urlscan.io logo urlscan.io
SecurityTrails logo

rtb.disply.me Open in urlscan Pro
78.137.97.132  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://nameketathar.pro/?tid=697712&red=1&cs=UzV2WEliABRsKmIBRG0rZVFCYHlj&abt=0&v=1.34.9.2&sm=16&k=&sts=0&prn=0&emb=1&u=...
Effective URL: https://rtb.disply.me/a2nn1qfjjoq046z6kph65
Submission: On July 29 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 2 HTTP transactions. The main IP is 78.137.97.132, located in Germany and belongs to PROFITBRICKS-AS, DE. The main domain is rtb.disply.me.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on October 17th 2018. Valid for: 2 years.
This is the only time rtb.disply.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 54.83.180.100 14618 (AMAZON-AES)
2 2 184.173.87.162 36351 (SOFTLAYER)
1 78.137.97.132 51862 (PROFITBRI...)
2 2
Apex Domain
Subdomains		 Transfer
2 mybetterdl.com
mybetterdl.com
p203248.mybetterdl.com
1 KB
1 disply.me
rtb.disply.me
570 B
1 nameketathar.pro
nameketathar.pro
3 KB
2 3
Domain Requested by
1 rtb.disply.me rtb.disply.me
1 p203248.mybetterdl.com 1 redirects
1 mybetterdl.com 1 redirects
1 nameketathar.pro 1 redirects
2 4

This site contains no links.

Subject Issuer Validity Valid
*.disply.me
AlphaSSL CA - SHA256 - G2		 2018-10-17 -
2020-10-17		 2 years crt.sh

This page contains 1 frames:

Frame: http://rtb.disply.me/a2nn1qfjlamijbz6k5wd1
Frame ID: EB752F9D45BD49495288241882CB2D59
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://nameketathar.pro/?tid=697712&red=1&cs=UzV2WEliABRsKmIBRG0rZVFCYHlj&abt=0&v=1.34.9.2&sm=16&k=&... HTTP 302
    http://mybetterdl.com/aS/feedclick?s=tmxvfbadWlkVf3QFSghc6fZKRsqpyl7xsGnkh5YdYpvFWIcgvNCIflzQrcxfB... HTTP 302
    http://p203248.mybetterdl.com/adServe/adClick?ai=utaGB_LycpNqqym3ENxkUgcR_QeyMyCFVNmDdYdLEmY9bAZ8wrBLFkJ2_... HTTP 302
    https://rtb.disply.me/a2nn1qfjjoq046z6kph65 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

2
IPs

2
Countries

1 kB
Transfer

0 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nameketathar.pro/?tid=697712&red=1&cs=UzV2WEliABRsKmIBRG0rZVFCYHlj&abt=0&v=1.34.9.2&sm=16&k=&sts=0&prn=0&emb=1&u=2176089214050337749&fs=1&ref=https://gounlimited.to/embed-lbicu5qxrpry.html&osr=www.filmorias.com&dstl=http://myornamenti.com/c7e9ew08n3?ntv=81&refer=https%3A%2F%2Fgounlimited.to%2Fembed-lbicu5qxrpry.html&kw=%5B%5D&key=63654d071e640115ca91c01b5a31bb7d&scrWidth=1280&scrHeight=720&tz=2&ship=&pst=&res=5.287&dev=r&adb=n&jst=8&enr=0&lcua=mozilla/5.0%20(windows%20nt%2010.0;%20win64;%20x64)%20applewebkit/537.36%20(khtml,%20like%20gecko)%20chrome/75.0.3770.142%20safari/537.36&tzd=2&uloc=hu-HU,hu&if=0&ct=1&ctc=9&_4SZx=1564087527443 HTTP 302
    http://mybetterdl.com/aS/feedclick?s=tmxvfbadWlkVf3QFSghc6fZKRsqpyl7xsGnkh5YdYpvFWIcgvNCIflzQrcxfBVl5u-nYe6d-YnsGvLcNuFljMOSDrk-WTo7xt68EA7au24MQlxbiI6jCualn2qeMlLf4MACrWjRFRbdQqA-7SpS1-nz8A67K93Xm2XLBSeumdxp-RQAFn2BQ3_odIIyOE_erWOpb1DdG2JaB5hDtt07MNAY3OMbVwexzMYV9a6eCRSPU5VnDgLX4xAjV8ptGnCa-P-AAq8_czQu47vLEd5Yt7uQXcimrIiQJc7feCDzeYwbebCNg5LUCflBrzs98KXx696RpYVaim23yguDeL22ebgibGuY7Oa1QWHP3F9uE3Isq2F8e4lunSQArOV1sqzN0iBBuoed8UeQb7xDCbP16YrhAKiuGdpE3vFE990BJ0wKd136973R6nt7LsVMdVdMHTJTz6Gn9H0tAWgx9e9ohBbkGXFmPQNnCF3nq_TbatfVBuhSqH5WQAboh1eTfx-Ja_dP1dDsvjFVjaOndNi1jSf2hR4A6uziCWYenC_VWeKCMlLGcut58Aie8F_u61nTXnBYOIPKq1x0p_zha425a7QWOQ40LYL_lRo15nGCHj7U48gbudC7xdE492yz46CuhGdSjtpsW18dKwM4FlQOfk8qUJTHLy1N2U6XEPuLPCNtxvj3bYELczoNRrwJvwHdPbdZrgyUc3JGS5_kK5QTgc3rdWc6xAXrVMTKBzs6pVnHPgDhgWAg6QqkTF-sw-vGdsNgrbVjcv7Q9GzK8OW3OBrTtraWH3DaqxwOeFmwWyn1Wc25g8eyjESwHcS4QIEDvZVXoncPwSws0zDdaMyg1LLt8k9-mum5-SrMsOVSOrFIhkG_c4jRWTO8RQ4QGFYZl988TCBGs5LRcrTQbViXJkuWcDzjNBRskSnVPWzYgS5F4MERqc-xHHFxNC1E927Htk371rqsdVxw8Wb8K3kuC9eBywwjjMsfHuRJ5hXl1l-eIsrTp0tx9XMW_LZEobZfJsgSZluxHBz07pgHk6WO8eNpqovRHA8A5hQo4QOZKHM-HX8y66E6MIDjFpjO-N-K6F_BpxwsnAUlKmits4ssj51HaauiSvts47WwBM7LF7_Z3tyT5krUfI0fBsLPoMHOZKjrQyggM771xJs30V7EuzSTTM3ZoA2fbhEPj6q84qYTrnc0ODWnCNS5DcvvsDwnUF5okdrNNiN4cefSl7_dD6SIC3qCm-kdh8QS2TklgpmrbBp8qsGUZng&__id__=http://mybetterdl.com/aS/feedclick?s=tmxvfbadWlkVf3QFSghc6fZKRsqpyl7xsGnkh5YdYpvFWIcgvNCIflzQrcxfBVl5u-nYe6d-YnsGvLcNuFljMOSDrk-WTo7xt68EA7au24MQlxbiI6jCualn2qeMlLf4MACrWjRFRbdQqA-7SpS1-nz8A67K93Xm2XLBSeumdxp-RQAFn2BQ3_odIIyOE_erWOpb1DdG2JaB5hDtt07MNAY3OMbVwexzMYV9a6eCRSPU5VnDgLX4xAjV8ptGnCa-P-AAq8_czQu47vLEd5Yt7uQXcimrIiQJc7feCDzeYwbebCNg5LUCflBrzs98KXx696RpYVaim23yguDeL22ebgibGuY7Oa1QWHP3F9uE3Isq2F8e4lunSQArOV1sqzN0iBBuoed8UeQb7xDCbP16YrhAKiuGdpE3vFE990BJ0wKd136973R6nt7LsVMdVdMHTJTz6Gn9H0tAWgx9e9ohBbkGXFmPQNnCF3nq_TbatfVBuhSqH5WQAboh1eTfx-Ja_dP1dDsvjFVjaOndNi1jSf2hR4A6uziCWYenC_VWeKCMlLGcut58Aie8F_u61nTXnBYOIPKq1x0p_zha425a7QWOQ40LYL_lRo15nGCHj7U48gbudC7xdE492yz46CuhGdSjtpsW18dKwM4FlQOfk8qUJTHLy1N2U6XEPuLPCNtxvj3bYELczoNRrwJvwHdPbdZrgyUc3JGS5_kK5QTgc3rdWc6xAXrVMTKBzs6pVnHPgDhgWAg6QqkTF-sw-vGdsNgrbVjcv7Q9GzK8OW3OBrTtraWH3DaqxwOeFmwWyn1Wc25g8eyjESwHcS4QIEDvZVXoncPwSws0zDdaMyg1LLt8k9-mum5-SrMsOVSOrFIhkG_c4jRWTO8RQ4QGFYZl988TCBGs5LRcrTQbViXJkuWcDzjNBRskSnVPWzYgS5F4MERqc-xHHFxNC1E927Htk371rqsdVxw8Wb8K3kuC9eBywwjjMsfHuRJ5hXl1l-eIsrTp0tx9XMW_LZEobZfJsgSZluxHBz07pgHk6WO8eNpqovRHA8A5hQo4QOZKHM-HX8y66E6MIDjFpjO-N-K6F_BpxwsnAUlKmits4ssj51HaauiSvts47WwBM7LF7_Z3tyT5krUfI0fBsLPoMHOZKjrQyggM771xJs30V7EuzSTTM3ZoA2fbhEPj6q84qYTrnc0ODWnCNS5DcvvsDwnUF5okdrNNiN4cefSl7_dD6SIC3qCm-kdh8QS2TklgpmrbBp8qsGUZng HTTP 302
    http://p203248.mybetterdl.com/adServe/adClick?ai=utaGB_LycpNqqym3ENxkUgcR_QeyMyCFVNmDdYdLEmY9bAZ8wrBLFkJ2_QKY1vAAP0RWgXMK-vqdSxlVmFZU8_7b0smYQd2ZntvpDL1rWYdIX7PSFWu1BmBIPeI2qqM859QYvVFfg8ipKBXQTHAE_SuuNTISE4V8orR5whfagiDH8dxfkNm-P49opb9y5f3kf6gmL4f0BkMdkGtTWYuRN98EU-ckmGwhOTggT6UYYcQmYIJGi_TSUWTfxfs1Jb0VofB33BW-m9pDG-A6O8vm_g3tKy_heZIp6ZdHpXnyFOE0nI3YxdbSQmsoK2PQR3cP1HanXB3kwMrUDctBB5bK4AzpxF2ezqEJkRZoDkTN6TQuDi9ZpyJrxP09V6ZFcdrqJg1v6JbB0DQ&ui=tmxvfbadWlkVf3QFSghc6fNVAecEZg52IaIc3yOo5HJPz1TniArcwKjxkBb2KdATJNMzdmgDZ9uEQ-PqrziphOudzQ4NacI1LkNy--wPCdRgMU33M9J3gA&si=1&oref=40da74aaadc6972720a205cf4ba61695&rb=KnnqXN8ucBg&rr=0&isco=t HTTP 302
    https://rtb.disply.me/a2nn1qfjjoq046z6kph65 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set a2nn1qfjjoq046z6kph65
rtb.disply.me/
Redirect Chain
  • http://nameketathar.pro/?tid=697712&red=1&cs=UzV2WEliABRsKmIBRG0rZVFCYHlj&abt=0&v=1.34.9.2&sm=16&k=&sts=0&prn=0&emb=1&u=2176089214050337749&fs=1&ref=https://gounlimited.to/embed-lbicu5qxrpry.html&o...
  • http://mybetterdl.com/aS/feedclick?s=tmxvfbadWlkVf3QFSghc6fZKRsqpyl7xsGnkh5YdYpvFWIcgvNCIflzQrcxfBVl5u-nYe6d-YnsGvLcNuFljMOSDrk-WTo7xt68EA7au24MQlxbiI6jCualn2qeMlLf4MACrWjRFRbdQqA-7SpS1-nz8A67K93Xm...
  • http://p203248.mybetterdl.com/adServe/adClick?ai=utaGB_LycpNqqym3ENxkUgcR_QeyMyCFVNmDdYdLEmY9bAZ8wrBLFkJ2_QKY1vAAP0RWgXMK-vqdSxlVmFZU8_7b0smYQd2ZntvpDL1rWYdIX7PSFWu1BmBIPeI2qqM859QYvVFfg8ipKBXQTHAE...
  • https://rtb.disply.me/a2nn1qfjjoq046z6kph65
297 B
570 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.disply.me/a2nn1qfjjoq046z6kph65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
78.137.97.132 , Germany, ASN51862 (PROFITBRICKS-AS, DE),
Reverse DNS
ip78-137-97-132.pbiaas.com
Software
nginx/1.13.0 / PHP/5.6.30
Resource Hash
65e86ad7f0044b3178f7abcb4d7e0f7d4bb74b9aa21d9fa6e2816309a66c5d52

Request headers

Host
rtb.disply.me
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Server
nginx/1.13.0
Date
Mon, 29 Jul 2019 12:25:51 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/5.6.30
Set-Cookie
YUC=49b5cd65-8771-4142-97ea-9ff37542ad79; expires=Mon, 28-Oct-2019 12:25:51 GMT; Max-Age=7862400; path=/
X-Node
de-pool01-tr01
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Mon, 29 Jul 2019 12:25:48 GMT
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=5
Set-Cookie
rhid=65990393488; Max-Age=15552000; Expires=Sat, 25-Jan-2020 12:25:48 GMT; Domain=mybetterdl.com; Path=/ loi=ad_683043_off_276189_aff_15466_cid_203248-697712_ts_1564403148; Max-Age=3600; Expires=Mon, 29-Jul-2019 13:25:48 GMT; Domain=mybetterdl.com; Path=/
Location
https://rtb.disply.me/a2nn1qfjjoq046z6kph65
a2nn1qfjlamijbz6k5wd1
rtb.disply.me/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
rtb.disply.me
URL
http://rtb.disply.me/a2nn1qfjlamijbz6k5wd1

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mybetterdl.com
nameketathar.pro
p203248.mybetterdl.com
rtb.disply.me
rtb.disply.me
184.173.87.162
54.83.180.100
78.137.97.132
65e86ad7f0044b3178f7abcb4d7e0f7d4bb74b9aa21d9fa6e2816309a66c5d52