clk.ink Open in urlscan Pro
2606:4700:3036::6815:314 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://clk.ink/XRUXRxFQ
Submission: On September 05 via manual (September 5th 2021, 9:44:18 am UTC) from RO

Summary HTTP 47 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 25 IPs in 4 countries across 19 domains to perform 47 HTTP transactions. The main IP is 2606:4700:3036::6815:314, located in United States and belongs to CLOUDFLARENET, US. The main domain is clk.ink.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 10th 2021. Valid for: a year.

This is the only time clk.ink was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2606:4700:303... 2606:4700:3036::6815:314	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	143.204.101.58 143.204.101.58	16509 (AMAZON-02) (AMAZON-02)
2	192.243.59.12 192.243.59.12	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
3	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3033::6815:e40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3034::6815:4ca0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3037::ac43:a5d5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:10:... 2606:4700:10::6816:3181	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.41.67.87 52.41.67.87	16509 (AMAZON-02) (AMAZON-02)
1	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 4	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
1	44.237.115.105 44.237.115.105	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:303... 2606:4700:3038::6815:ead6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.21.94.194 104.21.94.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	54.235.172.58 54.235.172.58	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
47	25

11 2606:4700:3036::6815:314 (United States)

ASN13335 (CLOUDFLARENET, US)

clk.ink	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-58.fra50.r.cloudfront.net

d2d8qsxiai9qwj.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.243.59.12 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

amplitudewassnap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:e40 (United States)

ASN13335 (CLOUDFLARENET, US)

clicksfly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.recaptcha.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3034::6815:4ca0 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.netcatx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:a5d5 (United States)

ASN13335 (CLOUDFLARENET, US)

t.go2.global	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:3181 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.41.67.87 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-41-67-87.us-west-2.compute.amazonaws.com

track.adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.250 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.237.115.105 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-237-115-105.us-west-2.compute.amazonaws.com

exchange.adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3038::6815:ead6 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-adtrue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.21.94.194 (None, )

ASN13335 (CLOUDFLARENET, US)

st.bebi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.bebi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bebi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trck.bebi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.235.172.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-172-58.compute-1.amazonaws.com

aphycolourses.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	clk.ink clk.ink	269 KB
5	bebi.com st.bebi.com go.bebi.com c.bebi.com trck.bebi.com	88 KB
5	adnxs.com 1 redirects ib.adnxs.com acdn.adnxs.com	20 KB
4	criteo.com 1 redirects bidder.criteo.com gum.criteo.com mug.criteo.com	6 KB
4	adtrue.com cdn.adtrue.com track.adtrue.com exchange.adtrue.com	83 KB
3	gstatic.com fonts.gstatic.com	70 KB
2	criteo.net static.criteo.net	54 KB
2	netcatx.com cdn.netcatx.com	3 KB
2	amplitudewassnap.com amplitudewassnap.com
1	google-analytics.com www.google-analytics.com	165 B
1	aphycolourses.info aphycolourses.info	21 KB
1	cdn-adtrue.com cdn-adtrue.com	998 B
1	go2.global t.go2.global	2 KB
1	googletagmanager.com www.googletagmanager.com	51 KB
1	google.com www.google.com	642 B
1	recaptcha.net www.recaptcha.net	1018 B
1	clicksfly.com clicksfly.com	822 B
1	cloudfront.net d2d8qsxiai9qwj.cloudfront.net d3al52d8cojds7.cloudfront.net Failed	121 KB
1	googleapis.com fonts.googleapis.com	809 B
47	19

	Domain	Requested by
11	clk.ink	clk.ink
4	ib.adnxs.com	1 redirects cdn.adtrue.com acdn.adnxs.com
3	fonts.gstatic.com	fonts.googleapis.com
2	gum.criteo.com	1 redirects static.criteo.net
2	static.criteo.net	cdn.adtrue.com static.criteo.net
2	st.bebi.com	clk.ink clicksfly.com
2	cdn.adtrue.com	t.go2.global clk.ink
2	cdn.netcatx.com	clicksfly.com
2	amplitudewassnap.com	clk.ink
1	acdn.adnxs.com	cdn.adtrue.com
1	www.google-analytics.com	www.googletagmanager.com
1	aphycolourses.info	clk.ink
1	mug.criteo.com
1	trck.bebi.com	clicksfly.com
1	c.bebi.com	clicksfly.com
1	go.bebi.com	st.bebi.com
1	cdn-adtrue.com	track.adtrue.com
1	exchange.adtrue.com	cdn.adtrue.com
1	bidder.criteo.com	cdn.adtrue.com
1	track.adtrue.com	t.go2.global
1	t.go2.global	clk.ink
1	www.googletagmanager.com	clk.ink
1	www.google.com	clk.ink
1	www.recaptcha.net	clk.ink
1	clicksfly.com	clk.ink
1	d2d8qsxiai9qwj.cloudfront.net	clk.ink
1	fonts.googleapis.com	clk.ink
0	d3al52d8cojds7.cloudfront.net Failed	clk.ink
47	28

This site contains links to these domains. Also see Links.

Domain
clicksfly.com
www.facebook.com
t.me
tawk.to

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-10` - `2022-06-09`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
amplitudewassnap.com R3	`2021-08-30` - `2021-11-28`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
misc.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
go2.global Cloudflare Inc ECC CA-3	`2021-05-01` - `2022-04-30`	a year	crt.sh
*.adtrue.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-08-14`	2 years	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
aphycolourses.info R3	`2021-08-09` - `2021-11-07`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://clk.ink/XRUXRxFQ
Frame ID: 1FE80119E978EB3D7A38045E0D196D56
Requests: 23 HTTP requests in this frame

Frame: https://clk.ink/ads/300/load.php?kw=Fake%20Virus%20Screen%20-%20Files%20encrypted&c1=179330&c2=XRUXRxFQ&ref=
Frame ID: D7BA963701773072CFE851D6CE1F8CFC
Requests: 1 HTTP requests in this frame

Frame: https://clicksfly.com/ads/300/adtrue.php
Frame ID: 1B669609E188DC6EF4212B688055FF47
Requests: 2 HTTP requests in this frame

Frame: https://t.go2.global/tag/impress_v2?pzoneid=43092&ref=https://clk.ink/&cb=3645562924
Frame ID: 64837C694E0305AD5548AD0C2585A1B7
Requests: 6 HTTP requests in this frame

Frame: https://track.adtrue.com/track/request?pzoneid=43092&domain=clk.ink&ref=https%3A%2F%2Fclk.ink%2F&loc=https%3A%2F%2Fclk.ink%2F
Frame ID: A6FA37BA55D106B0B4FD5375E306DE36
Requests: 2 HTTP requests in this frame

Frame: https://cdn.netcatx.com/adxchange/px.html
Frame ID: 68182FDDE9181D47C9B8B7A49D5A4864
Requests: 1 HTTP requests in this frame

Frame: https://cdn.adtrue.com/rtb/passback.js
Frame ID: D8015A15E4F417BCC36486A3A28E617D
Requests: 7 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=clk.ink
Frame ID: 6A5BC12BE500910F41AC23958929E655
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: DFAE41024E17A9DD364D0901BF4BE421
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fake Virus Screen - Files encrypted

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+recaptcha/i
html /<div[^>]+class="g-recaptcha"/i
script /\/recaptcha\/api\.js/i

Page Statistics

47
Requests

98 %
HTTPS

58 %
IPv6

19
Domains

28
Subdomains

25
IPs

4
Countries

792 kB
Transfer

1956 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://clicksfly.com/

Search URL Search Domain Scan URL

URL: https://clicksfly.com/pages/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://clicksfly.com/pages/terms
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.facebook.com/clicksfly

Search URL Search Domain Scan URL

URL: https://t.me/clicksfly

Search URL Search Domain Scan URL

URL: https://tawk.to/chat/5a1970fc198bd56b8c03d4ae/default

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://gum.criteo.com/sid/json?origin=publishertag&domain=clicksfly.com&sn=ChromeSyncframe&so=0&topUrl=clk.ink HTTP 302
https://mug.criteo.com/sid?cpp=FSXcPXx1Z2twenZrc0I3MVdwcEJNdzY4aTBBb2FjVFgyMnVjNzIwNjU3cmY0dTY1SXpWQkJDSDB4ajFwdzQxeUtsZGVra2psNGtpczZFdkJ0ZFBqbnlyL3ExSDNYUjViby9aZkFKNVNnM1V0S2RlRWNlOGFWSXRjelVYaWtFeEYwK3JKZFlWT3lWek43WUorNWhwUnZSVmtUOS9JZzhVN25DM3JaRUxyNWxiaGZ4aGlIWXloZlAxcVJ4bG5CWCsrOG1acG40VXY4MWwveWZTd0MzRmdyamVoaWJnPT18&cppv=2

Request Chain 44

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

47 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request XRUXRxFQ Show response
clk.ink/ 30 KB
16 KB 636ms
608ms Document
text/html 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://clk.ink/XRUXRxFQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01565e38a434b56e5ee0302270b938c3414682bfcc6d5ee3489af5a3808b0ec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: clk.ink
:scheme: https
:path: /XRUXRxFQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:43:59 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
set-cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=; path=/; expires=Sun, 05-Sep-21 10:13:59 GMT; domain=.clk.ink; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VFr%2FDMln2JNr5U0IsQaPlnIO1hqs0co8Oz5rxUdzBS8rpUu0cWcA08%2FIUqgXxMTmsufyuGkzNVZ9l%2Bh37VSEaI4DFrfwUN5w4O1Znnw9G4IpAY93guEcJ%2FBQKxWlyRZleLAZ3M7E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 689e84319f3cc29a-FRA
content-encoding: br

GET
H2 200 css
fonts.googleapis.com/ 6 KB
809 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Requested by

Host: clk.ink
URL: https://clk.ink/XRUXRxFQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a00f59dc1f74231f0580667070732282577df98debb6f81d0188c7fbe73b1de6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://clk.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 05 Sep 2021 08:41:44 GMT
server: ESF
date: Sun, 05 Sep 2021 09:43:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 05 Sep 2021 09:43:59 GMT

GET
H3-29 200 styles.min.css
clk.ink/modern_theme/build/css/ 187 KB
34 KB 46ms
27ms Stylesheet
text/css 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://clk.ink/modern_theme/build/css/styles.min.css?ver=6.4.0

Requested by

Host: clk.ink
URL: https://clk.ink/XRUXRxFQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b386764e2b714f6fe617daaedd1946a7161fc2ae5f9bd0bf606f76287121ee1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /modern_theme/build/css/styles.min.css?ver=6.4.0
pragma: no-cache
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: clk.ink
referer: https://clk.ink/XRUXRxFQ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://clk.ink/XRUXRxFQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:43:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1213892
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 23 Jul 2021 08:27:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DnYufMJVFIuIGVDWxTiQzcc596ThA%2BDRKXBeN14mA%2FayFEqchrgg3F75vq4Kc3yOccvQmQy7ouRceqrnlymwJuL7M9fKMhf7tTPUd7bjhkklfIShygxrc5ezlV73MHqtHzHcjIqu"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding,User-Agent
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
cf-ray: 689e84359a564ea4-FRA
expires: Tue, 21 Sep 2021 08:32:25 GMT

GET
H3-29 200 logoclicksfly.png
clk.ink/img/ 9 KB
9 KB 38ms
20ms Image
image/png 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://clk.ink/img/logoclicksfly.png

Requested by

Host: clk.ink
URL: https://clk.ink/XRUXRxFQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d088705648e1ab5d38071777f825d3eed992bd1e2d6ef458134db7155ffb8ecc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /img/logoclicksfly.png
pragma: no-cache
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: clk.ink
referer: https://clk.ink/XRUXRxFQ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://clk.ink/XRUXRxFQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:43:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1065124
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8721
x-xss-protection: 1; mode=block
last-modified: Fri, 31 May 2019 08:33:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YB1zhvM%2FjI5IZnUSrA5MuvWaLZai53b0rKper3rOSqP573qRQnUtkRa6epDyET7VboBJAPUShJAYOTkbB1C0htyqdsrGrg7%2FJ23UgM5H2pGJjSRIY9nYGG924OAWhGBH2yzTQEqb"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 689e84359a584ea4-FRA
expires: Wed, 24 Aug 2022 01:51:54 GMT

GET
H2 200 / Show response
d2d8qsxiai9qwj.cloudfront.net/ 387 KB
121 KB 282ms
200ms Script
text/plain 143.204.101.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2d8qsxiai9qwj.cloudfront.net/?xsqdd=739040
Requested by: Host: clk.ink
URL: https://clk.ink/XRUXRxFQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-58.fra50.r.cloudfront.net
Software: /
Resource Hash: 9a69c611057438ac49aea9132fa8e2ad3ae9fefdfe2164b457938fde88e68b35

Request headers

Referer: https://clk.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 09:43:59 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length: 123661
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
x-amz-cf-id: 0AnqHprkYTsjOS2vHWCu2G8z6uDrRWTmTdFyAs0Y1Z3QGkQhaIC8Ew==

GET
H2 403 invoke.js
amplitudewassnap.com/f5714487e6057988b1d2804f1f8fef0c/ 0
0 327ms
105ms Script
application/javascript 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplitudewassnap.com/f5714487e6057988b1d2804f1f8fef0c/invoke.js
Requested by: Host: clk.ink
URL: https://clk.ink/XRUXRxFQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash

Request headers

Referer: https://clk.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 05 Sep 2021 09:43:59 GMT
server: nginx/1.17.6
content-type: application/javascript
content-length: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H3-29 200 ads.js Show response
clk.ink/js/ 190 B
777 B 42ms
24ms Script
application/javascript 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://clk.ink/js/ads.js

Requested by

Host: clk.ink
URL: https://clk.ink/XRUXRxFQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d807c16e2160c2660ffd43bf8b8bc54eb39ecd044e823209c0ade70db965d5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /js/ads.js
pragma: no-cache
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: clk.ink
referer: https://clk.ink/XRUXRxFQ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://clk.ink/XRUXRxFQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:43:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1344657
cf-polished: origSize=191
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 23 Jul 2021 08:27:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AVhaRxbFI%2FWfpVPNF%2FAt26wn0e5AaBd1%2F3%2FU5LKQMOFg7T1ZunAR1zkdRnQktRNqANSS1ZevhJFyhX%2FpUaygcHdgSgMSLoWPmvMQAo9sge5bQUzIJ%2BMcJtonN3hTJuO3U6XETDNk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
cf-ray: 689e84359a4c4ea4-FRA
expires: Sun, 19 Sep 2021 20:13:01 GMT

GET
H3-29 200 rocket-loader.min.js Show response
clk.ink/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 35ms
18ms Script
application/javascript 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://clk.ink/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: clk.ink
URL: https://clk.ink/XRUXRxFQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
pragma: no-cache
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: clk.ink
referer: https://clk.ink/XRUXRxFQ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://clk.ink/XRUXRxFQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:43:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 01 Sep 2021 15:49:24 GMT
server: cloudflare
etag: W/"612fa104-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hNTgiWS%2BGZWD2pbQ%2BzlxySOo1EH8V2LB7wN5micqKnlCVf1QllCgJ2haCQ7Ix3K49p85Bk2guRCYNLU%2FOk%2Fhu83MFNYRtrgl5FZ%2BdsB7vmyQ3NoTVYNvYTcJsS6BXcrymbyP%2BG9l"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 689e84359a544ea4-FRA
vary: Accept-Encoding
expires: Tue, 07 Sep 2021 09:43:59 GMT

GET
H3-29 200 load.php Show response
clk.ink/ads/300/ Frame D7BA 282 B
745 B 177ms
161ms Document
text/html 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://clk.ink/ads/300/load.php?kw=Fake%20Virus%20Screen%20-%20Files%20encrypted&c1=179330&c2=XRUXRxFQ&ref=

Requested by

Host: clk.ink
URL: https://clk.ink/XRUXRxFQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53b76c4b64f7c6ba4c9611ad4597aff49716847dad6aba5f9ed7c3fcff2edeb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: clk.ink
:scheme: https
:path: /ads/300/load.php?kw=Fake%20Virus%20Screen%20-%20Files%20encrypted&c1=179330&c2=XRUXRxFQ&ref=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://clk.ink/XRUXRxFQ
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://clk.ink/XRUXRxFQ

Response headers

date: Sun, 05 Sep 2021 09:43:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DlTU%2BfYY65xhjH3ec5ydZTfln0yWYqTYMuRPgQfbfweDE0romS4qWMJPI1%2BvLBJbuZkqmhtSV0Xg6%2Fjcycxh1SQxuTgx3GhptakFQ3kIfeX%2FIlv2XScygEsRyxxLpPmgNzKMswwZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 689e84359a514ea4-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 X01yaOu.png
clk.ink/img/ 16 KB
16 KB 13ms
12ms Image
image/png 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://clk.ink/img/X01yaOu.png

Requested by

Host: clk.ink
URL: https://clk.ink/XRUXRxFQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c743c3cca33171ff56c892acb6bdb21f4e9d10be761f75f45efd8dda552780d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /img/X01yaOu.png
pragma: no-cache
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: clk.ink
referer: https://clk.ink/XRUXRxFQ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://clk.ink/XRUXRxFQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:43:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3813309
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 16074
x-xss-protection: 1; mode=block
last-modified: Fri, 31 May 2019 15:06:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iz9R8kDc%2BRfCxbHIR7BhWHtdAyNZ125%2Bbbs6aIwgE741N%2FGL%2B5u%2FrdsUC4GE%2FkL5jv%2FiE2eGSOD0l2YojvO0AwKg5RZg5%2F1cRCbzUo%2Ba%2B213aUr12XiJE9%2FXere3KoEq62CWhH5m"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: User-Agent,User-Agent, Accept-Encoding
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 689e8435daca4ea4-FRA
expires: Sat, 23 Jul 2022 06:28:48 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
20 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://clk.ink
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 17:11:08 GMT
x-content-type-options: nosniff
age: 405171
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 17:11:08 GMT

GET
H2 200 7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v22/ 30 KB
31 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTLGLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://clk.ink
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 06:58:19 GMT
x-content-type-options: nosniff
age: 9940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31120
x-xss-protection: 0
last-modified: Wed, 15 Jul 2020 20:50:02 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 05 Sep 2022 06:58:19 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 20 KB
20 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://clk.ink
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 16:55:13 GMT
x-content-type-options: nosniff
age: 406126
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 16:55:13 GMT

GET
H2 200 adtrue.php Show response
clicksfly.com/ads/300/ Frame 1B66 310 B
822 B 462ms
432ms Document
text/html 2606:4700:3033::6815:e40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://clicksfly.com/ads/300/adtrue.php

Requested by

Host: clk.ink
URL: https://clk.ink/ads/300/load.php?kw=Fake%20Virus%20Screen%20-%20Files%20encrypted&c1=179330&c2=XRUXRxFQ&ref=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:e40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

252415c467aa6dd700db4ae7ef9bb66c5bfb3a244852e1caa946620c6e45ada5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: clicksfly.com
:scheme: https
:path: /ads/300/adtrue.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://clk.ink/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://clk.ink/

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wvScVvaaAgVS3N%2FpDSE5DhWF0Gkiy4iRvUfTVHsmT468ME2qSLbyP1SaI243HrLDs18C4jtXwdY56wi9XIZG2drgTEIdoW8DUptwTH0IhPD4og9gVtNL1eeD6RrJvAudlWamzC2WOH3cyoxr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 689e8436c8e64315-FRA
content-encoding: br

GET
H2 403 invoke.js
amplitudewassnap.com/f5714487e6057988b1d2804f1f8fef0c/ 0
0 113ms
113ms Script
application/javascript 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplitudewassnap.com/f5714487e6057988b1d2804f1f8fef0c/invoke.js
Requested by: Host: clk.ink
URL: https://clk.ink/XRUXRxFQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash

Request headers

Referer: https://clk.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 05 Sep 2021 09:44:00 GMT
server: nginx/1.17.6
content-type: application/javascript
content-length: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H3-29 200 footer.jpg
clk.ink/modern_theme/build/img/ 13 KB
14 KB 13ms
12ms Image
image/jpeg 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://clk.ink/modern_theme/build/img/footer.jpg

Requested by

Host: clk.ink
URL: https://clk.ink/modern_theme/build/css/styles.min.css?ver=6.4.0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80c8b789ae1e5ea87c4c39c56405da83433fe91c902932801dfad54e3ecebc3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /modern_theme/build/img/footer.jpg
pragma: no-cache
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: clk.ink
referer: https://clk.ink/modern_theme/build/css/styles.min.css?ver=6.4.0
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://clk.ink/modern_theme/build/css/styles.min.css?ver=6.4.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11679813
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 13309
x-xss-protection: 1; mode=block
last-modified: Mon, 29 Jul 2019 08:02:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r4PGlnKC1GdcFrTDejf1r%2BLNTra0MHxwj45eSwxWBW%2B62UBMhYC1ETflpBI5jW7TVxgEtIzaWT9Figfg48JcDCpsZuMI7THx5pRuDJs7ly2SL3ydyFCWRyte4A9kSqy4mHwg2fPr"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: User-Agent,User-Agent, Accept-Encoding
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 689e843949774ea4-FRA
expires: Sat, 23 Apr 2022 05:20:26 GMT

GET
H3-29 200 fontawesome-webfont.woff2
clk.ink/modern_theme/build/fonts/ 75 KB
76 KB 15ms
14ms Font
font/woff2 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://clk.ink/modern_theme/build/fonts/fontawesome-webfont.woff2

Requested by

Host: clk.ink
URL: https://clk.ink/modern_theme/build/css/styles.min.css?ver=6.4.0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://clk.ink
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
:path: /modern_theme/build/fonts/fontawesome-webfont.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: clk.ink
referer: https://clk.ink/modern_theme/build/css/styles.min.css?ver=6.4.0
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://clk.ink
Referer: https://clk.ink/modern_theme/build/css/styles.min.css?ver=6.4.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 460155
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 77160
x-xss-protection: 1; mode=block
last-modified: Fri, 23 Jul 2021 08:27:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aDX2u4QhnTFmF0oAW3czNUrdznDXKlCQih9GyCmof9GjT4Cb9AyJtfdXHa5u%2BCYsezuEca%2Bjsm738QcUSAH211XrWEHMsjdD9JtBA%2BZ2S3yvEQslinxYB%2FBP%2BVTTodv4Me3isryC"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 689e843949724ea4-FRA
expires: Tue, 07 Sep 2021 01:54:44 GMT

GET
H2 200 api.js Show response
www.recaptcha.net/recaptcha/ 921 B
1018 B 45ms
15ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit

Requested by

Host: clk.ink
URL: https://clk.ink/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

800cc17547f681061fdd060edbbb8370e83b8df56e5ce1183e90715109bff72f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://clk.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 584
x-xss-protection: 1; mode=block
expires: Sun, 05 Sep 2021 09:44:00 GMT

GET
H3-29 200 script.min.js Show response
clk.ink/modern_theme/build/js/ 202 KB
62 KB 29ms
26ms Script
application/javascript 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://clk.ink/modern_theme/build/js/script.min.js?ver=6.4.0

Requested by

Host: clk.ink
URL: https://clk.ink/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

852593ea1830ce3d6821822385a17af199442f4938b588ed7c84942c351d9f16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /modern_theme/build/js/script.min.js?ver=6.4.0
pragma: no-cache
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: clk.ink
referer: https://clk.ink/XRUXRxFQ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://clk.ink/XRUXRxFQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1213909
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 23 Jul 2021 08:27:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QWA8FfNP2gGyBVxQvroNCQxwjO%2BULlAP9gLPXzFSHnU35qcWvMt4QmiuBDrg32kZNjdNF62fj%2FKJBOWeV%2FyjMHZL0sbO348f7Z0QUm6JZADBRB5MiRdXHQGdqgfkVeDX40jrvUat"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
vary: Accept-Encoding,User-Agent
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
cf-ray: 689e843969b24ea4-FRA
expires: Tue, 21 Sep 2021 08:32:10 GMT

GET /
d3al52d8cojds7.cloudfront.net/ 0
0

GET
H3-29 200 sw.js Show response
clk.ink/ 93 KB
37 KB 22ms
19ms Script
application/javascript 2606:4700:3036::6815:314
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://clk.ink/sw.js

Requested by

Host: clk.ink
URL: https://clk.ink/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:314 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3de82b4398c3f80c3d1cbeb7f05ec55582966bd43039f5b4b02543bd78148bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /sw.js
pragma: no-cache
cookie: __cf_bm=SQJf1pi1x6N40mL9.9ANsjxUhfj0XhgR7FmkJvf9RnM-1630835039-0-AXS7yD30R+oSBBNhjfnCkpjOPeZbcb8RxQvlMiuZlGmvd9qAYV09vvqfvaxIYz5qjCZBBIC/Uq+5BcJ/4Xm3dGM=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: clk.ink
referer: https://clk.ink/XRUXRxFQ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://clk.ink/XRUXRxFQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1309577
cf-polished: origSize=95651
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 21 Jan 2020 16:46:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgBn1Lw9Ae33aCtSZlJy32OjX83NhNvOMctAOe7%2F3YKf7SsEpoQnfnhWhqeNkhJDXXiTxbhhg%2BIyWU8LpfMNqEVP0gbnLjHln26bz91lPxPx3o%2BCsvHy%2ByDr4FSnIutDEkhHJcvA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
x-turbo-charged-by: LiteSpeed
cf-ray: 689e843969b44ea4-FRA
expires: Mon, 20 Sep 2021 05:57:41 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
642 B 19ms
15ms Script
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: clk.ink
URL: https://clk.ink/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

34cfd57fc39d692c79b8c064a386331687ac463dc45cfdfa2341437f07fe8497

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://clk.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 554
x-xss-protection: 1; mode=block
expires: Sun, 05 Sep 2021 09:44:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 129 KB
51 KB 26ms
22ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X5P6MKTMMH

Requested by

Host: clk.ink
URL: https://clk.ink/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4b5fb8fae1a0b3ba26dcfb486dde37b17ece7036448a7971dc655fd4e82b13ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://clk.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51751
x-xss-protection: 0
expires: Sun, 05 Sep 2021 09:44:00 GMT

GET
H2 200 async.js Show response
cdn.netcatx.com/bid/ Frame 1B66 4 KB
2 KB 41ms
14ms Script
application/x-javascript 2606:4700:3034::6815:4ca0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.netcatx.com/bid/async.js
Requested by: Host: clicksfly.com
URL: https://clicksfly.com/ads/300/adtrue.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:4ca0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 379429fb5012e4008b53c0c2906adffe1c6452757413d6f975a841aad30d8fc9

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14388386
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 13 Dec 2019 06:49:26 GMT
server: cloudflare
etag: W/"5df33476-100e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w0B6OZ5tE3VCSgzlqStHzRfbWx07zzZe%2BGuhjwkkba%2Fo4N%2BnQBvKgoK%2Bzy%2BFyWjqxgcmcCaN%2FFhxiUqUwjhoefzflrpWxjPsO0cTAMbgotYQboj76sRmEyrqGQJYZe04%2B%2Bj5PN9eFX4EG5%2BDMHY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 689e8439cfc35b86-FRA
expires: Thu, 17 Mar 2022 20:57:34 GMT

GET
H2 200 impress_v2 Show response
t.go2.global/tag/ Frame 6483 3 KB
2 KB 214ms
185ms Script
application/javascript 2606:4700:3037::ac43:a5d5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.go2.global/tag/impress_v2?pzoneid=43092&ref=https://clk.ink/&cb=3645562924
Requested by: Host: clk.ink
URL: https://clk.ink/XRUXRxFQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:a5d5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6463550f26d824d4dbdd336bc1567c240e76cb15181f22fe40fca035444deea1

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-adtrue-instance: java2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BKrGBfcTiP21KX7ASTVfwyofUZ9nLM09vO8Qy9cTyyongtujE01KXTGq6D9YaozjxpCCE0ca8myZzOlREtr0RtLk98EIbPusyDqJzv4Kc1hyh4jtmiKzWsAUwQwvc3%2F%2FtOcB12%2BMPKx2hEc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 689e843a1827c272-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 prebid.js Show response
cdn.adtrue.com/pb/ Frame 6483 257 KB
82 KB 56ms
21ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/pb/prebid.js
Requested by: Host: t.go2.global
URL: https://t.go2.global/tag/impress_v2?pzoneid=43092&ref=https://clk.ink/&cb=3645562924
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4259dbb0191c97a891b857a18b128a117310364e59726cff9eb639dcd22023b

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 21 Aug 2020 05:31:13 GMT
server: cloudflare
age: 14388144
etag: W/"5f3f5c21-405dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 689e843b8ab696a4-FRA
expires: Thu, 17 Mar 2022 21:01:36 GMT

GET
H2 200 request Show response
track.adtrue.com/track/ Frame A6FA 52 B
145 B 584ms
186ms Document
text/html 52.41.67.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.adtrue.com/track/request?pzoneid=43092&domain=clk.ink&ref=https%3A%2F%2Fclk.ink%2F&loc=https%3A%2F%2Fclk.ink%2F
Requested by: Host: t.go2.global
URL: https://t.go2.global/tag/impress_v2?pzoneid=43092&ref=https://clk.ink/&cb=3645562924
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.67.87 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-67-87.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 5f6ef7df0303120469606d9f1046c0bf277731cc04239c80dfba0ea1cc341c10

Request headers

:method: GET
:authority: track.adtrue.com
:scheme: https
:path: /track/request?pzoneid=43092&domain=clk.ink&ref=https%3A%2F%2Fclk.ink%2F&loc=https%3A%2F%2Fclk.ink%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://clicksfly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://clicksfly.com/

Response headers

date: Sun, 05 Sep 2021 09:44:01 GMT
content-type: text/html
content-length: 52
server: nginx
x-host-name: java1

GET
H3-29 200 px.html Show response
cdn.netcatx.com/adxchange/ Frame 6818 0
583 B 123ms
112ms Document
text/html 2606:4700:3034::6815:4ca0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.netcatx.com/adxchange/px.html
Requested by: Host: clicksfly.com
URL: https://clicksfly.com/ads/300/adtrue.php
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:4ca0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: cdn.netcatx.com
:scheme: https
:path: /adxchange/px.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://clicksfly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://clicksfly.com/

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-type: text/html
last-modified: Fri, 30 Jun 2017 06:49:53 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0p6Wgba2dhuxW9Ve%2BqQcV3Z8M9HSCuOXqOawJszBn5SzClvCG38PdGb7JtjcJCCoH15ytV9eRODbUbin5ocFDIZaFJommxkDkV7TNGpoNft3gQKXlWtfDIu7j8RSIl6M1FUBgySWUJeG7yALrLY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 689e843b69564e5c-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 6483 0
186 B 117ms
38ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.4.0&cb=80458252452
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://clicksfly.com
date: Sun, 05 Sep 2021 09:44:00 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 6483 19 B
695 B 122ms
53ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 05 Sep 2021 09:44:00 GMT
X-Proxy-Origin: 82.102.18.114; 82.102.18.114; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: dbb577b1-9149-4b4d-aaed-c71a5d928b07
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://clicksfly.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 passback.js Show response
cdn.adtrue.com/rtb/ Frame D801 753 B
551 B 16ms
16ms Script
application/x-javascript 2606:4700:10::6816:3181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/passback.js
Requested by: Host: clk.ink
URL: https://clk.ink/XRUXRxFQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 28 Oct 2020 03:26:52 GMT
server: cloudflare
age: 1066216
etag: W/"5f98e4fc-2f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 689e843cab1b96a4-FRA
expires: Fri, 19 Aug 2022 01:33:44 GMT

GET
H2 200 passback Show response
exchange.adtrue.com/tag/ Frame D801 558 B
749 B 573ms
184ms Script
application/javascript 44.237.115.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=43092&divid=1284757177&ref=undefined
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/rtb/passback.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.237.115.105 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-237-115-105.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: f0042cf2e2a5baa6961ebea63cb9c8cd494742dae81afb1bc2959a892175ae79

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:01 GMT
server: nginx
content-length: 558
content-type: application/javascript

GET
H2 200 ga.js Show response
cdn-adtrue.com/track/ Frame A6FA 751 B
998 B 58ms
32ms Script
application/x-javascript 2606:4700:3038::6815:ead6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-adtrue.com/track/ga.js
Requested by: Host: track.adtrue.com
URL: https://track.adtrue.com/track/request?pzoneid=43092&domain=clk.ink&ref=https%3A%2F%2Fclk.ink%2F&loc=https%3A%2F%2Fclk.ink%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:ead6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31019413fee993018ee66cb39c98ebf7b37365b9e7b439fdfccc33eaa81429b5

Request headers

Referer: https://track.adtrue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13585850
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 01 Apr 2021 03:35:26 GMT
server: cloudflare
etag: W/"60653f7e-2ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g6o6VUOttv0uja2Rez1FlvTEhiUuZukBnNnumlDHSq8s7g0psaQFtgy%2Ft4IeEP0urDBHRI3JizHtAHmAAbT7DFpjVtleAOL8wTqu8npOshBltHOK%2BQlZpx5uGbEjR41R5gFiiU2zohwuB7oeOw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 689e843f48202b16-FRA
expires: Sun, 27 Mar 2022 03:53:11 GMT

GET
H2 200 bebi_v3.js Show response
st.bebi.com/ Frame D801 133 KB
47 KB 107ms
40ms Script
application/javascript 104.21.94.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.bebi.com/bebi_v3.js
Requested by: Host: clk.ink
URL: https://clk.ink/XRUXRxFQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.94.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad05740966a78657cf685251d6aea88a1e8f9df8355707c82bd727d62133011f

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=lRAK1w==, md5=ttbjdiSWQ0hL79dSLd400g==
date: Sun, 05 Sep 2021 09:44:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2123
x-guploader-uploadid: ADPycds6L61Yq2RjJ2no3XfXMnW4dNB5s3kJxXJhpbIrkG3k923Z11Bl4PX_hw_kdca3eTH0g14gGmxBQL0PPI77iuTrU6mHOw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 12 Aug 2020 11:05:22 GMT
server: cloudflare
etag: W/"b6d6e376249643484befd7522dde34d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g2GOAxrUk2L4eB%2Bn2ZuduWdsP8PILD8zmcOWMxj4%2Fu8Lj0OoIgxfgADpGEEmqxulgF6p7YqmaOh%2BQ9sOIP4jiYlLEzCKbkgQWgcOK6wiFyBRia7LBTCZum0pSpBEDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1597230322238727
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 136055
cf-ray: 689e8440ec6ecd97-CDG
expires: Sun, 05 Sep 2021 10:08:38 GMT

GET
H2 200 sa Show response
go.bebi.com/w/1.1/ Frame D801 1 KB
1 KB 139ms
137ms Script
application/json 104.21.94.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.bebi.com/w/1.1/sa?o=2958482440&callback=pfvi45f2958482440&ju=https%3A//clk.ink&jr=&stck=https%3A//clk.ink%2Chttps%3A//clk.ink/%2Chttps%3A//clicksfly.com/ads/300/adtrue.php%2Chttps%3A//clicksfly.com/ads/300/adtrue.php%2Chttps%3A//clicksfly.com/ads/300/adtrue.php&ai=1&r=736962345&pl=2019650&dims=300x250&adxy=0%2C0&exclude=&res=1600x1200x24&plg=pm&ch=UTF-8&tz=-120&ws=301x251&ifr=1&bi=93b4b77d-26be-4070-94ce-a0567c7a5373&pxr=false
Requested by: Host: st.bebi.com
URL: https://st.bebi.com/bebi_v3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.94.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3332ab43d77c097f4ea9dc7c8121ae27fc52b03ef4095d1eaf544c2d5d7a400d

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="CUR ADM OUR NOR STA NID"
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0WdhfL3%2FNPsTYNY8KBA0lqPNqeiyRUd6eEee17gOdKSN73scBCKmO59fu7EeSvfDIBTDbCcwOgAcJudMJlFAk7XVwAUEdw%2B9oa3MpeKcGKlVDWQBnq0tcJ31I1Grdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, no-store, must-revalidate
cf-ray: 689e84418d15cd97-CDG
link: <https://c.bebi.com/7fc4fde1-d387-4773-bd96-895f2bd30a5e.jpg>; rel=preload; as=image
expires: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 6483 84 KB
27 KB 93ms
22ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 9b34825eb68ebbe49410251b863c07e811c9e406286c7a8f00f88e83d9729c68

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:01 GMT
content-encoding: gzip
last-modified: Thu, 12 Aug 2021 15:58:00 GMT
server: nginx
etag: W/"61154508-14e39"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 06 Sep 2021 09:44:01 GMT

GET
H2 200 7fc4fde1-d387-4773-bd96-895f2bd30a5e.jpg
c.bebi.com/ Frame D801 36 KB
37 KB 76ms
36ms Image
image/jpeg 104.21.94.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bebi.com/7fc4fde1-d387-4773-bd96-895f2bd30a5e.jpg
Requested by: Host: clicksfly.com
URL: https://clicksfly.com/ads/300/adtrue.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.94.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3bd0d82fe6ba0cf2ada802363c86b700cf5f88c74e57f3c053aef011d9d9533

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=JgUqtA==, md5=oGreuGCBVEo1PPPBw4EW4g==
date: Sun, 05 Sep 2021 09:44:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 446992
x-guploader-uploadid: ADPycdt6wnFwa0u9ur9pkJjRW2YEFKf2zVOIuXsbuE1eyPsvg6wSFHSI7luveY31nJtw23rIrLk4Fy4WEHhPy7Cwzhw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 37153
last-modified: Thu, 24 Oct 2019 05:59:05 GMT
server: cloudflare
etag: "a06adeb86081544a353cf3c1c38116e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zgj6B7KBiWMsdEPjM%2BePP6mtmHEqG4B%2BvEBOBD7se5Vb1iPuHq5z%2BRSTRWW7V%2BRw0vj4jun6w3oo%2FVr9Kpxpus2RZ9mPsnavYS7W%2BLYqXD5Me%2BqAIuOX9EUhiFus"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1571896745984483
content-type: image/jpeg
cache-control: public, max-age=31536000
x-goog-stored-content-length: 37153
accept-ranges: bytes
cf-ray: 689e8442ae73cd97-CDG
expires: Wed, 31 Aug 2022 05:34:09 GMT

GET
H3-29 200 micro-logo.png
st.bebi.com/ Frame D801 2 KB
3 KB 88ms
45ms Image
image/png 104.21.94.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.bebi.com/micro-logo.png
Requested by: Host: clicksfly.com
URL: https://clicksfly.com/ads/300/adtrue.php
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.94.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ca96c4f5abb628c0ac0d61c599137426a75a1de58a8a228393389fce7e529a5

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=qmfGMw==, md5=GkfTajjvwnAmRN+xBVdAzQ==
date: Sun, 05 Sep 2021 09:44:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1513
x-guploader-uploadid: ADPycdtiehE6FUldiPafnUNdSNKHk1f2OrhbXD0_JT5-oP4dhAbcUHs8_kKDvilFc8PELsm7HmEW-uDdnOLS6VFtwWP6ES_uXQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1922
last-modified: Mon, 29 Jan 2018 10:32:41 GMT
server: cloudflare
etag: "1a47d36a38efc2702644dfb1055740cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5KjH8bs7elTT9K4JSDwshN97N%2BlMHCZLQzhL7%2BsznGdcOiBQBjyOLbkatoU4zh9v%2FT4SzPYNBtf%2BD9h6oSfaP5uivmpztFsu3go3sdY%2FG%2B88zJw4hkfTfWN6%2FGjDw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1517221961054923
content-type: image/png
cache-control: public, max-age=3600
x-goog-stored-content-length: 1922
accept-ranges: bytes
cf-ray: 689e8442da92cd9f-CDG
expires: Sun, 05 Sep 2021 10:18:48 GMT

GET
H2 200 go
trck.bebi.com/1.0/ Frame D801 43 B
427 B 55ms
44ms Image
image/gif 104.21.94.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trck.bebi.com/1.0/go?tq=qvTLzNK0QC6rhAz03vPVGIb2aqjrHCWYLpIs3Jrkw6o1aI1sRFc3QCCKnGitBUjQiB9Rkp-6kqEaC_JnfgwJucXRC1s3EhSlPNMjblk80axaqF8IeRSCaYJolif0xHfysvre5s073SioRr_y3iaTgpDGUGzSIqa7XYVFfmfczmCxrMk_DFxo3s-whS5gw-EGbvuoB1-MDzicPOLqOC5fVrPrdySOhCH16HD5NsyAHdYqy2qZfu_ZRysdqyWF7BwpW9W826TzreX-omSa24lXvb_vF22CdxDAp5c1sD4Xhf1IPR5Cu8CttwVtjNAS6zNtD_SHWigGmI4f4-qchcFKzFiapWPoi4sn0ta5hQAwgo4pH3kkhk-_5X-r3Jl6sFg24VlFyj3lJxktlOueAbyaEOK-kjDYynd0WmNIaKQKIcQtQy0krbdBtEBfjCGXNnQgxvd1-gkBNcbip4WUkBSgiX71JGSByXhhe7zFhtZJa3b9ROuHvcJZho2k9Ux3kUISmGxLNBDqKX62Kpl_9vqagNWitkjO5dqjddq1IkxWfXYY3rLapADWmgHJVBq7rGr4ZbacwsuvCMUarniFd6mqg1kCxzbrnufSBQ9kj1DLa1GJrvI5PEKwiQv-wA3Gk7UabXElF89XUStfBSwDsaUpy6y_Bvxk5e5zW2eEQw44joUe31TWbdVbc0S6xyM2IdY8gASD49cgWWNnN1d8e0ef1Kq72rEAee4f7H1iz5rGp7pW9YfugGPOglusNoRZgW1ZS55QI444_Omv9CX1eUMWPp333ykdC3_v0weP-uXKYZAGxWefQ8gvcu-9OZwBcAPUnVAMzbLX4-lg_W0s6H1ulBKJFV8exdpCe6IUzP-hWzI&bi=28eabf30-2776-433d-b44b-e6b3a9aa963b&bbuid=2e3d5e08-10a6-4713-bf19-29aec32760e5
Requested by: Host: clicksfly.com
URL: https://clicksfly.com/ads/300/adtrue.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.94.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 09:44:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4FdBJSV0ablRonohGy9cRJwCh2w0AfKpPQOXM7o6gic6d2rid5W12h%2BJ7JmQaYLlYTAvcbWnYLtS%2BY5PQtxg1Gv8NBDQZyia5vDwyssZ8KIwWiWm1a%2FtFK04KherQHXr"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, private, no-cache no-store proxy-revalidate
cf-ray: 689e8442ae77cd97-CDG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 6483 84 KB
27 KB 79ms
32ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 9b34825eb68ebbe49410251b863c07e811c9e406286c7a8f00f88e83d9729c68

Request headers

Referer: https://clicksfly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 09:44:01 GMT
content-encoding: gzip
last-modified: Thu, 12 Aug 2021 15:58:00 GMT
server: nginx
etag: W/"61154508-14e39"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 06 Sep 2021 09:44:01 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 6A5B 11 KB
5 KB 79ms
27ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=clk.ink

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

58da6480fc50a14bd6f73842552e9bfbd623d883c9a81d68b7d27b52d0afe71c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=clk.ink
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://clicksfly.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://clicksfly.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2265
set-cookie: uid=29370a0e-b3a9-46f5-ba8b-7b981b83b990; expires=Fri, 30 Sep 2022 09:44:00 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Sun, 05 Sep 2021 09:44:01 GMT
content-length: 4666

GET
H2

200

sid Show response
mug.criteo.com/ Frame 6A5B
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=clicksfly.com&sn=ChromeSyncframe&so=0&topUrl=clk.ink
https://mug.criteo.com/sid?cpp=FSXcPXx1Z2twenZrc0I3MVdwcEJNdzY4aTBBb2FjVFgyMnVjNzIwNjU3cmY0dTY1SXpWQkJDSDB4ajFwdzQxeUtsZGVra2psNGtpczZFdkJ0ZFBqbnlyL3ExSDNYUjViby9aZkFKNVNnM1V0S2RlRWNlOGFWSXRjelVYaW...

331 B
550 B

130ms
43ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=FSXcPXx1Z2twenZrc0I3MVdwcEJNdzY4aTBBb2FjVFgyMnVjNzIwNjU3cmY0dTY1SXpWQkJDSDB4ajFwdzQxeUtsZGVra2psNGtpczZFdkJ0ZFBqbnlyL3ExSDNYUjViby9aZkFKNVNnM1V0S2RlRWNlOGFWSXRjelVYaWtFeEYwK3JKZFlWT3lWek43WUorNWhwUnZSVmtUOS9JZzhVN25DM3JaRUxyNWxiaGZ4aGlIWXloZlAxcVJ4bG5CWCsrOG1acG40VXY4MWwveWZTd0MzRmdyamVoaWJnPT18&cppv=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

4bb30d9714ef261ae4e6d6d06bb3a977562fcd88d93585096686099a1c02f75e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Sun, 05 Sep 2021 09:44:01 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2440
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sun, 05 Sep 2021 09:44:01 GMT
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=FSXcPXx1Z2twenZrc0I3MVdwcEJNdzY4aTBBb2FjVFgyMnVjNzIwNjU3cmY0dTY1SXpWQkJDSDB4ajFwdzQxeUtsZGVra2psNGtpczZFdkJ0ZFBqbnlyL3ExSDNYUjViby9aZkFKNVNnM1V0S2RlRWNlOGFWSXRjelVYaWtFeEYwK3JKZFlWT3lWek43WUorNWhwUnZSVmtUOS9JZzhVN25DM3JaRUxyNWxiaGZ4aGlIWXloZlAxcVJ4bG5CWCsrOG1acG40VXY4MWwveWZTd0MzRmdyamVoaWJnPT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1834
content-length: 455
expires: 0

GET
H2 200 Vlc3YWotdUQWNSMlW0NQdD9DFRolbRhOCTo8GQgEPXhEFkQ8JBVNSCU6UUNQZ3sVFQsxCF4FSGx1AFJdZWUDQ0Z0JEIDNT8zBUNQdDFTAFNjMQEER25mAlZHYmRVUUc0MQFSR2UzUgVcYDNWB1lgMxUc Show response
aphycolourses.info/ 56 KB
21 KB 313ms
105ms Script
application/javascript 54.235.172.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aphycolourses.info/Vlc3YWotdUQWNSMlW0NQdD9DFRolbRhOCTo8GQgEPXhEFkQ8JBVNSCU6UUNQZ3sVFQsxCF4FSGx1AFJdZWUDQ0Z0JEIDNT8zBUNQdDFTAFNjMQEER25mAlZHYmRVUUc0MQFSR2UzUgVcYDNWB1lgMxUc
Requested by: Host: clk.ink
URL: https://clk.ink/sw.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.235.172.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-235-172-58.compute-1.amazonaws.com
Software: / Express
Resource Hash: a9a033b9a12e3ff1407c3cd2ac8ce23fe885e58afea74736d6930a456597c11c

Request headers

Referer: https://clk.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"df65-yO8p41aLN3qzNKw4kkQjEwMXZWI"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

POST
H2 204 collect
www.google-analytics.com/g/ 0
165 B 13ms
13ms Ping
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-X5P6MKTMMH&gtm=2oe910&_p=222629216&sr=1600x1200&ul=en-us&cid=1975581457.1630835042&_s=1&dl=https%3A%2F%2Fclk.ink%2FXRUXRxFQ&dt=Fake%20Virus%20Screen%20-%20Files%20encrypted&sid=1630835041&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X5P6MKTMMH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://clk.ink/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 09:44:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://clk.ink
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame DFAE 52 KB
17 KB 108ms
32ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://clicksfly.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://clicksfly.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 03 Sep 2021 04:45:39 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sun, 05 Sep 2021 09:44:04 GMT
Age: 17901
X-Served-By: cache-lga21966-LGA, cache-fra19176-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 131195
X-Timer: S1630835044.038063,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame DFAE
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
803 B

34ms
34ms

Script
text/html

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 05 Sep 2021 09:44:04 GMT
X-Proxy-Origin: 82.102.18.114; 82.102.18.114; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: ac35e9c1-4cbc-48d5-a70a-84d768aaceaa
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 05 Sep 2021 09:44:04 GMT
X-Proxy-Origin: 82.102.18.114; 82.102.18.114; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 5864ee44-4eee-44c0-8c2e-a16311ca0b16
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame DFAE 0
731 B 34ms
33ms Script
text/html 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 05 Sep 2021 09:44:05 GMT
X-Proxy-Origin: 82.102.18.114; 82.102.18.114; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: cfccf79e-edaa-470d-bcb7-24b15e946c6b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d3al52d8cojds7.cloudfront.net
URL: https://d3al52d8cojds7.cloudfront.net/?tid=779520

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.criteo.com/	1970-01-20 06:22:11	Name: uid Value: 29370a0e-b3a9-46f5-ba8b-7b981b83b990

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acdn.adnxs.com
amplitudewassnap.com
aphycolourses.info
bidder.criteo.com
c.bebi.com
cdn-adtrue.com
cdn.adtrue.com
cdn.netcatx.com
clicksfly.com
clk.ink
d2d8qsxiai9qwj.cloudfront.net
d3al52d8cojds7.cloudfront.net
exchange.adtrue.com
fonts.googleapis.com
fonts.gstatic.com
go.bebi.com
gum.criteo.com
ib.adnxs.com
mug.criteo.com
st.bebi.com
static.criteo.net
t.go2.global
track.adtrue.com
trck.bebi.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.recaptcha.net
d3al52d8cojds7.cloudfront.net
104.21.94.194
143.204.101.58
151.101.13.108
178.250.2.131
178.250.2.146
192.243.59.12
2606:4700:10::6816:3181
2606:4700:3033::6815:e40
2606:4700:3034::6815:4ca0
2606:4700:3036::6815:314
2606:4700:3037::ac43:a5d5
2606:4700:3038::6815:ead6
2a00:1450:4001:801::2003
2a00:1450:4001:802::2004
2a00:1450:4001:813::200a
2a00:1450:4001:827::2003
2a00:1450:4001:829::2008
2a00:1450:4001:829::200e
2a02:2638::1c
2a02:2638::3
37.252.172.250
44.237.115.105
52.41.67.87
54.235.172.58
01565e38a434b56e5ee0302270b938c3414682bfcc6d5ee3489af5a3808b0ec5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
252415c467aa6dd700db4ae7ef9bb66c5bfb3a244852e1caa946620c6e45ada5
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
31019413fee993018ee66cb39c98ebf7b37365b9e7b439fdfccc33eaa81429b5
3332ab43d77c097f4ea9dc7c8121ae27fc52b03ef4095d1eaf544c2d5d7a400d
34cfd57fc39d692c79b8c064a386331687ac463dc45cfdfa2341437f07fe8497
379429fb5012e4008b53c0c2906adffe1c6452757413d6f975a841aad30d8fc9
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3de82b4398c3f80c3d1cbeb7f05ec55582966bd43039f5b4b02543bd78148bcf
43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629
4b5fb8fae1a0b3ba26dcfb486dde37b17ece7036448a7971dc655fd4e82b13ce
4bb30d9714ef261ae4e6d6d06bb3a977562fcd88d93585096686099a1c02f75e
53b76c4b64f7c6ba4c9611ad4597aff49716847dad6aba5f9ed7c3fcff2edeb0
58da6480fc50a14bd6f73842552e9bfbd623d883c9a81d68b7d27b52d0afe71c
5f6ef7df0303120469606d9f1046c0bf277731cc04239c80dfba0ea1cc341c10
6463550f26d824d4dbdd336bc1567c240e76cb15181f22fe40fca035444deea1
6ca96c4f5abb628c0ac0d61c599137426a75a1de58a8a228393389fce7e529a5
800cc17547f681061fdd060edbbb8370e83b8df56e5ce1183e90715109bff72f
80c8b789ae1e5ea87c4c39c56405da83433fe91c902932801dfad54e3ecebc3b
852593ea1830ce3d6821822385a17af199442f4938b588ed7c84942c351d9f16
8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d
9a69c611057438ac49aea9132fa8e2ad3ae9fefdfe2164b457938fde88e68b35
9b34825eb68ebbe49410251b863c07e811c9e406286c7a8f00f88e83d9729c68
9d807c16e2160c2660ffd43bf8b8bc54eb39ecd044e823209c0ade70db965d5a
a00f59dc1f74231f0580667070732282577df98debb6f81d0188c7fbe73b1de6
a9a033b9a12e3ff1407c3cd2ac8ce23fe885e58afea74736d6930a456597c11c
ad05740966a78657cf685251d6aea88a1e8f9df8355707c82bd727d62133011f
b386764e2b714f6fe617daaedd1946a7161fc2ae5f9bd0bf606f76287121ee1d
b4259dbb0191c97a891b857a18b128a117310364e59726cff9eb639dcd22023b
c3bd0d82fe6ba0cf2ada802363c86b700cf5f88c74e57f3c053aef011d9d9533
c743c3cca33171ff56c892acb6bdb21f4e9d10be761f75f45efd8dda552780d8
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d088705648e1ab5d38071777f825d3eed992bd1e2d6ef458134db7155ffb8ecc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
f0042cf2e2a5baa6961ebea63cb9c8cd494742dae81afb1bc2959a892175ae79

clk.ink Open in urlscan Pro 2606:4700:3036::6815:314 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

47 Requests

98 %HTTPS

58 %IPv6

19 Domains

28 Subdomains

25 IPs

4 Countries

792 kBTransfer

1956 kBSize

1 Cookies

6 Outgoing links

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

clk.ink Open in urlscan Pro
2606:4700:3036::6815:314 Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

98 %
HTTPS

58 %
IPv6

19
Domains

28
Subdomains

25
IPs

4
Countries

792 kB
Transfer

1956 kB
Size

1
Cookies

47 HTTP transactions
0 data transactions