urlscan.io logo urlscan.io
SecurityTrails logo

click.trlxcf02.com Open in urlscan Pro
188.114.97.12  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://storage.googleapis.com/lolvoipsakslass/radarociaso.html#r.php?t=c&d=340327&l=9423&c=2553
Effective URL: https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=258454012&c3=1409
Submission: On August 01 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 4 countries across 5 domains to perform 2 HTTP transactions. The main IP is 188.114.97.12, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is click.trlxcf02.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 20th 2022. Valid for: a year.
This is the only time click.trlxcf02.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 142.251.36.112 15169 (GOOGLE)
1 1 65.109.4.138 24940 (HETZNER-AS)
1 1 34.91.53.57 396982 (GOOGLE-CL...)
1 1 35.189.245.169 396982 (GOOGLE-CL...)
1 188.114.97.12 13335 (CLOUDFLAR...)
2 2
1    142.251.36.112 (United States)

ASN15169 (GOOGLE, US)
PTR: prg03s11-in-f16.1e100.net
storage.googleapis.com
1    65.109.4.138 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.138.4.109.65.clients.your-server.de
magicdeala.dns.army
1    34.91.53.57 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 57.53.91.34.bc.googleusercontent.com
toolclipper.com
1    35.189.245.169 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 169.245.189.35.bc.googleusercontent.com
veertgreen.com
1    188.114.97.12 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
click.trlxcf02.com
Apex Domain
Subdomains		 Transfer
1 trlxcf02.com
click.trlxcf02.com
2 KB
1 veertgreen.com
veertgreen.com
745 B
1 toolclipper.com
toolclipper.com
290 B
1 dns.army
magicdeala.dns.army
365 B
1 googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 446
862 B
2 5
Domain Requested by
1 click.trlxcf02.com storage.googleapis.com
1 veertgreen.com 1 redirects
1 toolclipper.com 1 redirects
1 magicdeala.dns.army 1 redirects
1 storage.googleapis.com
2 5

This site contains no links.

Subject Issuer Validity Valid
storage.googleapis.com
GTS CA 1C3		 2022-07-11 -
2022-10-03		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-20 -
2023-05-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=258454012&c3=1409
Frame ID: E6AEE542ED9740A82BEB7EC39A87510B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://storage.googleapis.com/lolvoipsakslass/radarociaso.html Page URL
  2. http://magicdeala.dns.army/r.php?t=c&d=340327&l=9423&c=2553 HTTP 302
    https://toolclipper.com/?a=1409&oc=15307&c=42463&m=3&s1=30&s2=340327&s3=35&s4=9423&s5=2553 HTTP 302
    https://veertgreen.com/?a=1409&oc=15307&c=42463&m=3&s1=30&s2=340327&s3=35&s4=9423&s5=2553&ckmguid=3... HTTP 302
    https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=258454012&c3=1409 Page URL

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

2
IPs

4
Countries

3 kB
Transfer

0 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://storage.googleapis.com/lolvoipsakslass/radarociaso.html Page URL
  2. http://magicdeala.dns.army/r.php?t=c&d=340327&l=9423&c=2553 HTTP 302
    https://toolclipper.com/?a=1409&oc=15307&c=42463&m=3&s1=30&s2=340327&s3=35&s4=9423&s5=2553 HTTP 302
    https://veertgreen.com/?a=1409&oc=15307&c=42463&m=3&s1=30&s2=340327&s3=35&s4=9423&s5=2553&ckmguid=3d8cacea-0eb1-41a9-abf2-73af11b0f3f9 HTTP 302
    https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=258454012&c3=1409 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
radarociaso.html
storage.googleapis.com/lolvoipsakslass/ 		286 B
862 B 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/lolvoipsakslass/radarociaso.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.36.112 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s11-in-f16.1e100.net
Software
UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-length
286
content-type
text/html
date
Mon, 01 Aug 2022 07:51:39 GMT
etag
"d90f65f49ded723877394e7d5939abf6"
expires
Mon, 01 Aug 2022 08:51:39 GMT
last-modified
Sat, 11 Jun 2022 03:19:57 GMT
server
UploadServer
x-goog-generation
1654917597694941
x-goog-hash
crc32c=MkYxfA== md5=2Q9l9J3tcjh3OU59WTmr9g==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
286
x-guploader-uploadid
ADPycdvJjelEuhiwbcfqF3GpconCYc5yGtJIUnoCUHP9ZA4MHl354WsAWHf8i9LVtpKymrP1lZRX9aqlG_f_r0S8rBiFdg
Primary Request yX3CWb8iyJQi8Bznu2
click.trlxcf02.com/click/
Redirect Chain
  • http://magicdeala.dns.army/r.php?t=c&d=340327&l=9423&c=2553
  • https://toolclipper.com/?a=1409&oc=15307&c=42463&m=3&s1=30&s2=340327&s3=35&s4=9423&s5=2553
  • https://veertgreen.com/?a=1409&oc=15307&c=42463&m=3&s1=30&s2=340327&s3=35&s4=9423&s5=2553&ckmguid=3d8cacea-0eb1-41a9-abf2-73af11b0f3f9
  • https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=258454012&c3=1409
24 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=258454012&c3=1409
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/lolvoipsakslass/radarociaso.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e37b6f5753f324cba2796bfa3efdb1b0b0f20d97596abb201e281af57858235f

Request headers

Referer
https://storage.googleapis.com/lolvoipsakslass/radarociaso.html#r.php?t=c&d=340327&l=9423&c=2553
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-ray
733cfd751cd290fe-FRA
content-type
text/html; charset=UTF-8
date
Mon, 01 Aug 2022 07:51:42 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFq9kM5E36OniGLZJVr9UovB4iKCMdIuzBfld5V8yfqYrpGpfm7u0KbPIR1ZZ6jMdtwJlES1XBjHoUCB8nlqNJL7J%2BeMuNaqfKBq0AJBzKCaPSF537cALEcmTgheCjzt7CaUtT0%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

cache-control
private
content-length
210
content-type
text/html; charset=utf-8
date
Mon, 01 Aug 2022 07:51:40 GMT
location
https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=258454012&c3=1409
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

7 Cookies

Domain/Path Name / Value
.veertgreen.com/ Name: sfd
Value: Y3TiB/jhniK8AfQ5PhEF8Ry1HBOf/9vnIDkMOWmq1SMU4suH60FNYg==
.veertgreen.com/ Name: ti
Value: wjmkwhXjKXOTto9OgDd2ehy1HBOf/9vnIDkMOWmq1SMU4suH60FNYg==
.veertgreen.com/ Name: c12658
Value: Y3TiB/jhniK/aJJzTHEwzSsvewxLaS233elrbIZNoo5hwnuYWIXdiA==
click.trlxcf02.com/ Name: AWSALB
Value: +bF8MfIXcW1Ep/wyYh+540DIf+z/5t7TsVOnVYjhloGZx6d5sT41cq3MVn0ZSwk05xRfh6mhN56ug4vqKBC9xgWoyNh6fcHa5LEWgVJgvi37fD8Kj5MfolEDUM4g
click.trlxcf02.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IlBwZHFDblc1b0R1N0ZVVUhZZ3JrRnc9PSIsInZhbHVlIjoiQm5tZTR1bDNsRlowZCt0SHBLb2hvSlZoblAzY2dLRXN3cVBKWlwvNEdsQXlDeERyQTExNW1YWGE4RlhlMHhiTXVUbHBBUVJkMmZTQ05zdFJsMTYzS1BBPT0iLCJtYWMiOiIwZTA5MjIzZjJmYjJjM2RjNmM4NTM5ZTJhMTM4NjQzMWVlYmE3NjY4M2RjNGNhZTZjN2ExZWRmYTAyNDA5NmIwIn0%3D
click.trlxcf02.com/ Name: session
Value: eyJpdiI6IlA1MnBkUDlNaGphbm54SG52RFZJa1E9PSIsInZhbHVlIjoiQ2N5b1dOeld6UGFBc1BJZ0MwMTZsXC9DdUpqSVwvVUNscXJqbjIxZVFFOVZSK0lnRmd2SUFVOGU4WmFzRStEeG41UjBHQVwvYXFpMDJiNVJWVmJYUU1qYkE9PSIsIm1hYyI6IjFjNTY0NmQ3MGQxMjNkMzBjMDc0NzUxOTVlZGQzZTIwMzE4Mzc5YTQyZWRlOGMyOGViZWU3OTU5OWZlNTY1YjQifQ%3D%3D
click.trlxcf02.com/ Name: rlHgWDBj0HpqqOksfca29JiJBmCrdjHaot960WAY
Value: eyJpdiI6InhJMVY0K0p5ZlZvYzRoaVFUOGZFaFE9PSIsInZhbHVlIjoidGpraE9hM2JBYTdEbWp1OEk2ZWp1MW9FamVaK3VwcmFsSXR3cXRrSndUUXFOeWdKZ2o2N0RUR252cndzeFhOc2JUSERBVWFIWnZ4Y25aUzJsUEtpcWhPcUZleGJyZlVENHdzYXhQaW1VRWhwN3pISnV0WWtrK3dXbG8wXC9tYVN3aUVcLzRlcFZ2MFF3WmdDaFwvbUdtYnFmUW9HY1NWZzRxYUk0RVpmZFZyV2FtMzFkN1BGbnlVQll2aFZyYlFuTUlaZG92RnRuenFiY1Z2UTk2QnBON2xtVnZtbWFObWZpVUc4RGRLYUFIbFB2VVNkeG5uQ0FvTThrV2t3ZGoralJlbnd2VkZhTFp4Z2ZEbG9jQkV5M0JHKzVmcGFUYzJ5bzlFV3lxSzd2UWpVNEl0NVNWZmExS0dyQStjb2d1UmxvR0hSTzBkK0haanJlcG52aG1zSmNjYm5NekFXd0ZZSHMyS2I4WFwvVjhRam50cXhPQnRUelpQS3htZTI3bnJwaEFSRVR3cVo0UFVhMUpFSnJmRXB2XC83QVVnPT0iLCJtYWMiOiIwZmE1ZDdkYjQwMjk3MWEyMzU3NWJkMzg2ODQ0NmFmYTE2MDMwZGZlYzc5NDlmZmZmNzZkNTgzOTMxNWY3OGZjIn0%3D

1 Console Messages

Source Level URL
Text
network error URL: https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=258454012&c3=1409
Message:
Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.trlxcf02.com
magicdeala.dns.army
storage.googleapis.com
toolclipper.com
veertgreen.com
142.251.36.112
188.114.97.12
34.91.53.57
35.189.245.169
65.109.4.138
e37b6f5753f324cba2796bfa3efdb1b0b0f20d97596abb201e281af57858235f