urlscan.io logo urlscan.io
SecurityTrails logo

go.onemorelead.online Open in urlscan Pro
213.227.132.161  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://clickynvb.work/public/1960845522044522?10021354128843
Effective URL: http://go.onemorelead.online/disabled.html
Submission: On October 25 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 4 HTTP transactions. The main IP is 213.227.132.161, located in Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is go.onemorelead.online.
This is the only time go.onemorelead.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 190.115.24.146 262254 (DDOS-GUAR...)
2 185.137.235.84 49505 (SELECTEL)
1 190.115.19.162 262254 (DDOS-GUAR...)
1 1 186.2.162.41 262254 (DDOS-GUAR...)
1 2 213.227.132.161 60781 (LEASEWEB-...)
4 3
1    190.115.24.146 (Belize)

ASN262254 (DDOS-GUARD CORP., BZ)
PTR: ddos-guard.net
clickynvb.work
2    185.137.235.84 (Russian Federation)

ASN49505 (SELECTEL, RU)
PTR: s4.hostingru.net
winprizes.5k5.ru
1    190.115.19.162 (Belize)

ASN262254 (DDOS-GUARD CORP., BZ)
spaysdomains.com
1    186.2.162.41 (Russian Federation)

ASN262254 (DDOS-GUARD CORP., BZ)
PTR: ddos-guard.net
type2line.ru
2    213.227.132.161 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
go.onemorelead.online
Apex Domain
Subdomains		 Transfer
2 onemorelead.online
go.onemorelead.online
546 B
2 5k5.ru
winprizes.5k5.ru
2 KB
1 type2line.ru
type2line.ru
341 B
1 spaysdomains.com
spaysdomains.com
349 B
1 clickynvb.work
clickynvb.work
353 B
4 5
Domain Requested by
2 go.onemorelead.online 1 redirects winprizes.5k5.ru
2 winprizes.5k5.ru winprizes.5k5.ru
1 type2line.ru 1 redirects
1 spaysdomains.com winprizes.5k5.ru
1 clickynvb.work 1 redirects
4 5

This site contains no links.

Subject Issuer Validity Valid
spaysdomains.com
R3		 2021-10-24 -
2022-01-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://go.onemorelead.online/disabled.html
Frame ID: EAAA6C7578017B5A1622E13821E74506
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Disabled

Page URL History Show full URLs

  1. https://clickynvb.work/public/1960845522044522?10021354128843 HTTP 302
    http://winprizes.5k5.ru/ Page URL
  2. https://type2line.ru//g27d HTTP 302
    http://go.onemorelead.online/click?pid=699&offer_id=1046 HTTP 302
    http://go.onemorelead.online/disabled.html Page URL

Page Statistics

4
Requests

25 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

3 kB
Transfer

2 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://clickynvb.work/public/1960845522044522?10021354128843 HTTP 302
    http://winprizes.5k5.ru/ Page URL
  2. https://type2line.ru//g27d HTTP 302
    http://go.onemorelead.online/click?pid=699&offer_id=1046 HTTP 302
    http://go.onemorelead.online/disabled.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://clickynvb.work/public/1960845522044522?10021354128843 HTTP 302
  • http://winprizes.5k5.ru/

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
winprizes.5k5.ru/
Redirect Chain
  • https://clickynvb.work/public/1960845522044522?10021354128843
  • http://winprizes.5k5.ru/
191 B
357 B 		Document
General
Check archive.org
Download Go to
Full URL
http://winprizes.5k5.ru/
Protocol
HTTP/1.1
Server
185.137.235.84 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
s4.hostingru.net
Software
nginx/1.20.1 /
Resource Hash
8e9c524bfdd28217fa862b3d273a33ecbfd2646bb8b8d2b84d7e01b059042209

Request headers

Host
winprizes.5k5.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx/1.20.1
Date
Mon, 25 Oct 2021 12:47:21 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

server
ddos-guard
content-security-policy
upgrade-insecure-requests;
set-cookie
__ddg1=DaG6LfMZvo3otSZrKnBn; Domain=.clickynvb.work; HttpOnly; Path=/; Expires=Tue, 25-Oct-2022 12:47:21 GMT PHPSESSID=nui1l6rjih1ced35n76ehdusdg; path=/
date
Mon, 25 Oct 2021 12:47:21 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.2.34
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
location
http://winprizes.5k5.ru
content-encoding
br
vary
Accept-Encoding
tds.js
winprizes.5k5.ru/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://winprizes.5k5.ru/tds.js
Requested by
Host: winprizes.5k5.ru
URL: http://winprizes.5k5.ru/
Protocol
HTTP/1.1
Server
185.137.235.84 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
s4.hostingru.net
Software
nginx/1.20.1 /
Resource Hash
af9e3d87511cc7735164dac9f7d7be1f554b03d1135658f547abbb485a8a958f

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
winprizes.5k5.ru
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://winprizes.5k5.ru/
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://winprizes.5k5.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 25 Oct 2021 12:47:22 GMT
Last-Modified
Sat, 23 Oct 2021 17:41:51 GMT
Server
nginx/1.20.1
ETag
"6174495f-793"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1939
request_tds.php
spaysdomains.com/ 		42 B
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://spaysdomains.com/request_tds.php
Requested by
Host: winprizes.5k5.ru
URL: http://winprizes.5k5.ru/tds.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.19.162 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
Software
ddos-guard /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=15768000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://winprizes.5k5.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
server
ddos-guard
date
Mon, 25 Oct 2021 12:47:23 GMT
x-frame-options
ALLOWALL
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
strict-transport-security
max-age=15768000; includeSubdomains; preload
Primary Request disabled.html
go.onemorelead.online/
Redirect Chain
  • https://type2line.ru//g27d
  • http://go.onemorelead.online/click?pid=699&offer_id=1046
  • http://go.onemorelead.online/disabled.html
111 B
343 B 		Document
General
Check archive.org
Download Go to
Full URL
http://go.onemorelead.online/disabled.html
Requested by
Host: winprizes.5k5.ru
URL: http://winprizes.5k5.ru/tds.js
Protocol
HTTP/1.1
Server
213.227.132.161 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
b7413baf6c8d815f06ac626010aa7c4eff83b4f3ab3fa3cfd4c50cb533b5cf08

Request headers

Host
go.onemorelead.online
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://winprizes.5k5.ru/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://winprizes.5k5.ru/

Response headers

Server
nginx
Date
Mon, 25 Oct 2021 12:47:24 GMT
Content-Type
text/html
Last-Modified
Wed, 26 Dec 2018 17:36:05 GMT
Transfer-Encoding
chunked
Connection
keep-alive
ETag
W/"5c23bc05-6f"
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Mon, 25 Oct 2021 12:47:24 GMT
Content-Length
0
Connection
keep-alive
Location
http://go.onemorelead.online/disabled.html
Access-Control-Allow-Origin
*

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster

3 Cookies

Domain/Path Name / Value
.clickynvb.work/ Name: __ddg1
Value: DaG6LfMZvo3otSZrKnBn
clickynvb.work/ Name: PHPSESSID
Value: nui1l6rjih1ced35n76ehdusdg
.type2line.ru/ Name: __ddg1
Value: HDSrzTbcC6XBdjjKqgww