urlscan.io logo urlscan.io
SecurityTrails logo

ww25.click.trlxcf02.com Open in urlscan Pro
199.59.243.227  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://webmail.osponline.nl/HKduGLx3FA?93spq7!gffff1nlmcn!g!hwnx9!glbm4!gg!gg3!gk!gxlp6!gfv241!gffffl
Effective URL: https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ff...
Submission: On November 22 via manual from GB — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 5 countries across 7 domains to perform 12 HTTP transactions. The main IP is 199.59.243.227, located in United States and belongs to AMAZON-02, US. The main domain is ww25.click.trlxcf02.com.
TLS certificate: Issued by R11 on November 3rd 2024. Valid for: 3 months.
This is the only time ww25.click.trlxcf02.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 185.230.15.72 208485 (EKSENBILI...)
1 1 104.199.34.244 396982 (GOOGLE-CL...)
1 1 35.240.19.90 396982 (GOOGLE-CL...)
1 4 103.224.182.251 133618 (TRELLIAN-...)
4 199.59.243.227 16509 (AMAZON-02)
1 172.217.18.4 15169 (GOOGLE)
1 142.250.185.226 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
12 5
1    185.230.15.72 (Amsterdam, Netherlands)

ASN208485 (EKSENBILISIM Nese Mala trading as Moon Dc, TR)
webmail.osponline.nl
1    104.199.34.244 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 244.34.199.104.bc.googleusercontent.com
tosecured.com
1    35.240.19.90 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 90.19.240.35.bc.googleusercontent.com
identifyings.com
4    103.224.182.251 (Australia)

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-182-251.above.com
click.trlxcf02.com
4    199.59.243.227 (United States)

ASN16509 (AMAZON-02, US)
ww25.click.trlxcf02.com
1    172.217.18.4 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f4.1e100.net
www.google.com
1    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
partner.googleadservices.com
3    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
syndicatedsearch.goog
Apex Domain
Subdomains		 Transfer
8 trlxcf02.com
click.trlxcf02.com
ww25.click.trlxcf02.com
58 KB
3 syndicatedsearch.goog
syndicatedsearch.goog — Cisco Umbrella Rank: 3335
720 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 5439
260 B
1 google.com
www.google.com — Cisco Umbrella Rank: 3
54 KB
1 identifyings.com
identifyings.com
750 B
1 tosecured.com
tosecured.com
316 B
1 osponline.nl
webmail.osponline.nl
382 B
12 7
Domain Requested by
4 ww25.click.trlxcf02.com click.trlxcf02.com
ww25.click.trlxcf02.com
4 click.trlxcf02.com 1 redirects click.trlxcf02.com
3 syndicatedsearch.goog www.google.com
1 partner.googleadservices.com www.google.com
1 www.google.com ww25.click.trlxcf02.com
1 identifyings.com 1 redirects
1 tosecured.com 1 redirects
1 webmail.osponline.nl 1 redirects
12 8

This site contains no links.

Subject Issuer Validity Valid
tplinkusa.com
R10		 2024-09-30 -
2024-12-29		 3 months crt.sh
ww25.click.trlxcf02.com
R11		 2024-11-03 -
2025-02-01		 3 months crt.sh
*.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.googleadservices.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
syndicatedsearch.goog
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
Frame ID: 7C9284A432E8813A0108C498FA1052C0
Requests: 11 HTTP requests in this frame

Frame: https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol122%2Cpid-bodis-gcontrol488%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis31_3ph&r=m&hl=nl&ivt=0&rpbu=https%3A%2F%2Fww25.click.trlxcf02.com%2F%3Fcaf%3D1%26bpt%3D345%26affid%3D100481%26c1%3D381223140%26c3%3D1705%26subid1%3D20241123-0906-33f9-91e1-95a6ffdcf735&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301542%2C17301266%2C72717108%2C49280906%2C72771953&format=r3&nocache=4381732313194193&num=0&output=afd_ads&domain_name=ww25.click.trlxcf02.com&v=3&bsl=8&pac=0&u_his=1&u_tz=60&dt=1732313194194&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&uio=-&cont=rs&drt=0&jsid=caf&nfp=1&jsv=697661440&rurl=https%3A%2F%2Fww25.click.trlxcf02.com%2Fclick%2FyX3CWbghyB5c8Bznu2%3Faffid%3D100481%26c1%3D381223140%26c3%3D1705%26subid1%3D20241123-0906-33f9-91e1-95a6ffdcf735
Frame ID: 6A0A7D80D4D551CD92519EB41CF0BD38
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

trlxcf02.com

Page URL History Show full URLs

  1. http://webmail.osponline.nl/HKduGLx3FA?93spq7!gffff1nlmcn!g!hwnx9!glbm4!gg!gg3!gk!gxlp6!gfv241!gffffl HTTP 307
    https://webmail.osponline.nl/HKduGLx3FA?93spq7!gffff1nlmcn!g!hwnx9!glbm4!gg!gg3!gk!gxlp6!gfv241!gffffl HTTP 302
    https://tosecured.com/?a=1705&oc=22291&c=58890&m=3&s1=1_407204_176071&s2=52_1347814_451942_4&s3=55... HTTP 302
    https://identifyings.com/?a=1705&oc=22291&c=58890&m=3&s1=1_407204_176071&s2=52_1347814_451942_4&s3=55... HTTP 302
    https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705 Page URL
  2. http://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&fp=3f9689c9c10f3e... HTTP 307
    https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&fp=3f9689c9c10f3e... HTTP 302
    http://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0... HTTP 307
    https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0... HTTP 307
    https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0... Page URL

Page Statistics

12
Requests

100 %
HTTPS

13 %
IPv6

7
Domains

8
Subdomains

5
IPs

5
Countries

112 kB
Transfer

225 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://webmail.osponline.nl/HKduGLx3FA?93spq7!gffff1nlmcn!g!hwnx9!glbm4!gg!gg3!gk!gxlp6!gfv241!gffffl HTTP 307
    https://webmail.osponline.nl/HKduGLx3FA?93spq7!gffff1nlmcn!g!hwnx9!glbm4!gg!gg3!gk!gxlp6!gfv241!gffffl HTTP 302
    https://tosecured.com/?a=1705&oc=22291&c=58890&m=3&s1=1_407204_176071&s2=52_1347814_451942_4&s3=550574143_8tmt0m HTTP 302
    https://identifyings.com/?a=1705&oc=22291&c=58890&m=3&s1=1_407204_176071&s2=52_1347814_451942_4&s3=550574143_8tmt0m&ckmguid=9e713bfc-18ec-4228-b0ff-8431f3f06f41 HTTP 302
    https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705 Page URL
  2. http://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&fp=3f9689c9c10f3e5af454abad6931a2b8 HTTP 307
    https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&fp=3f9689c9c10f3e5af454abad6931a2b8 HTTP 302
    http://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735 HTTP 307
    https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735 HTTP 307
    https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://webmail.osponline.nl/HKduGLx3FA?93spq7!gffff1nlmcn!g!hwnx9!glbm4!gg!gg3!gk!gxlp6!gfv241!gffffl HTTP 307
  • https://webmail.osponline.nl/HKduGLx3FA?93spq7!gffff1nlmcn!g!hwnx9!glbm4!gg!gg3!gk!gxlp6!gfv241!gffffl HTTP 302
  • https://tosecured.com/?a=1705&oc=22291&c=58890&m=3&s1=1_407204_176071&s2=52_1347814_451942_4&s3=550574143_8tmt0m HTTP 302
  • https://identifyings.com/?a=1705&oc=22291&c=58890&m=3&s1=1_407204_176071&s2=52_1347814_451942_4&s3=550574143_8tmt0m&ckmguid=9e713bfc-18ec-4228-b0ff-8431f3f06f41 HTTP 302
  • https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
yX3CWbghyB5c8Bznu2
click.trlxcf02.com/click/
Redirect Chain
  • http://webmail.osponline.nl/HKduGLx3FA?93spq7!gffff1nlmcn!g!hwnx9!glbm4!gg!gg3!gk!gxlp6!gfv241!gffffl
  • https://webmail.osponline.nl/HKduGLx3FA?93spq7!gffff1nlmcn!g!hwnx9!glbm4!gg!gg3!gk!gxlp6!gfv241!gffffl
  • https://tosecured.com/?a=1705&oc=22291&c=58890&m=3&s1=1_407204_176071&s2=52_1347814_451942_4&s3=550574143_8tmt0m
  • https://identifyings.com/?a=1705&oc=22291&c=58890&m=3&s1=1_407204_176071&s2=52_1347814_451942_4&s3=550574143_8tmt0m&ckmguid=9e713bfc-18ec-4228-b0ff-8431f3f06f41
  • https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705
1 KB
923 B 		Document
General
Check archive.org
Download Go to
Full URL
https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
103.224.182.251 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
lb-182-251.above.com
Software
Apache /
Resource Hash
edfbf1e881100896831ade6202cc908fb02154d64935ac0be8135f61c5ae3db7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

connection
close
content-encoding
gzip
content-length
628
content-type
text/html; charset=UTF-8
date
Fri, 22 Nov 2024 22:06:31 GMT
server
Apache
vary
Accept-Encoding

Redirect headers

cache-control
private
content-length
210
content-type
text/html; charset=utf-8
date
Fri, 22 Nov 2024 22:06:30 GMT
location
https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
iife.min.js
click.trlxcf02.com/js/fingerprint/ 		33 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://click.trlxcf02.com/js/fingerprint/iife.min.js
Requested by
Host: click.trlxcf02.com
URL: https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
103.224.182.251 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
lb-182-251.above.com
Software
Apache /
Resource Hash
c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705

Response headers

content-encoding
gzip
etag
"85c0-6250852f4b980-gzip"
connection
close
accept-ranges
bytes
content-length
14345
date
Fri, 22 Nov 2024 22:06:32 GMT
last-modified
Tue, 22 Oct 2024 03:25:42 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
favicon.ico
click.trlxcf02.com/ 		94 B
170 B 		Other
General
Check archive.org
Download Go to
Full URL
https://click.trlxcf02.com/favicon.ico
Protocol
HTTP/1.0
Security
TLS 1.3, , AES_256_GCM
Server
103.224.182.251 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
lb-182-251.above.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705

Response headers

content-type
text/html
cache-control
no-cache
Primary Request yX3CWbghyB5c8Bznu2
ww25.click.trlxcf02.com/click/
Redirect Chain
  • http://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&fp=3f9689c9c10f3e5af454abad6931a2b8
  • https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&fp=3f9689c9c10f3e5af454abad6931a2b8
  • http://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
  • https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
  • https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
Requested by
Host: click.trlxcf02.com
URL: https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.59.243.227 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0aaa831e8d382d5349a5e134af37c6933c6c579f094f8959bc4b60a5b41c5970

Request headers

Referer
https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ch
sec-ch-prefers-color-scheme
Cache-Control
no-store, max-age=0
Connection
close
Content-Length
1350
Content-Type
text/html; charset=utf-8
Critical-Ch
sec-ch-prefers-color-scheme
Date
Fri, 22 Nov 2024 22:06:33 GMT
Vary
sec-ch-prefers-color-scheme
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xNznjcQ0wuviqxjo4bDSnZIEPivQj91gZrpuHtoo2WZN7iiMz0e4z1OJ+vcuj6wA0krMLAz5dm8UM0vTLh7NlA==
X-Request-Id
2bc0708b-8853-4a67-80ba-5e376c4cc09c

Redirect headers

Location
https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
bacwsvKgR.js
ww25.click.trlxcf02.com/ 		34 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ww25.click.trlxcf02.com/bacwsvKgR.js
Requested by
Host: ww25.click.trlxcf02.com
URL: https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.59.243.227 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7e941c2b7506a9701f157ad84f6225a935e13e7547cdd529873acabffccb707e

Request headers

sec-ch-prefers-color-scheme
light
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735

Response headers

X-Request-Id
195600cf-ea58-4bf7-b8ed-565c7ccc3f70
Content-Length
34847
Date
Fri, 22 Nov 2024 22:06:33 GMT
Content-Type
application/javascript; charset=utf-8
Connection
close
_fd
ww25.click.trlxcf02.com/ 		5 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ww25.click.trlxcf02.com/_fd?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
Requested by
Host: ww25.click.trlxcf02.com
URL: https://ww25.click.trlxcf02.com/bacwsvKgR.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.59.243.227 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2d4e623b5273f81fbe2a7d5895db8281f53c73c5fec2c379a2c590f816af2604

Request headers

Referer
https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
sec-ch-prefers-color-scheme
light
Accept
application/json
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

X-Request-Id
a90b3893-c2fa-426b-957b-8c1fc43821b2
Content-Length
5297
Date
Fri, 22 Nov 2024 22:06:33 GMT
Content-Type
application/json; charset=utf-8
Connection
close
caf.js
www.google.com/adsense/domains/ 		149 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js?abp=1&bodis=true
Requested by
Host: ww25.click.trlxcf02.com
URL: https://ww25.click.trlxcf02.com/bacwsvKgR.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.4 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f4.1e100.net
Software
sffe /
Resource Hash
62c0912c2236d285d26b80aaf607c217933d9e188b5754f4a320f371920a0bc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ww25.click.trlxcf02.com/

Response headers

content-encoding
gzip
etag
"6544651486187274138"
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
x-content-type-options
nosniff
expires
Fri, 22 Nov 2024 22:06:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 22 Nov 2024 22:06:34 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
link
<https://syndicatedsearch.goog>; rel="preconnect"
cache-control
private, max-age=3600
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
x-xss-protection
0
server
sffe
cookie.js
partner.googleadservices.com/gampad/ 		378 B
260 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=ww25.click.trlxcf02.com&client=partner-dp-bodis31_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&bodis=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
398fb5c3f2671707316d0494bcd536ebbf75f4b3ea731623877c65d8c11a2c2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ww25.click.trlxcf02.com/

Response headers

timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
239
date
Fri, 22 Nov 2024 22:06:34 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
syndicatedsearch.goog/afs/ Frame 6A0A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol122%2Cpid-bodis-gcontrol488%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis31_3ph&r=m&hl=nl&ivt=0&rpbu=https%3A%2F%2Fww25.click.trlxcf02.com%2F%3Fcaf%3D1%26bpt%3D345%26affid%3D100481%26c1%3D381223140%26c3%3D1705%26subid1%3D20241123-0906-33f9-91e1-95a6ffdcf735&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436%2C17301542%2C17301266%2C72717108%2C49280906%2C72771953&format=r3&nocache=4381732313194193&num=0&output=afd_ads&domain_name=ww25.click.trlxcf02.com&v=3&bsl=8&pac=0&u_his=1&u_tz=60&dt=1732313194194&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&uio=-&cont=rs&drt=0&jsid=caf&nfp=1&jsv=697661440&rurl=https%3A%2F%2Fww25.click.trlxcf02.com%2Fclick%2FyX3CWbghyB5c8Bznu2%3Faffid%3D100481%26c1%3D381223140%26c3%3D1705%26subid1%3D20241123-0906-33f9-91e1-95a6ffdcf735
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&bodis=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-uPd_RLAUlvLoUx2kyOP-1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection 0

Request headers

Referer
https://ww25.click.trlxcf02.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-disposition
inline
content-encoding
br
content-length
11235
content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-uPd_RLAUlvLoUx2kyOP-1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
date
Fri, 22 Nov 2024 22:06:34 GMT
expires
Fri, 22 Nov 2024 22:06:34 GMT
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server
gws
x-xss-protection
0
_tr
ww25.click.trlxcf02.com/ 		2 B
300 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ww25.click.trlxcf02.com/_tr
Requested by
Host: ww25.click.trlxcf02.com
URL: https://ww25.click.trlxcf02.com/bacwsvKgR.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.59.243.227 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://ww25.click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705&subid1=20241123-0906-33f9-91e1-95a6ffdcf735
sec-ch-prefers-color-scheme
light
Accept
application/json
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

X-Request-Id
2821df8c-7032-4255-88fc-8ddf3ece86a6
Content-Length
2
Date
Fri, 22 Nov 2024 22:06:33 GMT
Content-Type
application/json; charset=utf-8
Connection
close
gen_204
syndicatedsearch.goog/afs/ 		0
509 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=mzdr67khd1za&aqid=agBBZ8XwEfOjjuwPqoCp4QY&psid=3113057640&pbt=bs&adbx=450&adby=143&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=697661440&csala=3%7C0%7C173%7C65%7C13&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-YEe3wBa4ntK6ifwGvFvM8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ww25.click.trlxcf02.com/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-YEe3wBa4ntK6ifwGvFvM8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 22 Nov 2024 22:06:36 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
gws
x-frame-options
SAMEORIGIN
gen_204
syndicatedsearch.goog/afs/ 		0
211 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-bodis31_3ph&output=uds_ads_only&zx=b039oybf2xox&aqid=agBBZ8XwEfOjjuwPqoCp4QY&psid=3113057640&pbt=bv&adbx=450&adby=143&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis31_3ph&errv=697661440&csala=3%7C0%7C173%7C65%7C13&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-zl5aqXnBld06lc99566eig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ww25.click.trlxcf02.com/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-zl5aqXnBld06lc99566eig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 22 Nov 2024 22:06:36 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
gws
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| park object| version object| __parkour number| googleNDT_ number| googleAltLoader object| google function| __sasCookie

7 Cookies

Domain/Path Name / Value
click.trlxcf02.com/click Name: __tad
Value: 1732313191.2836579
ww25.click.trlxcf02.com/click Name: parking_session
Value: 78e6ec58-fdad-4fb1-bad9-2586871b83e9
.identifyings.com/ Name: sq
Value: dd5J7tYBRbnmPX/joAIw3IgHUHOGMYuNOcyLF2jAec1iUaTDtOF1jw==
.identifyings.com/ Name: ti
Value: aIShnR++W197/dQsTHoWIIgHUHOGMYuNOcyLF2jAec1iUaTDtOF1jw==
.identifyings.com/ Name: c12658
Value: dd5J7tYBRblfoq3fNU0r8oXSRKZOW1cOWGhGvGQnZnU147z54ZNNhQ==
ww25.click.trlxcf02.com/ Name: parking_session
Value: 78e6ec58-fdad-4fb1-bad9-2586871b83e9
.trlxcf02.com/ Name: __gsas
Value: ID=732766a6e5e24bcd:T=1732313194:RT=1732313194:S=ALNI_MaHl0cfCAO2U0NtvWdWwm9xJZhVtQ

2 Console Messages

Source Level URL
Text
rendering warning URL: https://click.trlxcf02.com/click/yX3CWbghyB5c8Bznu2?affid=100481&c1=381223140&c3=1705
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0901D00C4350000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://click.trlxcf02.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)