urlscan.io logo urlscan.io
SecurityTrails logo

1d5e051bc65.traffic-c.com Open in urlscan Pro
94.237.103.119  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://click-v4.expmdiadi.com/click?i=NXx0mIqhFJQ_0
Effective URL: https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=28e23b7b2d40b93ce632a4c9d...
Submission: On December 07 via manual from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 6 countries across 11 domains to perform 6 HTTP transactions. The main IP is 94.237.103.119, located in Finland and belongs to UPCLOUD, FI. The main domain is 1d5e051bc65.traffic-c.com.
TLS certificate: Issued by R3 on October 7th 2022. Valid for: 3 months.
This is the only time 1d5e051bc65.traffic-c.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 198.134.116.17 27257 (WEBAIR-IN...)
1 1 51.161.115.163 16276 (OVH)
1 1 198.134.116.30 27257 (WEBAIR-IN...)
2 3 51.83.143.92 16276 (OVH)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2 23.235.244.226 20454 (SSASN2)
1 94.237.103.119 202053 (UPCLOUD)
1 1 13.214.99.116 16509 (AMAZON-02)
1 2600:140b:dc0... 20940 (AKAMAI-ASN1)
6 6
1    198.134.116.17 (United States)

ASN27257 (WEBAIR-INTERNET, US)
click-v4.expmdiadi.com
1    51.161.115.163 (Canada)

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net
t3.lowtid.com
1    198.134.116.30 (United States)

ASN27257 (WEBAIR-INTERNET, US)
go.redanemone.xyz
3    51.83.143.92 (France)

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu
t10.blowingwnd.com
samba.trffclb.com
2    2606:4700:3035::6815:36c2 (United States)

ASN13335 (CLOUDFLARENET, US)
popmyads.com
2    2606:4700:10::6816:4bab (United States)

ASN13335 (CLOUDFLARENET, US)
whos.amung.us
widgets.amung.us
2    23.235.244.226 (Phoenix, United States)

ASN20454 (SSASN2, US)
prpops.com
1    94.237.103.119 (Finland)

ASN202053 (UPCLOUD, FI)
PTR: 94-237-103-119.de-fra1.upcloud.host
1d5e051bc65.traffic-c.com
1    13.214.99.116 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-214-99-116.ap-southeast-1.compute.amazonaws.com
optiestrycended.com
1    2600:140b:dc00::173e:6a0a (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
ak.torioluor.com
Apex Domain
Subdomains		 Transfer
2 prpops.com
prpops.com — Cisco Umbrella Rank: 362481
19 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 12344
widgets.amung.us — Cisco Umbrella Rank: 18015
681 B
2 popmyads.com
popmyads.com — Cisco Umbrella Rank: 211220
2 KB
2 trffclb.com
samba.trffclb.com — Cisco Umbrella Rank: 202897
1 KB
1 torioluor.com
ak.torioluor.com — Cisco Umbrella Rank: 703540
1 optiestrycended.com
optiestrycended.com — Cisco Umbrella Rank: 778111
618 B
1 traffic-c.com
1d5e051bc65.traffic-c.com
1 KB
1 blowingwnd.com
t10.blowingwnd.com — Cisco Umbrella Rank: 306981
322 B
1 redanemone.xyz
go.redanemone.xyz — Cisco Umbrella Rank: 121413
265 B
1 lowtid.com
t3.lowtid.com — Cisco Umbrella Rank: 95432
367 B
1 expmdiadi.com
click-v4.expmdiadi.com — Cisco Umbrella Rank: 52460
240 B
6 11
Domain Requested by
2 prpops.com 1 redirects
2 popmyads.com 1 redirects samba.trffclb.com
2 samba.trffclb.com 1 redirects
1 ak.torioluor.com
1 optiestrycended.com 1 redirects
1 1d5e051bc65.traffic-c.com
1 widgets.amung.us
1 whos.amung.us 1 redirects
1 t10.blowingwnd.com 1 redirects
1 go.redanemone.xyz 1 redirects
1 t3.lowtid.com 1 redirects
1 click-v4.expmdiadi.com 1 redirects
6 12

This site contains no links.

Subject Issuer Validity Valid
lone-star.landingtrack.com
R3		 2022-11-29 -
2023-02-27		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-03 -
2023-06-02		 a year crt.sh
traffic-c.com
R3		 2022-10-07 -
2023-01-05		 3 months crt.sh
ak.hetaruwg.com
R3		 2022-11-22 -
2023-02-20		 3 months crt.sh

This page contains 1 frames:

Frame: https://ak.torioluor.com/afu.php?zoneid=5054313&var=34554c5&ymid=wj50nj5bh1g51j0li96h25ac
Frame ID: 9CF0874DAECCD97C22987D0CE48B0A3D
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://click-v4.expmdiadi.com/click?i=NXx0mIqhFJQ_0 HTTP 302
    https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=NXx0mIqhFJQ_0&s=2... HTTP 302
    https://go.redanemone.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.jp.windows.ch... HTTP 302
    https://t10.blowingwnd.com/d.php?p=c:wdbc86tkjdcuv0p14&d=6385f951f7e92775244810c2&s=custom_123j1djb25.j... HTTP 302
    https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb... Page URL
  2. https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb... HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  3. https://popmyads.com/gget HTTP 302
    http://prpops.com/p/sjbi/direct/t:0646613550 Page URL
  4. http://prpops.com/p/sjbi/direct/t:0646613550?prc_c=1670411435&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOi... HTTP 302
    https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=28e23... Page URL

Page Statistics

6
Requests

67 %
HTTPS

30 %
IPv6

11
Domains

12
Subdomains

6
IPs

6
Countries

22 kB
Transfer

54 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://click-v4.expmdiadi.com/click?i=NXx0mIqhFJQ_0 HTTP 302
    https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=NXx0mIqhFJQ_0&s=216899_garss.tv HTTP 302
    https://go.redanemone.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.jp.windows.chrome&query=jp.windows.chrome&pub_clickid=639074a838b6cb062345319a HTTP 302
    https://t10.blowingwnd.com/d.php?p=c:wdbc86tkjdcuv0p14&d=6385f951f7e92775244810c2&s=custom_123j1djb25.jp.windows.chrome&d2=t3.lowtid.com HTTP 302
    https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome Page URL
  2. https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome&bv=1 HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  3. https://popmyads.com/gget HTTP 302
    http://prpops.com/p/sjbi/direct/t:0646613550 Page URL
  4. http://prpops.com/p/sjbi/direct/t:0646613550?prc_c=1670411435&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZVwvMTA4LjAuNTM1OS45NCBTYWZhcmlcLzUzNy4zNiJ9&prc_h=ee98c903b21bb61b20b8467aa52fd6c00fd6595a8b5aa56300f852248fb45390&pr_tsid=3a29578cdeb4a60273b5ba7f96211f4006f3f18917b4c3bab386c7724673aad7&pr_tsids=859639e2a8b4330c5df210265b2bf789227c8bfc372b17f151505c1878ad1330 HTTP 302
    https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=28e23b7b2d40b93ce632a4c9d6996a2cb402ce644c5a4d383a21738b910dceda&sub_id=7753721&transaction_id=S26582623 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://click-v4.expmdiadi.com/click?i=NXx0mIqhFJQ_0 HTTP 302
  • https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=NXx0mIqhFJQ_0&s=216899_garss.tv HTTP 302
  • https://go.redanemone.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.jp.windows.chrome&query=jp.windows.chrome&pub_clickid=639074a838b6cb062345319a HTTP 302
  • https://t10.blowingwnd.com/d.php?p=c:wdbc86tkjdcuv0p14&d=6385f951f7e92775244810c2&s=custom_123j1djb25.jp.windows.chrome&d2=t3.lowtid.com HTTP 302
  • https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome
Request Chain 1
  • https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome&bv=1 HTTP 302
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Request Chain 2
  • https://whos.amung.us/swidget/popmyads.png HTTP 307
  • https://widgets.amung.us/small/94/9466.png
Request Chain 3
  • https://popmyads.com/gget HTTP 302
  • http://prpops.com/p/sjbi/direct/t:0646613550
Request Chain 4
  • https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=4554&c1=5x5rieop0cv5i3p4fk9w0k0sk,16628309,5,4554 HTTP 302
  • https://ak.torioluor.com/afu.php?zoneid=5054313&var=34554c5&ymid=wj50nj5bh1g51j0li96h25ac

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
l.php
samba.trffclb.com/
Redirect Chain
  • http://click-v4.expmdiadi.com/click?i=NXx0mIqhFJQ_0
  • https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=NXx0mIqhFJQ_0&s=216899_garss.tv
  • https://go.redanemone.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.jp.windows.chrome&query=jp.windows.chrome&pub_clickid=639074a838b6cb062345319a
  • https://t10.blowingwnd.com/d.php?p=c:wdbc86tkjdcuv0p14&d=6385f951f7e92775244810c2&s=custom_123j1djb25.jp.windows.chrome&d2=t3.lowtid.com
  • https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome
913 B
878 B 		Document
General
Check archive.org
Download Go to
Full URL
https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.83.143.92 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3155458.ip-51-83-143.eu
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 07 Dec 2022 11:10:34 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 07 Dec 2022 11:10:33 GMT
Location
https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome
Raund
2sz
Round
11hx4alk7e
Server
nginx
aHR0cDovL3RyYWZmaXgxMy5jb20=
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/
Redirect Chain
  • https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome&bv=1
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Requested by
Host: samba.trffclb.com
URL: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:36c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options DENY

Request headers

Referer
https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_custom_123j1djb25.jp.windows.chrome
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
775cd0ccda83261b-NRT
content-encoding
br
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=UTF-8
date
Wed, 07 Dec 2022 11:10:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uU6uHgPMAJdqTV5d1snFnXLOqP9779EbnMWcBDl6H84r9QHLk%2B9T5exdThDc47tR7Y29R%2Frvt5Z6qtjQZ2BQ1XnLQN%2FFs5fC4Vu1lQqNGKPWXaPTezDWbDPz5fxnv9R23sfUBjdnenRg%2FZs%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
DENY
x-powered-by
PHP/7.1.33

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 07 Dec 2022 11:10:34 GMT
Location
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Raund
2g2
Round
11kgq037yu
Server
nginx
9466.png
widgets.amung.us/small/94/
Redirect Chain
  • https://whos.amung.us/swidget/popmyads.png
  • https://widgets.amung.us/small/94/9466.png
337 B
509 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.amung.us/small/94/9466.png
Protocol
H2
Server
2606:4700:10::6816:4bab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://popmyads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 11:10:35 GMT
cf-cache-status
HIT
last-modified
Sun, 13 Jun 2010 09:48:38 GMT
server
cloudflare
age
1970579
etag
"4c14a976-151"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
775cd0cf99831d8f-NRT
content-length
337
expires
Tue, 15 Nov 2022 15:47:36 GMT

Redirect headers

location
https://widgets.amung.us/small/94/9466.png
date
Wed, 07 Dec 2022 11:10:35 GMT
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
775cd0ce98e51d8f-NRT
content-type
text/html; charset=UTF-8
t:0646613550
prpops.com/p/sjbi/direct/
Redirect Chain
  • https://popmyads.com/gget
  • http://prpops.com/p/sjbi/direct/t:0646613550
50 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://prpops.com/p/sjbi/direct/t:0646613550
Protocol
HTTP/1.1
Server
23.235.244.226 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software
nginx /
Resource Hash
6373d90855cb7c3d00178c079bc9939d6eb8c72a199e044f6fcf6659cf38fd3d

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://popmyads.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Accept-CH
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Device-Memory, RTT, ECT, Downlink
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate, no-transform
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 07 Dec 2022 11:10:35 GMT
Expires
Tue, 31 Dec 2013 23:59:59 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
775cd0cecca1261b-NRT
content-type
text/html; charset=UTF-8
date
Wed, 07 Dec 2022 11:10:35 GMT
location
http://prpops.com/p/sjbi/direct/t:0646613550
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jpyJsAQEGr7BlaVl%2FJ5vhpBH%2FIwMbUHFRCMbn%2B%2FjdFY0TmQ3TtvW9pGJN3mamR286wgsT4LPCGZoCwYQJlZcy1SIjRr4Ls673U6tb7nbyPgA7ZgGrCSZG%2FqnK7whHGS6EMbkoWZ%2BV6l3VOM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.1.33
Primary Request /
1d5e051bc65.traffic-c.com/
Redirect Chain
  • http://prpops.com/p/sjbi/direct/t:0646613550?prc_c=1670411435&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR...
  • https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=28e23b7b2d40b93ce632a4c9d6996a2cb402ce644c5a4d383a21738b910dceda&sub_id=7753721&transaction_...
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=28e23b7b2d40b93ce632a4c9d6996a2cb402ce644c5a4d383a21738b910dceda&sub_id=7753721&transaction_id=S26582623
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.237.103.119 , Finland, ASN202053 (UPCLOUD, FI),
Reverse DNS
94-237-103-119.de-fra1.upcloud.host
Software
/
Resource Hash
05e6314892803dc47851d384543d159e75b5302b6cd1dc93c97a515eee06ea0b

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
http://prpops.com
Referer
http://prpops.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 07 Dec 2022 11:10:36 GMT
expires
Wed, 7 Dec 2022 11:10:36 GMT
last-modified
Wed, 7 Dec 2022 11:10:36 GMT
pragma
no-cache
vary
Accept-Encoding
x-robots-tag
noindex, nofollow

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate, no-transform
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 07 Dec 2022 11:10:36 GMT
Expires
Tue, 31 Dec 2013 23:59:59 GMT
Location
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=28e23b7b2d40b93ce632a4c9d6996a2cb402ce644c5a4d383a21738b910dceda&sub_id=7753721&transaction_id=S26582623
Server
nginx
Transfer-Encoding
chunked
afu.php
ak.torioluor.com/
Redirect Chain
  • https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=4554&c1=5x5rieop0cv5i3p4fk9w0k0sk,16628309,5,4554
  • https://ak.torioluor.com/afu.php?zoneid=5054313&var=34554c5&ymid=wj50nj5bh1g51j0li96h25ac
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ak.torioluor.com/afu.php?zoneid=5054313&var=34554c5&ymid=wj50nj5bh1g51j0li96h25ac
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:dc00::173e:6a0a Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=28e23b7b2d40b93ce632a4c9d6996a2cb402ce644c5a4d383a21738b910dceda&sub_id=7753721&transaction_id=S26582623
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store
content-type
text/plain; charset=utf-8
date
Wed, 07 Dec 2022 11:10:38 GMT
expires
Wed, 07 Dec 2022 11:10:38 GMT
pragma
no-cache
server-timing
cdn-cache; desc=MISS edge; dur=672 origin; dur=24
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff

Redirect headers

cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
0
date
Wed, 07 Dec 2022 11:10:37 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://ak.torioluor.com/afu.php?zoneid=5054313&var=34554c5&ymid=wj50nj5bh1g51j0li96h25ac
pragma
no-cache
server
nginx

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

7 Cookies

Domain/Path Name / Value
prpops.com/p/sjbi/direct Name: woa1quur7O
Value: f65fbae7246b118f419e9a2b17c13d783ddffd187ef22dba368526b58d0e65991e53311c7abebd895cc9f1734c732e72ca5a6a5f7fcd332f5cf59d97a2edf4b5
prpops.com/p/sjbi/direct Name: biscuit_suus99w8
Value: 76e022b47eff96cade05567506939806a46c86a5ff4464ca0030c6e78379e9ed
.1d5e051bc65.traffic-c.com/ Name: rts-trck
Value: 1
.traffic-c.com/ Name: t-uuid
Value: 5x5rieop846reh7h9sl4wgk4o
.traffic-c.com/ Name: traffic-back
Value: ok
.optiestrycended.com/ Name: bf0465cf-e980-478d-87f2-27d14b1b731e-v4
Value: u8StPvpS4x0pm7RmEte8sSQb2bxG7ofT9SsePTxfn6M
.optiestrycended.com/ Name: cc-v4
Value: TvaoPL9BEg55k%2BI6xUGw%2FOtSK3eGNlLa1jUzQmO%2FrdlAmbDN0DddCusGuxsvAOa9ZPHv3dzZ9LWyNEYf%2BvR1bHFzQQjRcXZrqOrHDcNKKXLpCQrzrOAiQao2APBros%2B5lGM3ge4YMiUw4UE%2Fx1MnLw%3D%3D