Submitted URL: https://d1xkyo9j4r7vnn.cloudfront.net/public/click.php?offer=53167309&offer_position=1&it=982211&m=0&visitor_id=702007655&cpguid=wt9t7...
Effective URL: https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=60043af4baf2420001c2b55c
Submission: On January 17 via manual from SK

Summary

This website contacted 4 IPs in 3 countries across 8 domains to perform 6 HTTP transactions. The main IP is 5.9.127.225, located in Germany and belongs to HETZNER-AS, DE. The main domain is 1d656c28c28.trccmpnsl.com.
TLS certificate: Issued by R3 on December 4th 2020. Valid for: 3 months.
This is the only time 1d656c28c28.trccmpnsl.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2600:9000:20e... 16509 (AMAZON-02)
2 2 212.32.252.129 60781 (LEASEWEB-...)
1 3 65.60.9.234 32475 (SINGLEHOP...)
1 1 172.67.183.60 13335 (CLOUDFLAR...)
1 1 213.227.134.220 60781 (LEASEWEB-...)
1 5.9.127.225 24940 (HETZNER-AS)
6 4
Domain Requested by
3 jump.totopcontent.xyz 1 redirects d1xkyo9j4r7vnn.cloudfront.net
jump.totopcontent.xyz
1 1d656c28c28.trccmpnsl.com jump.totopcontent.xyz
1 harrenmedia.g2afse.com 1 redirects
1 tracking.armorads.com 1 redirects
1 cpadstrtmd.mobisway.com 1 redirects
1 m.banhmidigital.com 1 redirects
1 d1xkyo9j4r7vnn.cloudfront.net
0 servyourads.com Failed
6 8

This site contains no links.

Subject Issuer Validity Valid
*.cloudfront.net
DigiCert Global CA G2
2020-05-26 -
2021-04-21
a year crt.sh
jump.totopcontent.xyz
R3
2020-12-05 -
2021-03-05
3 months crt.sh
*.trccmpnsl.com
R3
2020-12-04 -
2021-03-04
3 months crt.sh

This page contains 1 frames:

Frame: https://servyourads.com/sl/691?f=a&pub_id=12356&smartlink_id=571&pub_sub=unknown&sub_pub_id=unknown
Frame ID: 901EDC53762EA2781FC779FAD0866822
Requests: 6 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://d1xkyo9j4r7vnn.cloudfront.net/public/click.php?offer=53167309&offer_position=1&it=982211&m=0&visitor_id=70... Page URL
  2. https://m.banhmidigital.com/click?pid=1309&offer_id=55971&sub1=845912562&sub5=111028 HTTP 302
    https://cpadstrtmd.mobisway.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=55971&sub4=%5BPIN%5D+PL+Generic... HTTP 302
    https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=130... Page URL
  3. https://jump.totopcontent.xyz/?utm_term=6918719742916166219&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
  4. https://jump.totopcontent.xyz/proc.php?08a04af9a356eec2f346ef0d37b3bcbb793a940e HTTP 302
    http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6918719742916166219&sub2=15494&su... HTTP 302
    https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=84&sub1=60043af4e12d040001644e0a&sub2=4 HTTP 302
    https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=60043af4baf2420001c2b55c Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
  • headers server /php\/?([\d.]+)?/i

Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i

Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i

Page Statistics

6
Requests

67 %
HTTPS

17 %
IPv6

8
Domains

8
Subdomains

4
IPs

3
Countries

9 kB
Transfer

15 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://d1xkyo9j4r7vnn.cloudfront.net/public/click.php?offer=53167309&offer_position=1&it=982211&m=0&visitor_id=702007655&cpguid=wt9t7tw6g&hash=df80d96169dab2035f769d1e7f9922f0 Page URL
  2. https://m.banhmidigital.com/click?pid=1309&offer_id=55971&sub1=845912562&sub5=111028 HTTP 302
    https://cpadstrtmd.mobisway.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=55971&sub4=%5BPIN%5D+PL+Generic+Download HTTP 302
    https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=60043af3b301010001c640ad Page URL
  3. https://jump.totopcontent.xyz/?utm_term=6918719742916166219&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e Page URL
  4. https://jump.totopcontent.xyz/proc.php?08a04af9a356eec2f346ef0d37b3bcbb793a940e HTTP 302
    http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6918719742916166219&sub2=15494&sub3=15494-651cd233 HTTP 302
    https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=84&sub1=60043af4e12d040001644e0a&sub2=4 HTTP 302
    https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=60043af4baf2420001c2b55c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://m.banhmidigital.com/click?pid=1309&offer_id=55971&sub1=845912562&sub5=111028 HTTP 302
  • https://cpadstrtmd.mobisway.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=55971&sub4=%5BPIN%5D+PL+Generic+Download HTTP 302
  • https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=60043af3b301010001c640ad

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
click.php
d1xkyo9j4r7vnn.cloudfront.net/public/
542 B
1 KB
Document
General
Full URL
https://d1xkyo9j4r7vnn.cloudfront.net/public/click.php?offer=53167309&offer_position=1&it=982211&m=0&visitor_id=702007655&cpguid=wt9t7tw6g&hash=df80d96169dab2035f769d1e7f9922f0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:3e00:1a:60a5:c0c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash
eb44965ddf252b81bc84c9b60d08b994ed8492605d4aefc60d861db5d6928813

Request headers

:method
GET
:authority
d1xkyo9j4r7vnn.cloudfront.net
:scheme
https
:path
/public/click.php?offer=53167309&offer_position=1&it=982211&m=0&visitor_id=702007655&cpguid=wt9t7tw6g&hash=df80d96169dab2035f769d1e7f9922f0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
content-length
542
date
Sun, 17 Jan 2021 13:26:11 GMT
server
Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-powered-by
PHP/7.4.11
cache-control
no-cache, no-transform
pragma
no-cache
expires
Sat, 26 Jul 1997 05:00:00 GMT
set-cookie
BUILD_VISITOR_RAND=af30c299; expires=Mon, 18-Jan-2021 13:26:11 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None BUILD_VISITOR_ID=702007655; expires=Mon, 18-Jan-2021 13:26:11 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None BUILD_VISITOR_ID_KEY=f4832efbbe8dd93cdd05be601fa18ad6; expires=Mon, 18-Jan-2021 13:26:11 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None BUILD_CLICK_IDS=%5B845912562%5D; expires=Mon, 18-Jan-2021 13:26:11 GMT; Max-Age=86400; path=/
x-cache
Miss from cloudfront
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
r6whjf3mOEcBqy32iOHTrR64RgaLZRqm3E63GqrfDRbHUzq2Vzc1AA==
click.php
d1xkyo9j4r7vnn.cloudfront.net/public/
0
0

/
jump.totopcontent.xyz/
Redirect Chain
  • https://m.banhmidigital.com/click?pid=1309&offer_id=55971&sub1=845912562&sub5=111028
  • https://cpadstrtmd.mobisway.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=55971&sub4=%5BPIN%5D+PL+Generic+Download
  • https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=60043af3b301010001c640ad
3 KB
2 KB
Document
General
Full URL
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=60043af3b301010001c640ad
Requested by
Host: d1xkyo9j4r7vnn.cloudfront.net
URL: https://d1xkyo9j4r7vnn.cloudfront.net/public/click.php?offer=53167309&offer_position=1&it=982211&m=0&visitor_id=702007655&cpguid=wt9t7tw6g&hash=df80d96169dab2035f769d1e7f9922f0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
65.60.9.234 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
9d4bdc1445fec37c92bf0e157c330db8a7401a6e196525b7ba2e836cd4ec611e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
jump.totopcontent.xyz
:scheme
https
:path
/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=60043af3b301010001c640ad
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://d1xkyo9j4r7vnn.cloudfront.net/public/click.php?offer=53167309&offer_position=1&it=982211&m=0&visitor_id=702007655&cpguid=wt9t7tw6g&hash=df80d96169dab2035f769d1e7f9922f0

Response headers

server
nginx
date
Sun, 17 Jan 2021 13:26:11 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=bd37f94de2a3b7d065bcbedf5b127eb8; expires=Mon, 17-Jan-2022 13:26:11 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip

Redirect headers

server
nginx
date
Sun, 17 Jan 2021 13:26:11 GMT
content-type
text/html; charset=utf-8
content-length
171
location
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=60043af3b301010001c640ad
referer
referrer-policy
no-referrer
set-cookie
afclick=60043af3b301010001c640ad; Expires=Mon, 17 Jan 2022 13:26:11 GMT; Secure; SameSite=None
/
jump.totopcontent.xyz/
11 KB
5 KB
Document
General
Full URL
https://jump.totopcontent.xyz/?utm_term=6918719742916166219&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Requested by
Host: jump.totopcontent.xyz
URL: https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=60043af3b301010001c640ad
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
65.60.9.234 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
7b5abdc203f65a941bf03160b88961c80806695ea7d4d72f3f784e9fe7ba63d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
jump.totopcontent.xyz
:scheme
https
:path
/?utm_term=6918719742916166219&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=60043af3b301010001c640ad
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
u=bd37f94de2a3b7d065bcbedf5b127eb8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=60043af3b301010001c640ad

Response headers

server
nginx
date
Sun, 17 Jan 2021 13:26:12 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
Primary Request /
1d656c28c28.trccmpnsl.com/
Redirect Chain
  • https://jump.totopcontent.xyz/proc.php?08a04af9a356eec2f346ef0d37b3bcbb793a940e
  • http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6918719742916166219&sub2=15494&sub3=15494-651cd233
  • https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=84&sub1=60043af4e12d040001644e0a&sub2=4
  • https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=60043af4baf2420001c2b55c
842 B
859 B
Document
General
Full URL
https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=60043af4baf2420001c2b55c
Requested by
Host: jump.totopcontent.xyz
URL: https://jump.totopcontent.xyz/?utm_term=6918719742916166219&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.9.127.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.225.127.9.5.clients.your-server.de
Software
/
Resource Hash
f465db46cd919823a4b8ffbba34b09c750f04fcd7f5a088ee10ba1989aba4a6e

Request headers

:method
GET
:authority
1d656c28c28.trccmpnsl.com
:scheme
https
:path
/?p=2155&media_type=mainstream&click_id=60043af4baf2420001c2b55c
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://jump.totopcontent.xyz/?utm_term=6918719742916166219&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e#

Response headers

date
Sun, 17 Jan 2021 13:26:12 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
set-cookie
rts-trck=1; expires=Sun, 17-Jan-2021 13:36:12 GMT; Max-Age=600; path=/; domain=1d656c28c28.trccmpnsl.com
last-modified
Sun, 17 Jan 2021 13:26:12 GMT
expires
Sun, 17 Jan 2021 13:26:12 GMT
cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma
no-cache
x-robots-tag
noindex, nofollow
content-encoding
gzip

Redirect headers

server
nginx
date
Sun, 17 Jan 2021 13:26:12 GMT
content-type
text/html; charset=utf-8
content-length
128
location
https://1d656c28c28.trccmpnsl.com/?p=2155&media_type=mainstream&click_id=60043af4baf2420001c2b55c
referer
referrer-policy
no-referrer
set-cookie
afclick=60043af4baf2420001c2b55c; Expires=Mon, 17 Jan 2022 13:26:12 GMT; Secure; SameSite=None
691
servyourads.com/sl/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
d1xkyo9j4r7vnn.cloudfront.net
URL
https://d1xkyo9j4r7vnn.cloudfront.net/public/click.php?offer=53167309&offer_position=1&it=982211&m=0&visitor_id=702007655&cpguid=wt9t7tw6g&hash=df80d96169dab2035f769d1e7f9922f0
Domain
servyourads.com
URL
https://servyourads.com/sl/691?f=a&pub_id=12356&smartlink_id=571&pub_sub=unknown&sub_pub_id=unknown

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies