Submitted URL: http://ps.popcash.net/ad/ad?p=180505&w=388201&t=98d93b9606d71af4&r&vw=1366&vh=625
Effective URL: http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578
Submission Tags: falconsandbox
Submission: On January 15 via api from US

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 147.135.243.181, located in Netherlands and belongs to OVH, FR. The main domain is core.royalads.net.
This is the only time core.royalads.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 52.201.162.15 14618 (AMAZON-AES)
1 3 147.135.243.181 16276 (OVH)
4 2
Apex Domain
Subdomains
Transfer
3 royalads.net
core.royalads.net
2 KB
2 popcash.net
ps.popcash.net
452 B
0 xml-ads.com Failed
xml-ads.com Failed
4 3
Domain Requested by
3 core.royalads.net 1 redirects core.royalads.net
2 ps.popcash.net 2 redirects
0 xml-ads.com Failed core.royalads.net
4 3

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Frame: http://xml-ads.com/in.html
Frame ID: 6B079EF9AD6E11F03BB188F19D220B0A
Requests: 3 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://ps.popcash.net/ad/ad?p=180505&w=388201&t=98d93b9606d71af4&r&vw=1366&vh=625 HTTP 303
    http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578 Page URL
  2. http://core.royalads.net/go/?pub=81952149-3fe6-4360-921c-c76ec0a04578&ref=&scrw=1600&scrh=1200&nlc=GZ... HTTP 302
    http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087 HTTP 303
    http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

2 kB
Transfer

2 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ps.popcash.net/ad/ad?p=180505&w=388201&t=98d93b9606d71af4&r&vw=1366&vh=625 HTTP 303
    http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578 Page URL
  2. http://core.royalads.net/go/?pub=81952149-3fe6-4360-921c-c76ec0a04578&ref=&scrw=1600&scrh=1200&nlc=GZd695uj5n3Ab7UV&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
    http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087 HTTP 303
    http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ps.popcash.net/ad/ad?p=180505&w=388201&t=98d93b9606d71af4&r&vw=1366&vh=625 HTTP 303
  • http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578
Request Chain 1
  • http://core.royalads.net/go/?pub=81952149-3fe6-4360-921c-c76ec0a04578&ref=http%3A%2F%2Fcore.royalads.net%2F&scrw=1600&scrh=1200&nlc=61zR9p7F5n3Ab7UV&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
  • http://xml-ads.com/in.html

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set /
core.royalads.net/click/
Redirect Chain
  • http://ps.popcash.net/ad/ad?p=180505&w=388201&t=98d93b9606d71af4&r&vw=1366&vh=625
  • http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578
906 B
846 B
Document
General
Full URL
http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578
Protocol
HTTP/1.1
Server
147.135.243.181 , Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ip181.ip-147-135-243.eu
Software
nginx /
Resource Hash
fff94addc809e05ce31f915f9efb0b8d59de8fa9cc83ded71ec58a645a48a6e3

Request headers

Host
core.royalads.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Fri, 15 Jan 2021 04:01:58 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache
Set-Cookie
cflag=831;Domain=core.royalads.net;Path=/
Content-Encoding
gzip

Redirect headers

Date
Fri, 15 Jan 2021 04:01:58 GMT
Location
http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578
Server
nginx
Content-Length
99
Connection
keep-alive
Primary Request Cookie set /
core.royalads.net/click/
Redirect Chain
  • http://core.royalads.net/go/?pub=81952149-3fe6-4360-921c-c76ec0a04578&ref=&scrw=1600&scrh=1200&nlc=GZd695uj5n3Ab7UV&ven=&ver=&p=falsexundefined&iif=0
  • http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087
  • http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578
931 B
849 B
Document
General
Full URL
http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578
Requested by
Host: core.royalads.net
URL: http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578
Protocol
HTTP/1.1
Server
147.135.243.181 , Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ip181.ip-147-135-243.eu
Software
nginx /
Resource Hash
648167dd2c0fd7c93c9c0a4506b95139afefcbe81b8de00ce686a4749ceca58f

Request headers

Host
core.royalads.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://core.royalads.net/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
cflag=831; hash=440cecca-cbf2-4fb7-9407-268fd710fcd8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578

Response headers

Server
nginx
Date
Fri, 15 Jan 2021 04:01:59 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache
Set-Cookie
cflag=931;Domain=core.royalads.net;Path=/
Content-Encoding
gzip

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Fri, 15 Jan 2021 04:01:58 GMT
Location
http://core.royalads.net/click/?pub=81952149-3fe6-4360-921c-c76ec0a04578
Server
nginx
Content-Length
99
Connection
keep-alive
in.html
xml-ads.com/
Redirect Chain
  • http://core.royalads.net/go/?pub=81952149-3fe6-4360-921c-c76ec0a04578&ref=http%3A%2F%2Fcore.royalads.net%2F&scrw=1600&scrh=1200&nlc=61zR9p7F5n3Ab7UV&ven=&ver=&p=falsexundefined&iif=0
  • http://xml-ads.com/in.html
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
xml-ads.com
URL
http://xml-ads.com/in.html

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

core.royalads.net
ps.popcash.net
xml-ads.com
xml-ads.com
147.135.243.181
52.201.162.15
648167dd2c0fd7c93c9c0a4506b95139afefcbe81b8de00ce686a4749ceca58f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fff94addc809e05ce31f915f9efb0b8d59de8fa9cc83ded71ec58a645a48a6e3