-19` - `2022-09-17`	3 months	crt.sh
ad.marootrack.co R3	`2022-05-25` - `2022-08-23`	3 months	crt.sh
www.offermyvist.com R3	`2022-07-03` - `2022-10-01`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da78dd1a900014d9bbd&pubid=503
Frame ID: 0B32BB895432788AE82E1774085A3D7C
Requests: 18 HTTP requests in this frame

Frame: https://tibu.wijtazo.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1657627200
Frame ID: 02260464F5E44E56B2226D69213AAC72
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Click "Allow" To Continue

Page URL History Show full URLs

https://misctraff.com/l/26997115f3e3b5c262a2 Page URL
https://misctraff.com/l/26997115f3e3b5c262a2?code=0bY3VvBDU7Oz4.PDoxMjc0PDgGenpsC2lwAnlpdwc5PglzZG... HTTP 302
https://kingsofpush.com/gw2?source=Unknown&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclic... Page URL
https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1... Page URL
https://go.doblevialatam.com/1652519235?aff_token=pube5b76c6bab8243c9b2f1055b1ed4dfae&aff_source=738c3b3f HTTP 307
https://harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=57&sub1=fef2345b9a19bdea556d45a2&sub2=027... HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=88&sub1=62cd6da4070c420001fd7972&sub2=57&... HTTP 302
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da5a00dbc000188efab&pubid=88 Page URL
http://track.aditserve.com/sl?id=61c1b2b3d9b88bb313742231&pid=930&sub1=pubd58661f56a174ae8b711e00342190... HTTP 302
https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallin... Page URL
https://ad.marootrack.co/?utm_term=7119467145691398158&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
https://ad.marootrack.co/proc.php?0cfb95a8f61da1c472d785604616616906307284 Page URL
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website... Page URL
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website... HTTP 302
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website... HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300097683af4e1e6a76ca3b77080419... HTTP 302
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da6a00dbc000188efc2&pubid=503 Page URL
http://track.aditserve.com/sl?id=61c1b2b3d9b88bb313742231&pid=930&sub1=pubd58661f56a174ae8b711e00342190... HTTP 302
https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallin... Page URL
https://ad.marootrack.co/?utm_term=7119467149986365443&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
https://ad.marootrack.co/proc.php?494110d4f65ccae65bb454dabefb69b41d99f3ae Page URL
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website... Page URL
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website... HTTP 302
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website... HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000c71c73488590ea1e59c5ee80564... HTTP 302
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da78dd1a900014d9bbd&pubid=503 Page URL

Page Statistics

21
Requests

100 %
HTTPS

40 %
IPv6

11
Domains

11
Subdomains

7
IPs

3
Countries

72 kB
Transfer

154 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://misctraff.com/l/26997115f3e3b5c262a2 Page URL
https://misctraff.com/l/26997115f3e3b5c262a2?code=0bY3VvBDU7Oz4.PDoxMjc0PDgGenpsC2lwAnlpdwc5PglzZGIDNDUFdnN8CmFpbzU1BHlpbwkJc3cCMzk0NQZwcAo7MjEyA2V8Bzg.OToAYmoENTc2Nwh9hAExAmV5bmoICGx1ZQIzA2dwaQg4CXlyb3YEBHt0awlQeW9obmgkTnRqNglyc2dlBHh3e2wIb3xtAmhkcHhrB31qC01wfGxwcWc2PTc6IClZbHJpdX57KVhUITMzMjVBJ19yeDY1PSN8OzowKEp6cG1nWmlnUXB8OD8zODA2OiUuUlBdV0wtIm9tcGsnT25ta3ArI0dteHZ1bjkxMTUxNDM7Nz45ODU0IlZla2d5cTg-MzgwNjoFZ30JQQpkbgM7BGY6Ogk5OjExMjMEZjo7CTk6AHRoBDQ1NjcIb3ABMjMzBGhuawk6CmZteARqZnJ6bQltaG4DNDU2BnN2cAsxMTIzBHh6eW8KOzEyMzQ1NQZ2e2x6dQICc3ZpeXxqCjwwMTUzNTU9B21-dm4CNTYEd2ttCQl8YmRlBDU1ODw5Oj8zAWVxeHUHB393dwEBeWpwewdQdn1vbCFLcWczBmpscAsxMjM0NTY3ODg5OjEyMjM1Njc4OTo7MTIzNDU2Nzg5OjoxMjM0NTY3ODk6OzAyMzQ1Njc4OTo7MTIzNDU2Nzc5CW1pdgM0NTY2ODk6OzEyMzQ1Njc4ODo6MTIzNDUFfXx8CoEuMT16Ml48XV5EgS5zNnFyc3RCfzd2NG9wcXJAfTV8P387eDBIT3I.XQh0dm5oA2hyMltaQ254AHN2dwU1BnNpeAsAaW52BTUGdXwKOzExMjQ0NTc4CIBuATIzM2Y3Bmp6gQtDaXRycWomV0xPKlBtd2ptc4Jwdn1vcm9jbzF1am01f3NleGd1P0hueXd2byBRRkkkW29sf258fG5qbWpnc2tvbHBqY2RzZWp1cXdveWhwZ2lrbmtvcmpzO09jd217aydLdXNlb3Z-bXN6bHp3a2wucGRncTN3dH5xaW8CdmdpBzk8CX1wZQM1OAVqd3oKOwBvZWcFPjRACHZ.cAIzOA__&_tdf=29 HTTP 302
https://kingsofpush.com/gw2?source=Unknown&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3%26pubid%3D135921_Unknown&vId=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&hash=26997115f3e3b5c262a2&ete=true&pn=true Page URL
https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&pubid=135921_Unknown Page URL
https://go.doblevialatam.com/1652519235?aff_token=pube5b76c6bab8243c9b2f1055b1ed4dfae&aff_source=738c3b3f HTTP 307
https://harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=57&sub1=fef2345b9a19bdea556d45a2&sub2=0278-f5eb87a0ce HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=88&sub1=62cd6da4070c420001fd7972&sub2=57&sub3=&sub4=1&sub5=57 HTTP 302
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da5a00dbc000188efab&pubid=88 Page URL
http://track.aditserve.com/sl?id=61c1b2b3d9b88bb313742231&pid=930&sub1=pubd58661f56a174ae8b711e00342190548&sub2=5d45d13c_88 HTTP 302
https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da5f38b960001c86c5c Page URL
https://ad.marootrack.co/?utm_term=7119467145691398158&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90 Page URL
https://ad.marootrack.co/proc.php?0cfb95a8f61da1c472d785604616616906307284 Page URL
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90 Page URL
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90&eyeg=bdd1bd594928d8b8e3b03f4782eba167&eyer=0.49880189390664653&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=ad.marootrack.co HTTP 302
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90&eyeg=3&eyer=0.49880189390664653&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=ad.marootrack.co HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300097683af4e1e6a76ca3b77080419e60900712-202207-flb*5504646-65846*M7119467145691398158*sl_5504646-65846*9d1e6cce7f50bb1819ea096f3628d81b3201420a*21899-1b747c33*21899 HTTP 302
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da6a00dbc000188efc2&pubid=503 Page URL
http://track.aditserve.com/sl?id=61c1b2b3d9b88bb313742231&pid=930&sub1=pubd58661f56a174ae8b711e00342190548&sub2=5d45d13c_88 HTTP 302
https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da6f38b960001c86c85 Page URL
https://ad.marootrack.co/?utm_term=7119467149986365443&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90 Page URL
https://ad.marootrack.co/proc.php?494110d4f65ccae65bb454dabefb69b41d99f3ae Page URL
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91 Page URL
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91&eyeg=478e4c545e60b4c11942457a178b5dc1&eyer=0.5590585361243416&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=ad.marootrack.co HTTP 302
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91&eyeg=3&eyer=0.5590585361243416&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=ad.marootrack.co HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000c71c73488590ea1e59c5ee805644307c0712-202207-flb*5504646-65846*M7119467149986365443*sl_5504646-65846*f17d456f9387d491054d535ff7fd92ae4719e2b6*21899-1b747c33*21899 HTTP 302
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da78dd1a900014d9bbd&pubid=503 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://misctraff.com/l/26997115f3e3b5c262a2?code=0bY3VvBDU7Oz4.PDoxMjc0PDgGenpsC2lwAnlpdwc5PglzZGIDNDUFdnN8CmFpbzU1BHlpbwkJc3cCMzk0NQZwcAo7MjEyA2V8Bzg.OToAYmoENTc2Nwh9hAExAmV5bmoICGx1ZQIzA2dwaQg4CXlyb3YEBHt0awlQeW9obmgkTnRqNglyc2dlBHh3e2wIb3xtAmhkcHhrB31qC01wfGxwcWc2PTc6IClZbHJpdX57KVhUITMzMjVBJ19yeDY1PSN8OzowKEp6cG1nWmlnUXB8OD8zODA2OiUuUlBdV0wtIm9tcGsnT25ta3ArI0dteHZ1bjkxMTUxNDM7Nz45ODU0IlZla2d5cTg-MzgwNjoFZ30JQQpkbgM7BGY6Ogk5OjExMjMEZjo7CTk6AHRoBDQ1NjcIb3ABMjMzBGhuawk6CmZteARqZnJ6bQltaG4DNDU2BnN2cAsxMTIzBHh6eW8KOzEyMzQ1NQZ2e2x6dQICc3ZpeXxqCjwwMTUzNTU9B21-dm4CNTYEd2ttCQl8YmRlBDU1ODw5Oj8zAWVxeHUHB393dwEBeWpwewdQdn1vbCFLcWczBmpscAsxMjM0NTY3ODg5OjEyMjM1Njc4OTo7MTIzNDU2Nzg5OjoxMjM0NTY3ODk6OzAyMzQ1Njc4OTo7MTIzNDU2Nzc5CW1pdgM0NTY2ODk6OzEyMzQ1Njc4ODo6MTIzNDUFfXx8CoEuMT16Ml48XV5EgS5zNnFyc3RCfzd2NG9wcXJAfTV8P387eDBIT3I.XQh0dm5oA2hyMltaQ254AHN2dwU1BnNpeAsAaW52BTUGdXwKOzExMjQ0NTc4CIBuATIzM2Y3Bmp6gQtDaXRycWomV0xPKlBtd2ptc4Jwdn1vcm9jbzF1am01f3NleGd1P0hueXd2byBRRkkkW29sf258fG5qbWpnc2tvbHBqY2RzZWp1cXdveWhwZ2lrbmtvcmpzO09jd217aydLdXNlb3Z-bXN6bHp3a2wucGRncTN3dH5xaW8CdmdpBzk8CX1wZQM1OAVqd3oKOwBvZWcFPjRACHZ.cAIzOA__&_tdf=29 HTTP 302
https://kingsofpush.com/gw2?source=Unknown&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3%26pubid%3D135921_Unknown&vId=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&hash=26997115f3e3b5c262a2&ete=true&pn=true

Request Chain 4

https://go.doblevialatam.com/1652519235?aff_token=pube5b76c6bab8243c9b2f1055b1ed4dfae&aff_source=738c3b3f HTTP 307
https://harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=57&sub1=fef2345b9a19bdea556d45a2&sub2=0278-f5eb87a0ce HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=88&sub1=62cd6da4070c420001fd7972&sub2=57&sub3=&sub4=1&sub5=57 HTTP 302
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da5a00dbc000188efab&pubid=88

Request Chain 8

http://track.aditserve.com/sl?id=61c1b2b3d9b88bb313742231&pid=930&sub1=pubd58661f56a174ae8b711e00342190548&sub2=5d45d13c_88 HTTP 302
https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da5f38b960001c86c5c

Request Chain 13

https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90&eyeg=bdd1bd594928d8b8e3b03f4782eba167&eyer=0.49880189390664653&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=ad.marootrack.co HTTP 302
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90&eyeg=3&eyer=0.49880189390664653&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=ad.marootrack.co HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300097683af4e1e6a76ca3b77080419e60900712-202207-flb*5504646-65846*M7119467145691398158*sl_5504646-65846*9d1e6cce7f50bb1819ea096f3628d81b3201420a*21899-1b747c33*21899 HTTP 302
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da6a00dbc000188efc2&pubid=503

Request Chain 15

http://track.aditserve.com/sl?id=61c1b2b3d9b88bb313742231&pid=930&sub1=pubd58661f56a174ae8b711e00342190548&sub2=5d45d13c_88 HTTP 302
https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da6f38b960001c86c85

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 26997115f3e3b5c262a2 Show response
misctraff.com/l/ 36 KB
12 KB 70ms
42ms Document
text/html 2606:4700:3035::6815:1ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://misctraff.com/l/26997115f3e3b5c262a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:1ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000
cf-cache-status: DYNAMIC
cf-ray: 7299e4db8c119b98-FRA
content-encoding: br
content-type: text/html
date: Tue, 12 Jul 2022 12:48:35 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 27 Mar 2020 14:29:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bZsVS9NAhb1V%2FaHmftlzaFhBboBaL7Ug4oHNS%2F2kiy3SferffWmj4a2GinKhkIOYrxrIk3hhV9Ujmlotcw7%2FccATaJxRHpTF1OzFX6QSf5TkDr7XZLswMaDr8J1hRzATFoLYBA2ZAwoI%2FnoC"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H/1.1

200
OK

gw2
kingsofpush.com/
Redirect Chain

https://misctraff.com/l/26997115f3e3b5c262a2?code=0bY3VvBDU7Oz4.PDoxMjc0PDgGenpsC2lwAnlpdwc5PglzZGIDNDUFdnN8CmFpbzU1BHlpbwkJc3cCMzk0NQZwcAo7MjEyA2V8Bzg.OToAYmoENTc2Nwh9hAExAmV5bmoICGx1ZQIzA2dwaQg4C...
https://kingsofpush.com/gw2?source=Unknown&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3%26pubid%3D135921_Unknown&vId=bmcon...

1 KB
1 KB

157ms
14ms

Document
text/html

62.212.87.140
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://kingsofpush.com/gw2?source=Unknown&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3%26pubid%3D135921_Unknown&vId=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&hash=26997115f3e3b5c262a2&ete=true&pn=true
Requested by: Host: misctraff.com
URL: https://misctraff.com/l/26997115f3e3b5c262a2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.212.87.140 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://misctraff.com/l/26997115f3e3b5c262a2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=315360000
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 12 Jul 2022 12:48:35 GMT
ETag: W/"5d1f2635-589"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Fri, 05 Jul 2019 10:28:05 GMT
Transfer-Encoding: chunked

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7299e4dc1cf99b98-FRA
date: Tue, 12 Jul 2022 12:48:35 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://kingsofpush.com/gw2?source=Unknown&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3%26pubid%3D135921_Unknown&vId=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&hash=26997115f3e3b5c262a2&ete=true&pn=true
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rgI1qY44oYK9vahSU5S%2FxwGpnV5AP3JxoQ4DiBET9mbE9g5mlNn2a4qgJNUqzl7POHruY%2Bl9b7F607VM6Xp%2BwaXIuAQCYrWmt4sZVQzUHPr9beZISSsb7X7KSvGZODAp7PP7rx2f6fKQvRa9"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 3d8a3d97e5 Show response
fanasti.com/rc/ 1 KB
1 KB 202ms
120ms Document
text/html 2606:4700:3033::ac43:c5db
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&pubid=135921_Unknown
Requested by: Host: kingsofpush.com
URL: https://kingsofpush.com/l/26997115f3e3b5c262a2?source=Unknown&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3%26pubid%3D135921_Unknown&vId=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&hash=26997115f3e3b5c262a2&ete=true&pn=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:c5db , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a512f2f8c73370b54a19527df559e45ef00540a16e24cbc6b411fb27aeb6b4a6

Request headers

Referer: https://kingsofpush.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7299e4dde89e9b37-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 12 Jul 2022 12:48:35 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2Bpl0zsjaRVjxGt%2B7fxQwJuQAnkxKcAkRu5nHJTWFr0VXyiQlxv2C0Iv5ROD8xusgBzx7PxbI287VvPSBgt1R4ZbpNDUiTfDvhmM6uh1hJNjNEoHdW1T189qHIBjyks3bV2Hee69frvv%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 55ms
16ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: fanasti.com
URL: https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&pubid=135921_Unknown
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 12:48:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5993
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 72BQ43Z832DMHS8A
x-amz-id-2: 9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HvS0Q54n2QtpkEA7p5OE5A5zGePSWGhtUuzrvnGj%2BcbdEST9nP7AKPV53ZWhperfAGn1u3YeG8oPC2YxGDmNAsTupeZ2IO%2FguBO83Jfu%2B%2FTw4%2BpB392LerWojihJwPdZBpW%2BiLvzNAl0J7m2Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7299e4def8cc8fe6-FRA
cf-bgj: minify

GET
H2

200

a91581ead4 Show response
tibu.wijtazo.com/rc/
Redirect Chain

https://go.doblevialatam.com/1652519235?aff_token=pube5b76c6bab8243c9b2f1055b1ed4dfae&aff_source=738c3b3f
https://harrenmedia.g2afse.com/sl?id=5fc763a729102be261cd5e90&pid=57&sub1=fef2345b9a19bdea556d45a2&sub2=0278-f5eb87a0ce
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=88&sub1=62cd6da4070c420001fd7972&sub2=57&sub3=&sub4=1&sub5=57
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da5a00dbc000188efab&pubid=88

3 KB
2 KB

138ms
105ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da5a00dbc000188efab&pubid=88
Requested by: Host: fanasti.com
URL: https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&pubid=135921_Unknown
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b3a2e44489b40c557b79143dc8e4c994ac23aa0f6398f7731159df41035dc3c

Request headers

Referer: https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20220712144835_b7b9db8f_e2e7_4614_b2ef_c7824b1fe4e3&pubid=135921_Unknown
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7299e4ea8a5a9bf5-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 12 Jul 2022 12:48:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zIwrVW3pJ%2Bne9TFBbaBi7RFTUr6MOAPK5FaQ1OguxX2L5Z7t%2BzPM9YzKoK5QWvNPlnKFSdzQYXIofUNmjaiKZ3qDOj1wfRd0NCPVgB1pH8VVjAHkazBcNaLntRqn2fldrtqpdN%2BYU2Ww5lUOC69w"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Tue, 12 Jul 2022 12:48:37 GMT
location: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da5a00dbc000188efab&pubid=88
server: nginx

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 31ms
13ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: tibu.wijtazo.com
URL: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da5a00dbc000188efab&pubid=88
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 12:48:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5995
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 72BQ43Z832DMHS8A
x-amz-id-2: 9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZckvdYqwrU%2BqpOw6YEzrAUiClEIfE%2BIK4oFyLm1tLvh6AlQBorZiRPqrNmXEsmvfeUWQpAbJQxqmbVZZ97hhIsZb1SmhomhYxaxxoXGpVhuChmdRQSiyarlOHrkpc4FeANKHZfSpu7YqgBK3IA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7299e4eb5c879046-FRA
cf-bgj: minify

GET
H3 200 invisible.js Show response
tibu.wijtazo.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 0226 44 KB
16 KB 40ms
23ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tibu.wijtazo.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1657627200
Requested by: Host: misctraff.com
URL: https://misctraff.com/l/26997115f3e3b5c262a2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a8a778e1a6f3798cf69934a33519f3f4f33f8ecdca3ad8d7353b7147ffee270

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 12:48:37 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcEPez5oCTknuPBAjtYErnKCZn%2BB36%2FxR6zJav6y8JqKShXi5oI%2F7d7LW0dJOrSmjApDxiVKqKu%2FifCS2gtRsIuVhHO0XAGqLc1trdVpuV%2FH%2BWZpRPD8Q2Le07xK5jKpPNPebtzqX3NVuQEaQaNu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7299e4eb8db09067-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
tibu.wijtazo.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 0226 21 KB
8 KB 16ms
16ms Other
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tibu.wijtazo.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79b82b2868e02ed1114a5b05e7451b3b5d27f4b86ec5067de9ae58bf261abebb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 12:48:37 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mz8%2BtmqD4IDRYQCQXXis%2F9VCOTDVwQrTfTefH%2Bt232J%2BcPDDTqjcdFVQn3qeB2rOLJ565OiJp1%2BvaYRj8OQpjA57%2FBJ8c2MD81Qy2A56mBMwa608z2aW7DDuyn8hSLpGWub8RYvVsaaM%2BTk16XPZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 7299e4ebcdfe9067-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

/
ad.marootrack.co/
Redirect Chain

http://track.aditserve.com/sl?id=61c1b2b3d9b88bb313742231&pid=930&sub1=pubd58661f56a174ae8b711e00342190548&sub2=5d45d13c_88
https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da5f38b960001c86c5c

3 KB
2 KB

332ms
109ms

Document
text/html

65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da5f38b960001c86c5c

Requested by

Host: tibu.wijtazo.com
URL: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da5a00dbc000188efab&pubid=88

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.0.11

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da5a00dbc000188efab&pubid=88
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 12 Jul 2022 12:48:38 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://ad.marootrack.co/?utm_term=7119467145691398158&ver=4viyaptcjo
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.0.11

Redirect headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 0
Date: Tue, 12 Jul 2022 12:48:37 GMT
Location: https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da5f38b960001c86c5c
Server: nginx

POST
H3 200 7299e4ea8a5a9bf5
tibu.wijtazo.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 0226 2 B
722 B 26ms
26ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tibu.wijtazo.com/cdn-cgi/challenge-platform/h/g/cv/result/7299e4ea8a5a9bf5
Requested by: Host: tibu.wijtazo.com
URL: https://tibu.wijtazo.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1657627200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 12 Jul 2022 12:48:38 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZtM%2F8%2FlWNpIm5ahOa6PDzhJWJD02vUmnQDUlP%2Fa4v0cVHEktw5Yikts0oUjN%2FMf%2Faw3wDI5bbQN2R3HZQ7ICXDfAPU3nZl7KvMAeBIm2Du5P6VcpnvPSGkqB99b1wc%2FtAVlFb56ZMVz1EVunMrSH"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7299e4edf8cd9067-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
ad.marootrack.co/ 8 KB
3 KB 120ms
117ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.marootrack.co/?utm_term=7119467145691398158&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90

Requested by

Host: ad.marootrack.co
URL: https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da5f38b960001c86c5c

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.0.11

Resource Hash

2aa7d68909e5a65f25c7488e6517bf157149f53abe26e962aaa741bcb90e5c43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da5f38b960001c86c5c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 12 Jul 2022 12:48:38 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.0.11

GET
H2 200 proc.php
ad.marootrack.co/ 4 KB
2 KB 111ms
110ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.marootrack.co/proc.php?0cfb95a8f61da1c472d785604616616906307284

Requested by

Host: ad.marootrack.co
URL: https://ad.marootrack.co/?utm_term=7119467145691398158&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.0.11

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://ad.marootrack.co/?utm_term=7119467145691398158&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 12 Jul 2022 12:48:38 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.0.11

GET
H/1.1 200
OK /
www.offermyvist.com/ 5 KB
5 KB 91ms
20ms Document
text/html 51.68.85.158
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90
Requested by: Host: ad.marootrack.co
URL: https://ad.marootrack.co/proc.php?0cfb95a8f61da1c472d785604616616906307284
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.85.158 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ad.marootrack.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Tue, 12 Jul 2022 12:48:38 GMT
Transfer-Encoding: chunked

GET
H3

200

a91581ead4 Show response
tibu.wijtazo.com/rc/
Redirect Chain

https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd8...
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd8...
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300097683af4e1e6a76ca3b77080419e60900712-202207-flb*5504646-65846*M7119467145691398158*sl_5504646-65846*9d1e6cce7f50bb...
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da6a00dbc000188efc2&pubid=503

1 KB
1 KB

72ms
71ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da6a00dbc000188efc2&pubid=503
Requested by: Host: www.offermyvist.com
URL: https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41c61c26a8e33f910850c0c0980a7c80fffc621536806a15db0277397ef3a96b

Request headers

Referer: https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467145691398158&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7299e4f23f399067-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 12 Jul 2022 12:48:38 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wshphEUXx9dRTIHXMnXvRRGzDUYtKnbVYUiO49u%2FIQOUdjp092plrLmzFiQI4ffpHmHkmGpR2qLAyE1uiovd36v8wyOWxr1by4VUOmQ2bZfF0DBw1YK09Jxzjz6S4f0TVm6nGu56ptIb882%2Bg2h%2B"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Tue, 12 Jul 2022 12:48:38 GMT
location: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da6a00dbc000188efc2&pubid=503
server: nginx

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 15ms
15ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: tibu.wijtazo.com
URL: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da6a00dbc000188efc2&pubid=503
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 12:48:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5996
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 72BQ43Z832DMHS8A
x-amz-id-2: 9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KSE9rd77FsGb4fbffp2WsO7Sjqxwjs2yHbfBBheLGcJo7QCEK%2FgIhRaaxwNbU18cPvsFiy550x9WloXge60Dg8H2kuM2RelSIsIBNtwCr7V0FPUWEP3RzOW4h5vVTPOz8GDDslqeC%2BJc5nOPQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7299e4f2bfe09046-FRA
cf-bgj: minify

GET
H2

200

/ Show response
ad.marootrack.co/
Redirect Chain

http://track.aditserve.com/sl?id=61c1b2b3d9b88bb313742231&pid=930&sub1=pubd58661f56a174ae8b711e00342190548&sub2=5d45d13c_88
https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da6f38b960001c86c85

3 KB
2 KB

107ms
107ms

Document
text/html

65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da6f38b960001c86c85

Requested by

Host: tibu.wijtazo.com
URL: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da6a00dbc000188efc2&pubid=503

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.0.11

Resource Hash

f1b4acb42e759bd725e4b6e26d314e74653e39e779fc6dbf03866989f9dc1d57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da6a00dbc000188efc2&pubid=503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 12 Jul 2022 12:48:39 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://ad.marootrack.co/?utm_term=7119467149986365443&ver=4viyaptcjo
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.0.11

Redirect headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 0
Date: Tue, 12 Jul 2022 12:48:38 GMT
Location: https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da6f38b960001c86c85
Server: nginx

GET
H2 200 / Show response
ad.marootrack.co/ 8 KB
3 KB 113ms
112ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.marootrack.co/?utm_term=7119467149986365443&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90

Requested by

Host: ad.marootrack.co
URL: https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da6f38b960001c86c85

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.0.11

Resource Hash

696af319469f72ac1045a93b9c0462c51137e431003c73debe865590f98c1d24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://ad.marootrack.co/?utm_medium=b48a60e30e5ae28afe72ddce32915e721ea2ff28&utm_campaign=Globlallink1&1=930_5d45d13c_88&cid=62cd6da6f38b960001c86c85
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 12 Jul 2022 12:48:39 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.0.11

GET
H2 200 proc.php
ad.marootrack.co/ 4 KB
2 KB 110ms
109ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.marootrack.co/proc.php?494110d4f65ccae65bb454dabefb69b41d99f3ae

Requested by

Host: ad.marootrack.co
URL: https://ad.marootrack.co/?utm_term=7119467149986365443&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.0.11

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://ad.marootrack.co/?utm_term=7119467149986365443&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 12 Jul 2022 12:48:39 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website=21899-1b747c33&placement=21899
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.0.11

GET
H/1.1 200
OK /
www.offermyvist.com/ 5 KB
5 KB 19ms
19ms Document
text/html 51.68.85.158
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91
Requested by: Host: ad.marootrack.co
URL: https://ad.marootrack.co/proc.php?494110d4f65ccae65bb454dabefb69b41d99f3ae
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.85.158 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ad.marootrack.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Tue, 12 Jul 2022 12:48:39 GMT
Transfer-Encoding: chunked

GET
H3

200

Primary Request a91581ead4 Show response
tibu.wijtazo.com/rc/
Redirect Chain

https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd8...
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd8...
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000c71c73488590ea1e59c5ee805644307c0712-202207-flb*5504646-65846*M7119467149986365443*sl_5504646-65846*f17d456f9387d4...
https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da78dd1a900014d9bbd&pubid=503

1 KB
1 KB

48ms
48ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da78dd1a900014d9bbd&pubid=503
Requested by: Host: www.offermyvist.com
URL: https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41c61c26a8e33f910850c0c0980a7c80fffc621536806a15db0277397ef3a96b

Request headers

Referer: https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7119467149986365443&website=21899-1b747c33&placement=21899&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7299e4f7480d9067-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 12 Jul 2022 12:48:39 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iD1fyD1CnqqzVLmzKekhVI%2FWfTr%2BIrV1zG9bb4x8zuPQkCidyvSX5AoboaFJ2XglGgTXzkLQjk81dilC4p3PXhWdrzKIa4HFYzDSLkVqevk5tnbF5jMM3z1bWIhHXXQEf4zHYUV6KDNSS2yKe3LR"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Tue, 12 Jul 2022 12:48:39 GMT
location: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da78dd1a900014d9bbd&pubid=503
server: nginx

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 13ms
12ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: tibu.wijtazo.com
URL: https://tibu.wijtazo.com/rc/a91581ead4?affclick=62cd6da78dd1a900014d9bbd&pubid=503
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 12:48:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5997
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 72BQ43Z832DMHS8A
x-amz-id-2: 9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cPuge4qUH%2FLPTqOwxRawusN04cakY5WrUGByPyvZprbwS%2FY35bIWZ4iSAASz4OjMH9O1Ishyy0Yii61HY5Sh7Yoj4rSlfmwv7rSYLM61HzDXPmK%2B6ylmmLa60SVCfcsoESNLk5M3Owh3eh9ucw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7299e4f79fc19046-FRA
cf-bgj: minify

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
misctraff.com/	1970-01-20 21:58:22	Name: BSESSID Value: trkd502ea9b-af0a-4047-8a73-82d52c7b8bcb
fanasti.com/	1970-01-20 04:37:14	Name: AWSALB Value: PzG5OtXFwtc8xVIGguDHNrSkGIVvXKp01SHWfB8R8nS0OsG1/o04uf5wfwnaLWwxFGTyvxr9B4azmaz5TGXKPsZypBp2oqOPNavByXMgDbMqzkJ+2prbn+Z58TDZ
go.doblevialatam.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: rbp358ml7qootuqpvrq1hda3ea
harrenmedia.g2afse.com/	1970-01-20 13:12:46	Name: afclick Value: 62cd6da4070c420001fd7972
.wijtazo.com/	1970-01-20 04:27:11	Name: __cf_bm Value: VTDLPUE9EjyN.C4.l0gMxdBkMGPm5NvK5YsLqfWrLCs-1657630118-0-Af4tsnAF6lZ7m2IwgZyu1KrUnadLhRnsktRogQJf4ld+rQ0wA42b6PdVPHHhV1JiirTGdQCveQXd553R35QTGH0O/bWD2mfMC8PkYbpxE/doxCkDni5lKmeJT5ku5dAT5w==
ad.marootrack.co/	1970-01-20 13:12:46	Name: u Value: 2eeea4bca4a66ca7fb6e9f4240e22b3f
admoustache.go2affise.com/	1970-01-20 13:12:46	Name: afclick Value: 62cd6da6a00dbc000188efc2
tibu.wijtazo.com/	1970-01-20 04:37:14	Name: AWSALB Value: OR6y/b2qSDuL0qssAHShXx6gXAMpJx5Ngsy70hzr58K0ruOg7LGj2hEuGESm8X+8zzPbDS/Tl75S5VBUz3nKZK8kE7lYqqruR5t+UTVjteKTSvzEumlyMnodelQI

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.marootrack.co
admoustache.go2affise.com
cdn.addlnk.com
fanasti.com
go.doblevialatam.com
harrenmedia.g2afse.com
kingsofpush.com
misctraff.com
tibu.wijtazo.com
track.aditserve.com
www.offermyvist.com
162.242.198.222
2606:4700:3030::ac43:bfdd
2606:4700:3033::ac43:c5db
2606:4700:3035::6815:1ad
2a06:98c1:3120::3
34.90.46.36
34.91.234.242
51.68.85.158
62.212.87.140
65.60.58.179
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
2a8a778e1a6f3798cf69934a33519f3f4f33f8ecdca3ad8d7353b7147ffee270
2aa7d68909e5a65f25c7488e6517bf157149f53abe26e962aaa741bcb90e5c43
41c61c26a8e33f910850c0c0980a7c80fffc621536806a15db0277397ef3a96b
696af319469f72ac1045a93b9c0462c51137e431003c73debe865590f98c1d24
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
79b82b2868e02ed1114a5b05e7451b3b5d27f4b86ec5067de9ae58bf261abebb
9b3a2e44489b40c557b79143dc8e4c994ac23aa0f6398f7731159df41035dc3c
a512f2f8c73370b54a19527df559e45ef00540a16e24cbc6b411fb27aeb6b4a6
f1b4acb42e759bd725e4b6e26d314e74653e39e779fc6dbf03866989f9dc1d57

tibu.wijtazo.com Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

21 Requests

100 %HTTPS

40 %IPv6

11 Domains

11 Subdomains

7 IPs

3 Countries

72 kBTransfer

154 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

8 Cookies

Indicators

tibu.wijtazo.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

40 %
IPv6

11
Domains

11
Subdomains

7
IPs

3
Countries

72 kB
Transfer

154 kB
Size

8
Cookies

21 HTTP transactions
0 data transactions