dl-bk.ayodl.pw Open in urlscan Pro
2400:cb00:2048:1::681b:a348 Public Scan

URL:
http://dl-bk.ayodl.pw/
Submission: On June 25 via manual (June 25th 2017, 7:42:36 pm UTC) from SG

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 10 domains to perform 20 HTTP transactions. The main IP is 2400:cb00:2048:1::681b:a348, located in United States and belongs to CLOUDFLARENET - CloudFlare, Inc., US. The main domain is dl-bk.ayodl.pw.

This is the only time dl-bk.ayodl.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2400:cb00:204... 2400:cb00:2048:1::681b:a348	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
2	2a00:1450:400... 2a00:1450:4001:824::2001	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	185.66.201.34 185.66.201.34	201702 (SKHOSTING-EU) (SKHOSTING-EU)
1	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	176.34.240.173 176.34.240.173	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.29.208.110 52.29.208.110	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	52.29.210.16 52.29.210.16	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:401... 2a00:1450:401b:801::2004	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
20	11

2 2400:cb00:2048:1::681b:a348 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

dl-bk.ayodl.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2001 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

4.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.66.201.34 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: at-public.skhosting.eu

mulne.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9b (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 176.34.240.173 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-176-34-240-173.eu-west-1.compute.amazonaws.com

track.brucelead.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.208.110 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-208-110.eu-central-1.compute.amazonaws.com

rooxflwtrafms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.29.210.16 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-210-16.eu-central-1.compute.amazonaws.com

landerforoffers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:401b:801::2004 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	landerforoffers.com landerforoffers.com Failed	55 KB
2	rooxflwtrafms.com rooxflwtrafms.com Failed	6 KB
2	blogspot.com 4.bp.blogspot.com	48 KB
2	ayodl.pw dl-bk.ayodl.pw	4 KB
1	gstatic.com www.gstatic.com	72 KB
1	google.com www.google.com	447 B
1	doubleclick.net stats.g.doubleclick.net	44 B
1	brucelead.com track.brucelead.com Failed	374 B
1	google-analytics.com www.google-analytics.com	12 KB
1	mulne.com mulne.com Failed	504 B
20	10

	Domain	Requested by
3	landerforoffers.com	landerforoffers.com
2	rooxflwtrafms.com	track.brucelead.com rooxflwtrafms.com
2	4.bp.blogspot.com	dl-bk.ayodl.pw
2	dl-bk.ayodl.pw	dl-bk.ayodl.pw
1	www.gstatic.com	www.google.com
1	www.google.com	landerforoffers.com www.gstatic.com
1	stats.g.doubleclick.net
1	track.brucelead.com	mulne.com
1	www.google-analytics.com	mulne.com
1	mulne.com
20	10

This site contains no links.

Subject Issuer	Validity	Valid
*.googleusercontent.com Google Internet Authority G2	`2017-06-14` - `2017-09-06`	3 months	crt.sh
mulne.com COMODO RSA Domain Validation Secure Server CA	`2017-05-29` - `2018-05-29`	a year	crt.sh
*.google-analytics.com Google Internet Authority G2	`2017-06-14` - `2017-09-06`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G2	`2017-06-14` - `2017-09-06`	3 months	crt.sh
smartlinkcampaign.com COMODO RSA Domain Validation Secure Server CA	`2017-02-27` - `2018-02-14`	a year	crt.sh
landerdelivery.com COMODO RSA Domain Validation Secure Server CA	`2017-05-10` - `2018-02-14`	9 months	crt.sh
www.google.com Google Internet Authority G2	`2017-06-14` - `2017-09-06`	3 months	crt.sh
*.google.com Google Internet Authority G2	`2017-06-14` - `2017-09-06`	3 months	crt.sh

This page contains 6 frames:

Frame: https://mulne.com/70715d1a00/affilist-42b0d/?placementName=ROTATOR&type=a&cv=XAdCjGdddjjpZCdikZZpCpCrpjNZArNpANrGxCrCjdCCrixCAkCrCrG&adApiR=loaded_string_3309357ae24c3753cd3bd3fdb0f14e4691ad583138_1498419749.6265_5272&refferer=2605963143_aHR0cDovL2RsLWJrLmF5b2RsLnB3Lw==
Frame ID: 26018.1
Requests: 5 HTTP requests in this frame

Frame: http://track.brucelead.com/ck.php?line_item_id=4365&hash=___1498419749___fc1696d085261_0_606&site=15266160
Frame ID: 26042.1
Requests: 4 HTTP requests in this frame

Frame: https://rooxflwtrafms.com/c/30dfdb67-981d-11e5-b565-02f6361de079?pubid=192472&pubid2=15266160&CLICK_ID=20170625_161b2848-56f5-4f56-907f-4e41ceb28021
Frame ID: 26079.1
Requests: 2 HTTP requests in this frame

Frame: https://landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/
Frame ID: 26098.1
Requests: 3 HTTP requests in this frame

Frame: https://landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/
Frame ID: 26119.1
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api/fallback?k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&hl=en&v=r20170613131236&t=0&ff=true
Frame ID: 26119.2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

20
Requests

60 %
HTTPS

60 %
IPv6

10
Domains

10
Subdomains

11
IPs

4
Countries

198 kB
Transfer

384 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request 3

https://ylx-4.com/fullpage.php?section=General&pub=287398&ga=a
https://mulne.com/70715d1a00/affilist-42b0d/?placementName=ROTATOR&type=a&cv=XAdCjGdddjjpZCdikZZpCpCrpjNZArNpANrGxCrCjdCCrixCAkCrCrG&adApiR=loaded_string_3309357ae24c3753cd3bd3fdb0f14e4691ad583138_...

Request 7

https://www.google-analytics.com/r/collect?v=1&_v=j56&a=35279904&t=pageview&_s=1&dl=https%3A%2F%2Fmulne.com%2F70715d1a00%2Faffilist-42b0d%2F%3FplacementName%3DROTATOR%26type%3Da%26cv%3DXAdCjGdddjjp...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-68398243-1&cid=1534548622.1498419750&jid=846397255&_gid=1989287087.1498419750&gjid=1241805489&_v=j56&z=885353408

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
dl-bk.ayodl.pw/ 3 KB
1 KB 21ms
15ms Document
text/html 2400:cb00:2048:1::681b:a348
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL

http://dl-bk.ayodl.pw/

Protocol

HTTP/1.1

Server

2400:cb00:2048:1::681b:a348 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

d8fd37a7cb41efdb9b5ac006e501c4abf5501306b920f2dbe8ef1991b3467daa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Sun, 25 Jun 2017 19:42:26 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
X-Supported-By: Kloxo-MR 7.0
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1;mode=block
Last-Modified: Sun, 29 Jan 2017 08:48:58 GMT
Server: cloudflare-nginx
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/html
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=18000
CF-RAY: 374a68f6761d641b-FRA
Expires: Mon, 26 Jun 2017 00:42:26 GMT

GET
S 200 imut.jpg
4.bp.blogspot.com/-DmqdexoN4Ek/WFQmgYec90I/AAAAAAAAAek/cj4iu-wKc1Y0m4ryE4x98F9aPdEPi8CgwCLcB/s1600/ 36 KB
36 KB 31ms
7ms Image
image/jpeg 2a00:1450:4001:824::2001
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://4.bp.blogspot.com/-DmqdexoN4Ek/WFQmgYec90I/AAAAAAAAAek/cj4iu-wKc1Y0m4ryE4x98F9aPdEPi8CgwCLcB/s1600/imut.jpg

Requested by

Host: dl-bk.ayodl.pw
URL: http://dl-bk.ayodl.pw/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:824::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

fife /

Resource Hash

33409148fdf869c974fcf303a9ba347824569637cfbb976e0291415cbf9500aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dl-bk.ayodl.pw/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

date: Sun, 25 Jun 2017 19:42:25 GMT
x-content-type-options: nosniff
age: 1
status: 200
content-disposition: inline;filename="imut.jpg"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 36880
x-xss-protection: 1; mode=block
server: fife
etag: "v1eb"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
expires: Sun, 25 Jun 2017 06:21:49 GMT

GET
S 200 _NYANYAH.COM_111.jpg
4.bp.blogspot.com/-H1BE1DdChVs/VyKQuCmjxMI/AAAAAAAAAjk/oFB4bKVnAXII7owlWC-ZPzv_y07yueQ9wCLcB/s1600/ 12 KB
12 KB 30ms
6ms Image
image/jpeg 2a00:1450:4001:824::2001
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://4.bp.blogspot.com/-H1BE1DdChVs/VyKQuCmjxMI/AAAAAAAAAjk/oFB4bKVnAXII7owlWC-ZPzv_y07yueQ9wCLcB/s1600/_NYANYAH.COM_111.jpg

Requested by

Host: dl-bk.ayodl.pw
URL: http://dl-bk.ayodl.pw/

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:824::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

fife /

Resource Hash

46807757beae9e76d23034ac581edbe9ed2eed72412d7a060c50fd2aeb28c549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dl-bk.ayodl.pw/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

date: Sun, 25 Jun 2017 19:42:25 GMT
x-content-type-options: nosniff
age: 1
status: 200
content-disposition: inline;filename="_NYANYAH.COM_111.jpg"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 12291
x-xss-protection: 1; mode=block
server: fife
etag: "v249"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
expires: Mon, 26 Jun 2017 19:42:25 GMT

GET
H/1.1 200
OK abstract.jpg
dl-bk.ayodl.pw/images/ 3 KB
3 KB 7ms
7ms Image
image/jpeg 2400:cb00:2048:1::681b:a348
CloudFlare

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://dl-bk.ayodl.pw/images/abstract.jpg

Requested by

Host: dl-bk.ayodl.pw
URL: http://dl-bk.ayodl.pw/

Protocol

HTTP/1.1

Server

2400:cb00:2048:1::681b:a348 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

a25c4f9c6819fc5ec4d46de974a78bc6aacc6972d533d1c2ccd3a1b5fea4e529

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: http://dl-bk.ayodl.pw/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Sun, 25 Jun 2017 19:42:26 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
X-Supported-By: Kloxo-MR 7.0
Connection: keep-alive
Content-Length: 2964
X-XSS-Protection: 1;mode=block
Last-Modified: Mon, 11 Feb 2013 20:25:48 GMT
Server: cloudflare-nginx
X-Frame-Options: SAMEORIGIN
ETag: "511953cc-b94"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=604800
Accept-Ranges: bytes
CF-RAY: 374a68f69630641b-FRA
Expires: Sun, 02 Jul 2017 19:42:26 GMT

GET

/
mulne.com/70715d1a00/affilist-42b0d/
Redirect Chain

https://ylx-4.com/fullpage.php?section=General&pub=287398&ga=a
https://mulne.com/70715d1a00/affilist-42b0d/?placementName=ROTATOR&type=a&cv=XAdCjGdddjjpZCdikZZpCpCrpjNZArNpANrGxCrCjdCCrixCAkCrCrG&adApiR=loaded_string_3309357ae24c3753cd3bd3fdb0f14e4691ad583138_...

0
0

GET
H/1.1 200
OK / Show response
mulne.com/70715d1a00/affilist-42b0d/ Frame 2604 847 B
504 B 134ms
38ms Document
text/html 185.66.201.34
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://mulne.com/70715d1a00/affilist-42b0d/?placementName=ROTATOR&type=a&cv=XAdCjGdddjjpZCdikZZpCpCrpjNZArNpANrGxCrCjdCCrixCAkCrCrG&adApiR=loaded_string_3309357ae24c3753cd3bd3fdb0f14e4691ad583138_1498419749.6265_5272&refferer=2605963143_aHR0cDovL2RsLWJrLmF5b2RsLnB3Lw==
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.66.201.34 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: at-public.skhosting.eu
Software: nginx /
Resource Hash: 01f2baa6e734c30c36f07eb595cfcf3d8e14085881b9b138b447744e9ae8c2bc

Request headers

Upgrade-Insecure-Requests: 1
Referer: http://dl-bk.ayodl.pw/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 25 Jun 2017 19:42:29 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
X-Robots-Tag: noindex,nofollow
Expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ Frame 2604 29 KB
12 KB 28ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: mulne.com
URL: https://mulne.com/70715d1a00/affilist-42b0d/?placementName=ROTATOR&type=a&cv=XAdCjGdddjjpZCdikZZpCpCrpjNZArNpANrGxCrCjdCCrixCAkCrCrG&adApiR=loaded_string_3309357ae24c3753cd3bd3fdb0f14e4691ad583138_1498419749.6265_5272&refferer=2605963143_aHR0cDovL2RsLWJrLmF5b2RsLnB3Lw==

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:824::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

765010cbfccaf06cb5b9166023a22b655a10b37075c91e276a5550c5ecd855ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mulne.com/70715d1a00/affilist-42b0d/?placementName=ROTATOR&type=a&cv=XAdCjGdddjjpZCdikZZpCpCrpjNZArNpANrGxCrCjdCCrixCAkCrCrG&adApiR=loaded_string_3309357ae24c3753cd3bd3fdb0f14e4691ad583138_1498419749.6265_5272&refferer=2605963143_aHR0cDovL2RsLWJrLmF5b2RsLnB3Lw==
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Jun 2017 00:25:39 GMT
server: Golfe2
age: 1643
date: Sun, 25 Jun 2017 19:15:06 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 12343
expires: Sun, 25 Jun 2017 21:15:06 GMT

GET ck.php
track.brucelead.com/ Frame 2604 0
0

GET
S

200

collect
stats.g.doubleclick.net/r/ Frame 2604
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j56&a=35279904&t=pageview&_s=1&dl=https%3A%2F%2Fmulne.com%2F70715d1a00%2Faffilist-42b0d%2F%3FplacementName%3DROTATOR%26type%3Da%26cv%3DXAdCjGdddjjp...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-68398243-1&cid=1534548622.1498419750&jid=846397255&_gid=1989287087.1498419750&gjid=1241805489&_v=j56&z=885353408

35 B
44 B

47ms
15ms

Image
image/gif

2a00:1450:400c:c06::9b
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-68398243-1&cid=1534548622.1498419750&jid=846397255&_gid=1989287087.1498419750&gjid=1241805489&_v=j56&z=885353408

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:400c:c06::9b , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mulne.com/70715d1a00/affilist-42b0d/?placementName=ROTATOR&type=a&cv=XAdCjGdddjjpZCdikZZpCpCrpjNZArNpANrGxCrCjdCCrixCAkCrCrG&adApiR=loaded_string_3309357ae24c3753cd3bd3fdb0f14e4691ad583138_1498419749.6265_5272&refferer=2605963143_aHR0cDovL2RsLWJrLmF5b2RsLnB3Lw==
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 25 Jun 2017 19:42:29 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 25 Jun 2017 19:42:29 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-68398243-1&cid=1534548622.1498419750&jid=846397255&_gid=1989287087.1498419750&gjid=1241805489&_v=j56&z=885353408
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 418
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ck.php Show response
track.brucelead.com/ Frame 2607 1 KB
374 B 177ms
130ms Document
text/html 176.34.240.173
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://track.brucelead.com/ck.php?line_item_id=4365&hash=___1498419749___fc1696d085261_0_606&site=15266160
Protocol: HTTP/1.1
Server: 176.34.240.173 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-176-34-240-173.eu-west-1.compute.amazonaws.com
Software: nginx/1.6.2 /
Resource Hash: 60fea37ef8cf4ee67df076ad772703ebf89dfd756b5ca628e61f8caa01d6539f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 25 Jun 2017 19:42:30 GMT
Content-Encoding: gzip
Server: nginx/1.6.2
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, max-age=0, no-cache
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 374
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET 30dfdb67-981d-11e5-b565-02f6361de079
rooxflwtrafms.com/c/ Frame 2607 0
0

GET
H/1.1 200
OK 30dfdb67-981d-11e5-b565-02f6361de079 Show response
rooxflwtrafms.com/c/ Frame 2609 14 KB
6 KB 57ms
11ms Document
text/html 52.29.208.110
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rooxflwtrafms.com/c/30dfdb67-981d-11e5-b565-02f6361de079?pubid=192472&pubid2=15266160&CLICK_ID=20170625_161b2848-56f5-4f56-907f-4e41ceb28021
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.29.208.110 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-208-110.eu-central-1.compute.amazonaws.com
Software: nginx/1.12.0 /
Resource Hash: bf2fda4c7c0a8dfa82b231193631b59ea9387a961f6c8728b7c45141736425b8

Request headers

Upgrade-Insecure-Requests: 1
Referer: http://track.brucelead.com/ck.php?line_item_id=4365&hash=___1498419749___fc1696d085261_0_606&site=15266160
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Sun, 25 Jun 2017 19:42:30 GMT
Content-Encoding: gzip
X-Client-Addr: 148.251.45.170
Server: nginx/1.12.0
Vary: Accept-Encoding, Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK / Show response
rooxflwtrafms.com/v/6ccac9ec-59de-11e7-a727-0142227bbd2a/c/30dfdb67-981d-11e5-b565-02f6361de079/ Frame 2609 0
0 26ms
26ms Document
text/html 52.29.208.110
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rooxflwtrafms.com/v/6ccac9ec-59de-11e7-a727-0142227bbd2a/c/30dfdb67-981d-11e5-b565-02f6361de079/?pubid=192472&pubid2=15266160&CLICK_ID=20170625_161b2848-56f5-4f56-907f-4e41ceb28021&_i=1&_s=6ccab25e-59de-11e7-9e4c-0142227bbd24&_r=track.brucelead.com&_n=&_d=6|0|0|0|1|1|||1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|65|1|1|o:3,min:7,gl:0,font:21,t:65|u|lum0y,6nq96o,0|en-US|Linux%20x86_64|d41d8cd98f00b204e9800998ecf8427e|20030107|5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20HeadlessChrome/59.0.3071.109%20Safari/537.36|0|8|148.251.45.170|u|0|u|u|u|u
Requested by: Host: rooxflwtrafms.com
URL: https://rooxflwtrafms.com/c/30dfdb67-981d-11e5-b565-02f6361de079?pubid=192472&pubid2=15266160&CLICK_ID=20170625_161b2848-56f5-4f56-907f-4e41ceb28021
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.29.208.110 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-208-110.eu-central-1.compute.amazonaws.com
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Sun, 25 Jun 2017 19:42:30 GMT
Content-Encoding: gzip
X-Client-Addr: 148.251.45.170
Server: nginx/1.12.0
Vary: Accept-Encoding, Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: no-cache
Refresh: 0;url=https://landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/
Connection: keep-alive
Transfer-Encoding: chunked

GET /
landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/ Frame 2609 0
0

GET
H/1.1 200
OK / Show response
landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/ Frame 2611 3 KB
1 KB 35ms
11ms Document
text/html 52.29.210.16
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.29.210.16 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-210-16.eu-central-1.compute.amazonaws.com
Software: nginx/1.12.0 /
Resource Hash: a295a0b5492c47640526214ee6ba0c450048977d7ef37699e7866a77ed06d46e

Request headers

Upgrade-Insecure-Requests: 1
Referer: https://rooxflwtrafms.com/v/6ccac9ec-59de-11e7-a727-0142227bbd2a/c/30dfdb67-981d-11e5-b565-02f6361de079/?pubid=192472&pubid2=15266160&CLICK_ID=20170625_161b2848-56f5-4f56-907f-4e41ceb28021&_i=1&_s=6ccab25e-59de-11e7-9e4c-0142227bbd24&_r=track.brucelead.com&_n=&_d=6|0|0|0|1|1|||1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|65|1|1|o:3,min:7,gl:0,font:21,t:65|u|lum0y,6nq96o,0|en-US|Linux%20x86_64|d41d8cd98f00b204e9800998ecf8427e|20030107|5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20HeadlessChrome/59.0.3071.109%20Safari/537.36|0|8|148.251.45.170|u|0|u|u|u|u
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Sun, 25 Jun 2017 19:42:30 GMT
Content-Encoding: gzip
X-Client-Addr: 148.251.45.170
Server: nginx/1.12.0
Vary: Accept-Encoding, Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK index.css
landerforoffers.com/static/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/ Frame 2611 3 KB
3 KB 7ms
7ms Stylesheet
text/css 52.29.210.16
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://landerforoffers.com/static/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/index.css
Requested by: Host: landerforoffers.com
URL: https://landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.29.210.16 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-210-16.eu-central-1.compute.amazonaws.com
Software: nginx/1.12.0 /
Resource Hash: 12ef32ce1980a396abcf82a7009904319aa65bcfd8c5a6a8ccfc2a1ba006217d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Sun, 25 Jun 2017 19:42:30 GMT
Last-Modified: Sun, 25 Jun 2017 19:42:09 GMT
Server: nginx/1.12.0
ETag: "59501211-a7e"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2686

GET
H/1.1 200
OK imag.png
landerforoffers.com/static/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/ Frame 2611 51 KB
51 KB 14ms
7ms Image
image/png 52.29.210.16
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://landerforoffers.com/static/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/imag.png
Requested by: Host: landerforoffers.com
URL: https://landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.29.210.16 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-210-16.eu-central-1.compute.amazonaws.com
Software: nginx/1.12.0 /
Resource Hash: 8e581a9129ab6518041f397fad92486d6081ef59daa276efdbef783d3f16ac2b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Sun, 25 Jun 2017 19:42:30 GMT
Last-Modified: Sun, 25 Jun 2017 19:42:11 GMT
Server: nginx/1.12.0
ETag: "59501213-caf3"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 51955

GET
S 200 api.js Show response
www.google.com/recaptcha/ Frame 2611 905 B
447 B 111ms
47ms Script
text/javascript 2a00:1450:401b:801::2004
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit

Requested by

Host: landerforoffers.com
URL: https://landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:401b:801::2004 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

GSE /

Resource Hash

48c135141e8f63fdf8496a5b4222f373900c76cb6a0bbab40eed942980f7b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

date: Sun, 25 Jun 2017 19:42:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 438
x-xss-protection: 1; mode=block
expires: Sun, 25 Jun 2017 19:42:30 GMT

GET
S 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/api2/r20170613131236/ Frame 2611 227 KB
72 KB 27ms
5ms Script
text/javascript 2a00:1450:4001:824::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/api2/r20170613131236/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

5db0819891cb142796657a42fbed005a48331866dfe9d777589273fa6bd21865

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

date: Thu, 22 Jun 2017 16:36:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jun 2017 20:45:00 GMT
server: sffe
age: 270339
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 73326
x-xss-protection: 1; mode=block
expires: Fri, 22 Jun 2018 16:36:51 GMT

GET fallback
www.google.com/recaptcha/api/ Frame 2611 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mulne.com
URL: https://mulne.com/70715d1a00/affilist-42b0d/?placementName=ROTATOR&type=a&cv=XAdCjGdddjjpZCdikZZpCpCrpjNZArNpANrGxCrCjdCCrixCAkCrCrG&adApiR=loaded_string_3309357ae24c3753cd3bd3fdb0f14e4691ad583138_1498419749.6265_5272&refferer=2605963143_aHR0cDovL2RsLWJrLmF5b2RsLnB3Lw==

Domain: track.brucelead.com
URL: http://track.brucelead.com/ck.php?line_item_id=4365&hash=___1498419749___fc1696d085261_0_606&site=15266160

Domain: rooxflwtrafms.com
URL: https://rooxflwtrafms.com/c/30dfdb67-981d-11e5-b565-02f6361de079?pubid=192472&pubid2=15266160&CLICK_ID=20170625_161b2848-56f5-4f56-907f-4e41ceb28021

Domain: landerforoffers.com
URL: https://landerforoffers.com/l/e9c29fcc-2f0f-11e6-9af1-02401b02a2b5/v/6cd87f7e-59de-11e7-850a-1142235de96d/

Domain: www.google.com
URL: https://www.google.com/recaptcha/api/fallback?k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&hl=en&v=r20170613131236&t=0&ff=true

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4.bp.blogspot.com
dl-bk.ayodl.pw
landerforoffers.com
mulne.com
rooxflwtrafms.com
stats.g.doubleclick.net
track.brucelead.com
www.google-analytics.com
www.google.com
www.gstatic.com
landerforoffers.com
mulne.com
rooxflwtrafms.com
track.brucelead.com
www.google.com
176.34.240.173
185.66.201.34
2400:cb00:2048:1::681b:a348
2a00:1450:4001:824::2001
2a00:1450:4001:824::2003
2a00:1450:4001:824::200e
2a00:1450:400c:c06::9b
2a00:1450:401b:801::2004
52.29.208.110
52.29.210.16
01f2baa6e734c30c36f07eb595cfcf3d8e14085881b9b138b447744e9ae8c2bc
12ef32ce1980a396abcf82a7009904319aa65bcfd8c5a6a8ccfc2a1ba006217d
33409148fdf869c974fcf303a9ba347824569637cfbb976e0291415cbf9500aa
46807757beae9e76d23034ac581edbe9ed2eed72412d7a060c50fd2aeb28c549
48c135141e8f63fdf8496a5b4222f373900c76cb6a0bbab40eed942980f7b91a
5db0819891cb142796657a42fbed005a48331866dfe9d777589273fa6bd21865
60fea37ef8cf4ee67df076ad772703ebf89dfd756b5ca628e61f8caa01d6539f
765010cbfccaf06cb5b9166023a22b655a10b37075c91e276a5550c5ecd855ba
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8e581a9129ab6518041f397fad92486d6081ef59daa276efdbef783d3f16ac2b
a25c4f9c6819fc5ec4d46de974a78bc6aacc6972d533d1c2ccd3a1b5fea4e529
a295a0b5492c47640526214ee6ba0c450048977d7ef37699e7866a77ed06d46e
bf2fda4c7c0a8dfa82b231193631b59ea9387a961f6c8728b7c45141736425b8
d8fd37a7cb41efdb9b5ac006e501c4abf5501306b920f2dbe8ef1991b3467daa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

dl-bk.ayodl.pw Open in urlscan Pro 2400:cb00:2048:1::681b:a348 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

20 Requests

60 %HTTPS

60 %IPv6

10 Domains

10 Subdomains

11 IPs

4 Countries

198 kBTransfer

384 kBSize

0 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

dl-bk.ayodl.pw Open in urlscan Pro
2400:cb00:2048:1::681b:a348 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

60 %
HTTPS

60 %
IPv6

10
Domains

10
Subdomains

11
IPs

4
Countries

198 kB
Transfer

384 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions