www.parstofar.com Open in urlscan Pro
94.237.84.54 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.cimentbuilder.one/?sl=5738009-ccc5a&data1=track1&data2=track2&tag=m7329670584688705537&website=7153-842b026f&place...
Effective URL:
https://www.parstofar.com/dl/all/offer/sub/download/?tid=61t2bosr89iwnn2aqdpoockkg,17594626,5,5929&ctrack=1706829086.89092...
Submission: On February 01 via api (February 1st 2024, 11:11:31 pm UTC) from US — Scanned from US

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 4 countries across 5 domains to perform 2 HTTP transactions. The main IP is 94.237.84.54, located in Finland and belongs to UPCLOUD, FI. The main domain is www.parstofar.com.
TLS certificate: Issued by R3 on December 21st 2023. Valid for: 3 months.

This is the only time www.parstofar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	51.68.82.147 51.68.82.147	16276 (OVH) (OVH)
1 1	104.26.6.190 104.26.6.190	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	116.202.159.170 116.202.159.170	24940 (HETZNER-AS) (HETZNER-AS)
1 1	94.237.99.118 94.237.99.118	202053 (UPCLOUD) (UPCLOUD)
1	94.237.84.54 94.237.84.54	202053 (UPCLOUD) (UPCLOUD)
2	3

1 51.68.82.147 (France) 1 redirects

ASN16276 (OVH, FR)

www.cimentbuilder.one	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.6.190 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

admoustache.aftrad-visit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.202.159.170 (Munich, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.170.159.202.116.clients.your-server.de

4774842.catchtheclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.237.99.118 (Finland) 1 redirects

ASN202053 (UPCLOUD, FI)
PTR: 94-237-99-118.de-fra1.upcloud.host

1d6170ac978.traffic-c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.237.84.54 (Finland)

ASN202053 (UPCLOUD, FI)
PTR: 94-237-84-54.de-fra1.upcloud.host

www.parstofar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	parstofar.com www.parstofar.com	40 KB
1	traffic-c.com 1 redirects 1d6170ac978.traffic-c.com	905 B
1	catchtheclick.com 4774842.catchtheclick.com	757 B
1	aftrad-visit.com 1 redirects admoustache.aftrad-visit.com	605 B
1	cimentbuilder.one 1 redirects www.cimentbuilder.one	414 B
2	5

	Domain	Requested by
1	www.parstofar.com	4774842.catchtheclick.com
1	1d6170ac978.traffic-c.com	1 redirects
1	4774842.catchtheclick.com
1	admoustache.aftrad-visit.com	1 redirects
1	www.cimentbuilder.one	1 redirects
2	5

This site contains no links.

Subject Issuer	Validity	Valid
*.catchtheclick.com R3	`2024-01-08` - `2024-04-07`	3 months	crt.sh
*.parstofar.com R3	`2023-12-21` - `2024-03-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.parstofar.com/dl/all/offer/sub/download/?tid=61t2bosr89iwnn2aqdpoockkg,17594626,5,5929&ctrack=1706829086.890929649&p=5929&pi=9529-pF0DGChA1V&click_id=JzCdO8Jk5uT0XkRuSUWKRAjNRZraQzQv-tWvb2WT6iXth5fHSz4lyY3Bl52cBB3Z-Dlq4bpuV0AWelaHD_incg&media_type=mainstream
Frame ID: 024E5E19DF6E286CE7EA314AB2905DFE
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FILE READY

Page URL History Show full URLs

http://www.cimentbuilder.one/?sl=5738009-ccc5a&data1=track1&data2=track2&tag=m7329670584688705537&website... HTTP 302
https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=330005... HTTP 302
https://4774842.catchtheclick.com/?mob=KB175ouW35C2b-PbdWsK1pwEpJQqVU9FCrGeXfBp0t8DFVVz1-Uh0cA0IvAKYdcGHKZePq2... Page URL
https://1d6170ac978.traffic-c.com/?p=5929&media_type=mainstream&click_id=JzCdO8Jk5uT0XkRuSUWKRAjNRZraQzQv-tWvb... HTTP 302
https://www.parstofar.com/dl/all/offer/sub/download/?tid=61t2bosr89iwnn2aqdpoockkg,17594626,5,5929&ctr... Page URL

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

4
Countries

41 kB
Transfer

98 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.cimentbuilder.one/?sl=5738009-ccc5a&data1=track1&data2=track2&tag=m7329670584688705537&website=7153-842b026f&placement=7153&eyeg=3&eyer=0.9997940190686971&eyei=0&eyew=1366&eyeh=607&eyetd=210&eyef=shoptraffic.freenewtrafficm.shop HTTP 302
https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=330005afb4e5cd1d846f4e41b683d2d303c870201-202402-flb*5738009-ccc5a*m7329670584688705537*sl_5738009-ccc5a*5ef5f606adaeb555eeadec04a5555858a7d94e08*7153-842b026f*7153 HTTP 302
https://4774842.catchtheclick.com/?mob=KB175ouW35C2b-PbdWsK1pwEpJQqVU9FCrGeXfBp0t8DFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&tid=2019T8XcHdMbfikzCeVynBWsrCB1fwZZYWm2vXbNkQi4NFeF3eGtTECKHWZrf5RGfjyiVQ&pubid=1B7fmUHKE Page URL
https://1d6170ac978.traffic-c.com/?p=5929&media_type=mainstream&click_id=JzCdO8Jk5uT0XkRuSUWKRAjNRZraQzQv-tWvb2WT6iXth5fHSz4lyY3Bl52cBB3Z-Dlq4bpuV0AWelaHD_incg&pi=9529-pF0DGChA1V HTTP 302
https://www.parstofar.com/dl/all/offer/sub/download/?tid=61t2bosr89iwnn2aqdpoockkg,17594626,5,5929&ctrack=1706829086.890929649&p=5929&pi=9529-pF0DGChA1V&click_id=JzCdO8Jk5uT0XkRuSUWKRAjNRZraQzQv-tWvb2WT6iXth5fHSz4lyY3Bl52cBB3Z-Dlq4bpuV0AWelaHD_incg&media_type=mainstream Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.cimentbuilder.one/?sl=5738009-ccc5a&data1=track1&data2=track2&tag=m7329670584688705537&website=7153-842b026f&placement=7153&eyeg=3&eyer=0.9997940190686971&eyei=0&eyew=1366&eyeh=607&eyetd=210&eyef=shoptraffic.freenewtrafficm.shop HTTP 302
https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=330005afb4e5cd1d846f4e41b683d2d303c870201-202402-flb*5738009-ccc5a*m7329670584688705537*sl_5738009-ccc5a*5ef5f606adaeb555eeadec04a5555858a7d94e08*7153-842b026f*7153 HTTP 302
https://4774842.catchtheclick.com/?mob=KB175ouW35C2b-PbdWsK1pwEpJQqVU9FCrGeXfBp0t8DFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&tid=2019T8XcHdMbfikzCeVynBWsrCB1fwZZYWm2vXbNkQi4NFeF3eGtTECKHWZrf5RGfjyiVQ&pubid=1B7fmUHKE

2 HTTP transactions
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response 4774842.catchtheclick.com/ Redirect Chain http://www.cimentbuilder.one/?sl=5738009-ccc5a&data1=track1&data2=track2&tag=m7329670584688705537&website=7153-842b026f&placement=7153&eyeg=3&eyer=0.9997940190686971&eyei=0&eyew=1366&eyeh=607&eyetd... https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=330005afb4e5cd1d846f4e41b683d2d303c870201-202402-flb5738009-ccc5am7329670584688705537sl... https://4774842.catchtheclick.com/?mob=KB175ouW35C2b-PbdWsK1pwEpJQqVU9FCrGeXfBp0t8DFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&tid=2019T8XcHdMbfikzCeVynBWsrCB1fwZZYWm2vXbNkQi4NFeF3eGtTECKHWZrf5RGfjy...*	1 KB 757 B	526ms 196ms	Document text/html	116.202.159.170 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://4774842.catchtheclick.com/?mob=KB175ouW35C2b-PbdWsK1pwEpJQqVU9FCrGeXfBp0t8DFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&tid=2019T8XcHdMbfikzCeVynBWsrCB1fwZZYWm2vXbNkQi4NFeF3eGtTECKHWZrf5RGfjyiVQ&pubid=1B7fmUHKE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 116.202.159.170 Munich, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.170.159.202.116.clients.your-server.de Software nginx/1.16.1 (Ubuntu) / Resource Hash `908aa29835f130a42cad92a8fbe2d0550f55b00c2e7959503c6fdd942c6c8054` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Thu, 01 Feb 2024 23:11:25 GMT Server nginx/1.16.1 (Ubuntu) Transfer-Encoding chunked Redirect headers cf-cache-status DYNAMIC cf-ray 84eddf94f9b931ef-MIA content-length 247 content-type text/html; charset=utf-8 date Thu, 01 Feb 2024 23:11:25 GMT location https://4774842.catchtheclick.com/?mob=KB175ouW35C2b-PbdWsK1pwEpJQqVU9FCrGeXfBp0t8DFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&tid=2019T8XcHdMbfikzCeVynBWsrCB1fwZZYWm2vXbNkQi4NFeF3eGtTECKHWZrf5RGfjyiVQ&pubid=1B7fmUHKE nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy no-referrer report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S44bAx%2FImK%2BY8AOIDARYFU0DpGVDAYH8kmIndi0BZpUuPlr71PMnx0o3zz0Pyv%2FheY3LdJYnlk%2FXHOEXNqdpLlg6MdftAOOnUb4RvUbN6Dqj1qHT%2Bf2mS2NC5LMIyFOz1hD%2BZh76wZmmv73TM%2F8%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	Primary Request / Show response www.parstofar.com/dl/all/offer/sub/download/ Redirect Chain https://1d6170ac978.traffic-c.com/?p=5929&media_type=mainstream&click_id=JzCdO8Jk5uT0XkRuSUWKRAjNRZraQzQv-tWvb2WT6iXth5fHSz4lyY3Bl52cBB3Z-Dlq4bpuV0AWelaHD_incg&pi=9529-pF0DGChA1V https://www.parstofar.com/dl/all/offer/sub/download/?tid=61t2bosr89iwnn2aqdpoockkg,17594626,5,5929&ctrack=1706829086.890929649&p=5929&pi=9529-pF0DGChA1V&click_id=JzCdO8Jk5uT0XkRuSUWKRAjNRZraQzQv-tW...	60 KB 40 KB	729ms 298ms	Document text/html	94.237.84.54 UPCLOUD
General Check archive.org Show headers Download Go to Full URL https://www.parstofar.com/dl/all/offer/sub/download/?tid=61t2bosr89iwnn2aqdpoockkg,17594626,5,5929&ctrack=1706829086.890929649&p=5929&pi=9529-pF0DGChA1V&click_id=JzCdO8Jk5uT0XkRuSUWKRAjNRZraQzQv-tWvb2WT6iXth5fHSz4lyY3Bl52cBB3Z-Dlq4bpuV0AWelaHD_incg&media_type=mainstream Requested by Host: 4774842.catchtheclick.com URL: https://4774842.catchtheclick.com/?mob=KB175ouW35C2b-PbdWsK1pwEpJQqVU9FCrGeXfBp0t8DFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&tid=2019T8XcHdMbfikzCeVynBWsrCB1fwZZYWm2vXbNkQi4NFeF3eGtTECKHWZrf5RGfjyiVQ&pubid=1B7fmUHKE Protocol H2 Security TLS 1.3, , AES_256_GCM Server 94.237.84.54 , Finland, ASN202053 (UPCLOUD, FI), Reverse DNS 94-237-84-54.de-fra1.upcloud.host Software / Resource Hash `489942fdad579d689f534cc424c80db8dee618bbbaa59b6a32445adab4b63596` Request headers Referer https://4774842.catchtheclick.com/?mob=KB175ouW35C2b-PbdWsK1pwEpJQqVU9FCrGeXfBp0t8DFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&tid=2019T8XcHdMbfikzCeVynBWsrCB1fwZZYWm2vXbNkQi4NFeF3eGtTECKHWZrf5RGfjyiVQ&pubid=1B7fmUHKE Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 accept-language en-US,en;q=0.9 Response headers cache-control no-cache, private content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 01 Feb 2024 23:11:26 GMT vary Accept-Encoding Redirect headers content-type text/html; charset=UTF-8 date Thu, 01 Feb 2024 23:11:26 GMT location https://www.parstofar.com/dl/all/offer/sub/download/?tid=61t2bosr89iwnn2aqdpoockkg,17594626,5,5929&ctrack=1706829086.890929649&p=5929&pi=9529-pF0DGChA1V&click_id=JzCdO8Jk5uT0XkRuSUWKRAjNRZraQzQv-tWvb2WT6iXth5fHSz4lyY3Bl52cBB3Z-Dlq4bpuV0AWelaHD_incg&media_type=mainstream
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d9ede2a0a6705be536a7468e05148324bdb2c5c50f95cd1081495e41dd22b827` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e4a4e41568d676ec1737802b54a0710e582866aac9130322d12c3fb5783604da` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	5 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ed1e1bee17ed7f13b96a87fc2468d9081c80664f894ce65365739ed3eed0bde5` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	6 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e460f928dca43c8aab93cea5a62c81eadb4970e111f9ec61effd612dae16de9d` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	6 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cc4ea67bf1361727cd3d79b32d3fd0c4d5dac1977e6d3f9df15fb31bcc63747a` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	10 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bcabe37d744d7aeae6cea696ea996f7c09205a967f37fe9b654e4b16f057de09` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.1d6170ac978.traffic-c.com/	1970-01-20 18:07:09	Name: rts-trck Value: 1
.traffic-c.com/	1970-01-21 03:43:09	Name: t-uuid Value: 61t2bosrab6bd93qm4dssc8ws
.traffic-c.com/	1970-01-20 18:50:21	Name: traffic-visited-domain Value: parstofar.com
.traffic-c.com/	1970-01-20 18:07:09	Name: traffic-back Value: ok

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1d6170ac978.traffic-c.com
4774842.catchtheclick.com
admoustache.aftrad-visit.com
www.cimentbuilder.one
www.parstofar.com
104.26.6.190
116.202.159.170
51.68.82.147
94.237.84.54
94.237.99.118
489942fdad579d689f534cc424c80db8dee618bbbaa59b6a32445adab4b63596
908aa29835f130a42cad92a8fbe2d0550f55b00c2e7959503c6fdd942c6c8054
bcabe37d744d7aeae6cea696ea996f7c09205a967f37fe9b654e4b16f057de09
cc4ea67bf1361727cd3d79b32d3fd0c4d5dac1977e6d3f9df15fb31bcc63747a
d9ede2a0a6705be536a7468e05148324bdb2c5c50f95cd1081495e41dd22b827
e460f928dca43c8aab93cea5a62c81eadb4970e111f9ec61effd612dae16de9d
e4a4e41568d676ec1737802b54a0710e582866aac9130322d12c3fb5783604da
ed1e1bee17ed7f13b96a87fc2468d9081c80664f894ce65365739ed3eed0bde5

www.parstofar.com Open in urlscan Pro 94.237.84.54 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

3 IPs

4 Countries

41 kBTransfer

98 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

4 Cookies

Indicators

www.parstofar.com Open in urlscan Pro
94.237.84.54 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

4
Countries

41 kB
Transfer

98 kB
Size

4
Cookies

2 HTTP transactions
6 data transactions