www.performanceonclick.com Open in urlscan Pro
35.227.196.138 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://coolluck.info/pmsdr1?x=Install+virtual+machine+network+driver+for+microsoft+device+emulator
Effective URL:
http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=boQYQSIgZAUNBF-GZKGpZ8o1Bj2a1EJEI3u3prV3WPHTpDZqVp3c7XsT9h4T...
Submission: On March 17 via manual (March 17th 2021, 9:00:45 am UTC) from JP

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 9 domains to perform 7 HTTP transactions. The main IP is 35.227.196.138, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is www.performanceonclick.com.

This is the only time www.performanceonclick.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.208.81.246 3.208.81.246	14618 (AMAZON-AES) (AMAZON-AES)
1	188.72.236.136 188.72.236.136	35415 (WEBZILLA) (WEBZILLA)
1 3	34.231.89.205 34.231.89.205	14618 (AMAZON-AES) (AMAZON-AES)
2	172.67.26.25 172.67.26.25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	35.227.196.138 35.227.196.138	15169 (GOOGLE) (GOOGLE)
1 1	34.225.190.7 34.225.190.7	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.153.20.85 35.153.20.85	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:218... 2600:9000:2182:9000:14:fd68:d40:21	16509 (AMAZON-02) (AMAZON-02)
7	6

1 3.208.81.246 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-81-246.compute-1.amazonaws.com

coolluck.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.72.236.136 (Netherlands)

ASN35415 (WEBZILLA, NL)
PTR: 1f2-12-d2456-136.webazilla.com

amat-file.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.231.89.205 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-89-205.compute-1.amazonaws.com

pushwelcome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
news-easy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.26.25 (United States)

ASN13335 (CLOUDFLARENET, US)

feed.r-tb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.r-tb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.196.138 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 138.196.227.35.bc.googleusercontent.com

www.performanceonclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.225.190.7 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-190-7.compute-1.amazonaws.com

pu.vuer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.153.20.85 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-153-20-85.compute-1.amazonaws.com

operateprogressive-theheavilyfile.best	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:9000:14:fd68:d40:21 (United States)

ASN16509 (AMAZON-02, US)

d2hx7lcr8j9n3p.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	performanceonclick.com 2 redirects www.performanceonclick.com	6 KB
2	r-tb.com feed.r-tb.com t.r-tb.com	712 B
2	pushwelcome.com pushwelcome.com	32 KB
1	cloudfront.net d2hx7lcr8j9n3p.cloudfront.net
1	operateprogressive-theheavilyfile.best 1 redirects operateprogressive-theheavilyfile.best	283 B
1	vuer.net 1 redirects pu.vuer.net	325 B
1	news-easy.com 1 redirects news-easy.com	853 B
1	amat-file.com amat-file.com	7 KB
1	coolluck.info 1 redirects coolluck.info	436 B
7	9

	Domain	Requested by
3	www.performanceonclick.com	2 redirects pushwelcome.com
2	pushwelcome.com	amat-file.com pushwelcome.com
1	d2hx7lcr8j9n3p.cloudfront.net	www.performanceonclick.com
1	operateprogressive-theheavilyfile.best	1 redirects
1	pu.vuer.net	1 redirects
1	t.r-tb.com	pushwelcome.com
1	news-easy.com	1 redirects
1	feed.r-tb.com	pushwelcome.com
1	amat-file.com
1	coolluck.info	1 redirects
7	10

This site contains no links.

Subject Issuer	Validity	Valid
amat-file.com R3	`2021-03-04` - `2021-06-02`	3 months	crt.sh
pushwelcome.com R3	`2021-02-27` - `2021-05-28`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-08` - `2021-07-08`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh

This page contains 1 frames:

Frame: https://d2hx7lcr8j9n3p.cloudfront.net/apps/player_app.exe
Frame ID: 598E74882FFE877C476099F8883F665F
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://coolluck.info/pmsdr1?x=Install+virtual+machine+network+driver+for+microsoft+device+emulator HTTP 302
https://amat-file.com/bKr20924d51f9eb7d0c9bf56bd3a277892013db4d4bb9?q=Install%20virtual%20machine%... Page URL
https://pushwelcome.com/vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g?utm_campaign=NTY4ZwSkMwRD2uWtdA0... Page URL
https://news-easy.com/YgYyj9njvdqH8lL1n5Qp_k-q2m2Gs6Gl0KNYbqrISl4?clck=wj2Z4LlBZiLSYJvIDBvMRi75Umd... HTTP 302
http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=boQYQSIgZAUNBF-GZKGpZ8o1Bj2a1EJEI3u3prV3... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

7
Requests

86 %
HTTPS

13 %
IPv6

9
Domains

10
Subdomains

6
IPs

2
Countries

44 kB
Transfer

57 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://coolluck.info/pmsdr1?x=Install+virtual+machine+network+driver+for+microsoft+device+emulator HTTP 302
https://amat-file.com/bKr20924d51f9eb7d0c9bf56bd3a277892013db4d4bb9?q=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s1=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s2=b20 Page URL
https://pushwelcome.com/vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g?utm_campaign=NTY4ZwSkMwRD2uWtdA0xO3xgMjE0Np19&sid=262516&qs1=Install+virtual+machine+network+driver+for+microsoft+device+emulator&cid=ABfFUWB0AQQA2z4CAEZSFwASANUgDsUA Page URL
https://news-easy.com/YgYyj9njvdqH8lL1n5Qp_k-q2m2Gs6Gl0KNYbqrISl4?clck=wj2Z4LlBZiLSYJvIDBvMRi75UmdMZMo7OXxGsEDfF0UKdinFytzi3RgEOypj6V08LMCXPmyScLiuMCaSyM57IWuZmINOe7FxppsT5o30wcS8bQcKVeFvogAgrdEn5CB5SxZIR2OoC5PrRUdagCIQ_LGuE2QGfjo2jCQ1OywIUWiZ_3cSWfK54sukBpZBvXVJnrckOcZaZs1mPXUZSfoEfA&sid=dnetc_wp_2610_FR-0.09-262516 HTTP 302
http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=boQYQSIgZAUNBF-GZKGpZ8o1Bj2a1EJEI3u3prV3WPHTpDZqVp3c7XsT9h4TFmyd6X8ikQ-FXBM8u4dC-fg-TLU6vxPLycNIfRshXU9_M54EH5kjVwAoKPkzv8N6phIn6ZhUFJF6z1HJ-4agsXV09gpgLiPR4uifGYE-UpQBy5Ha9OPn6CWna6plkk5NIdN9g798PB72BmAevUCnO0G9JPVCQt85YWP3mMDFK009Ti4NThsksOYUlH2XkUVCfWHhFBamKGyqEPrD1b8nvI8ue6l9edQ8jykyl1fKhxuQw0xj6V_rWh79r74c0o9ReHCer5lhykyCtlLAzoOalTGYkpD_Zw76CCwIc_lqBXr3HFMF0KQvw11ft04w9lZRevWFkK3izOkikNM5fqLmtzT1DU68MRctEzEzJUzRclTSjOrERom1m20BAxoeaWDiQ4rEOZ4f_oB6cMVsIg0L2C3Zc_zn4n0BXeO4uGqeltpopr8&sub1=dnetc_wp_2610_FR-0.09-262516 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://coolluck.info/pmsdr1?x=Install+virtual+machine+network+driver+for+microsoft+device+emulator HTTP 302
https://amat-file.com/bKr20924d51f9eb7d0c9bf56bd3a277892013db4d4bb9?q=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s1=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s2=b20

Request Chain 6

http://www.performanceonclick.com/jump/next.php?stamat=m%7C%2C%2CQ3Z_9jO-oGU3BJ-GH0dEdHP3xP.b61%2CHiBXuBvbMzdgZ12-NKLn08ywfUDDBwMEHStwTbV9Ja1upkvUpA7096oSKPl0xKOTDK0Z4eVvMmvoax6eurYpevotDArquiD0mPPQ-FoAL8XljmJjz6SzVC7PgdT2GrQbYlfkRQzN_fy0j0Z4pvQJ7IsqOp6HThdOXrAYAhXqBRbMSt8VzmblB3jHyMZebdr8_rIdJqoMz9OIzWrxePpNkVJLBzp4DXux133ShO5nKDn7-Z_7VgFxKeZCpOCh-hDmGm9Bl9qhj8yx0WQmvKQzrnBXhA0Rptxq-_wZxwF1Kus1UXHLtE-NVyhxwyFc9dfjmGgTyAxdP-nilhElOam3iDUYzeWLi7gePYJ_ary9WnXzTk9Jv8uNc8N_R2cPhh4iJRh5iVKPs04Z_EANWMehnR5lL_aCsV186B26TnONZeZmawhyDHb85Sb9Gi4YA-chrbPNdMw-hYq086WSeJ1sLyB8KVGHPNekeCjUaYaNUsv2EPX-3gHKCsCwL4E39WUSiUSlNfSB8v5wYPxzcJzqkEGNFuuRQxmrJeQtYx3dpf8kIsbEL4yT2P2Ket3-vv3W0SQi4s0IG8c9MkFyIeGmVcxVB2Kwl0taLMFyBTcnyMbFyw3E63H9NblDupJ1X9xUHiNnY95VjhHiWcz7zsz6pg%2C%2C&cbrandom=0.31638954198843994&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
http://www.performanceonclick.com/script/i.php?stamat=m%7C%2C%2CA2P6djd3tGU3Bk4GH0dEdHP3xP.579%2CPFdfcNHlDMPgSE2Hze6sRr6UDCeORdQnDpkdvnM9Sizi_rR6IeD7r4YLQreB1rta0mbAzDBhOAedRWOOEHEJn6tjd-YeUiDk8PDvNfcxrU_hmPrhDBxg3koqHKllBxY5QzYj6c5MiAxM-cniNkv765ENdfuXQ2eDX1zWwSLwBZp5xyNkAnhnLPCEIUNk09kDcCPqR94x3yJ0qZySKq2RaH46bxPI8yOPjisPMfmMQF9sHontsdM6tDEMZ_PMsrZU4-yBkYFJQ0mlXTXGRzg_44xmFifq6FXFenhd2SioPtrlqTITbrueDVYxsh_KvtxCFlv3WhSg_YNiUr0hAJEdAPpCNm3skpF3fLUPtGhHkbZDK8qzWefr6IHcRBgAKFcoCbIzkLDbR-DfqJi12jLEYREbGcb-8fy0X9AaDV_Q0gEj1i-VIQlFV_uwOMwgFKkaUgGHwyaFZofAywIBlY8t2uRIZWUgQLgnRTz94ss-1LMarlbrbUj5QG1Du-YH9q_ZK7a6ZDgvoNk5_dQrjpVDoQNgWeM_FnQLeTB5Odhc4fXLCUJWkA6DyFLurC-R763O5vvfufwBN9JRn6R25Tg82EKpkeXNV5fTWJ-nTIER7PtZPZCHHGXJiL6GAtRAFBBQZtA_eUvMpF2Sqr-n9I_ErZHCksNf5HJc5lA5V24JiVEViz7AW4BkE8YvH2qiE7aPiokkXp2-fs8gEmA2xCeMPlNyjHehSUdcDcQc5iT8SdDZEsPMCLMMRMh1UI2k5Uw45CwxJRTque4Q217AiVASLt6mKgVXRuAIgHxoozq6vgtXKhux17fLbGY1Wz3XkwlSeDbIYZFye05OoIFLvyjJcibRG_OlXXSbmPm-edcIK8c0TmI7GCZRI12391SxY5CW_ZBwQSTkqPqLmLi925dMICX9dCTwoICMzlDTb4NzXqd8cxHlIy2aqnGN9t_oIsDQcvsfWxLKqZ1GhvXa2oikuiiJmqnLpdDuo2HcmPuz0T8cHgcnrdaKnXaAC8Jz4I3w2aKCcCOrX_x-BFDZqu18xTF7YM0AtSC1QJF2RX5NZCY%2C HTTP 302
https://pu.vuer.net/56he45wg/56h4w5ta/?utm_source=48&utm_campaign=14345918&sub=2575139-3841085657-0&ctrack=16159716081382421227154815726515776 HTTP 302
https://operateprogressive-theheavilyfile.best/ovGmrLXX2KvVsrIvPrgVW4zeTZ9m7mTDdM_zqNm85CA?cid=16159716081382421227154815726515776&pubid=2575139-3841085657-0 HTTP 302
https://d2hx7lcr8j9n3p.cloudfront.net/apps/player_app.exe

7 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	bKr20924d51f9eb7d0c9bf56bd3a277892013db4d4bb9 Show response amat-file.com/ Redirect Chain http://coolluck.info/pmsdr1?x=Install+virtual+machine+network+driver+for+microsoft+device+emulator https://amat-file.com/bKr20924d51f9eb7d0c9bf56bd3a277892013db4d4bb9?q=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s1=Install%20virtual%20machine%20network%2...	6 KB 7 KB	102ms 36ms	Document text/html	188.72.236.136 WEBZILLA
General Check archive.org Show headers Download Go to Full URL https://amat-file.com/bKr20924d51f9eb7d0c9bf56bd3a277892013db4d4bb9?q=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s1=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s2=b20 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 188.72.236.136 , Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS 1f2-12-d2456-136.webazilla.com Software nginx/1.18.0 / Resource Hash `f2d973a5cbe7a7390c93b35ed7339cd35c3b8d327f6716b7dd9f926ed45b7e18` Request headers :method GET :authority amat-file.com :scheme https :path /bKr20924d51f9eb7d0c9bf56bd3a277892013db4d4bb9?q=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s1=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s2=b20 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers server nginx/1.18.0 date Wed, 17 Mar 2021 09:00:07 GMT content-type text/html; charset=utf-8 set-cookie bd_context=5WnBDysM0dP2aoC+23GA8vL1Ac76IgTpW8iWxcfaNW1EWdueEi0Zjyu5UM16pMHBhoMDd86Na0+KaAzF09//E9JE+yF0wmDGJ62lvzpbDJTnVqMGbcpL0ntgCCZdSGN93WoYlOsB1Rwk3GJLY7aJvOOten7/NXB5rmZDp2U8faiSqIZi/Td7B4jgX/d5R6Xc3MCN5K6vll4dAxhr4Eem/ctOwREsZNXNBIQe8OtOdWJd+gxxGD01/PlMFSv6+jA8Cr1fLiN2eoDkSyyWCaRG7s711T8cIiwNIUyfelANwIRzgOSpZvCHjGHSxOmT5kPAOKMR2No9tkKU; Expires=Thu, 17 Mar 2022 09:00:07 GMT Redirect headers Server nginx/1.10.3 (Ubuntu) Date Wed, 17 Mar 2021 09:00:07 GMT Content-Type text/html; charset=utf-8 Content-Length 689 Connection keep-alive Location https://amat-file.com/bKr20924d51f9eb7d0c9bf56bd3a277892013db4d4bb9?q=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s1=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s2=b20
GET H/1.1	200 OK	Cookie set vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g Show response pushwelcome.com/	22 KB 22 KB	368ms 172ms	Document text/html	34.231.89.205 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://pushwelcome.com/vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g?utm_campaign=NTY4ZwSkMwRD2uWtdA0xO3xgMjE0Np19&sid=262516&qs1=Install+virtual+machine+network+driver+for+microsoft+device+emulator&cid=ABfFUWB0AQQA2z4CAEZSFwASANUgDsUA Requested by Host: amat-file.com URL: https://amat-file.com/bKr20924d51f9eb7d0c9bf56bd3a277892013db4d4bb9?q=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s1=Install%20virtual%20machine%20network%20driver%20for%20microsoft%20device%20emulator&s2=b20 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.231.89.205 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-231-89-205.compute-1.amazonaws.com Software nginx / Resource Hash `90a31c6c178b26be628857ece012b5969eaabce350552893174615f2f4f829a8` Request headers Host pushwelcome.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://amat-file.com/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://amat-file.com/ Response headers Date Wed, 17 Mar 2021 09:00:07 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Access-Control-Allow-Origin * Set-Cookie session=e96c9ce3-d552-4038-a5dd-7f459b309730 Server nginx
GET H/1.1	200 OK	domains.js Show response pushwelcome.com/	10 KB 10 KB	100ms 100ms	Script application/javascript	34.231.89.205 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://pushwelcome.com/domains.js Requested by Host: pushwelcome.com URL: https://pushwelcome.com/vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g?utm_campaign=NTY4ZwSkMwRD2uWtdA0xO3xgMjE0Np19&sid=262516&qs1=Install+virtual+machine+network+driver+for+microsoft+device+emulator&cid=ABfFUWB0AQQA2z4CAEZSFwASANUgDsUA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.231.89.205 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-231-89-205.compute-1.amazonaws.com Software nginx / Resource Hash `9d1cbea88bb97549fd52ba1c7f0cdb7e15a8884339d1bbff76e4bc70d4a2ab99` Request headers Referer https://pushwelcome.com/vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g?utm_campaign=NTY4ZwSkMwRD2uWtdA0xO3xgMjE0Np19&sid=262516&qs1=Install+virtual+machine+network+driver+for+microsoft+device+emulator&cid=ABfFUWB0AQQA2z4CAEZSFwASANUgDsUA User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Wed, 17 Mar 2021 09:00:07 GMT Last-Modified Wed, 17 Mar 2021 08:49:23 GMT Server nginx ETag "6051c293-288e" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 10382
GET DATA	200 OK	truncated /	9 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a6756d136fed0f75611d09d54c7d0e06293f9a45e72063e4605a6b6a735e707a` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H2	200	AFU1kAAPaBk feed.r-tb.com/v1/native/	553 B 712 B	342ms 304ms	Fetch application/json	172.67.26.25 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://feed.r-tb.com/v1/native/AFU1kAAPaBk?subid=dnetc_wp_2610_FR-0.09-262516&uid=2377e573-2bcc-49fb-82be-f836bf7427b9 Requested by Host: pushwelcome.com URL: https://pushwelcome.com/vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g?utm_campaign=NTY4ZwSkMwRD2uWtdA0xO3xgMjE0Np19&sid=262516&qs1=Install+virtual+machine+network+driver+for+microsoft+device+emulator&cid=ABfFUWB0AQQA2z4CAEZSFwASANUgDsUA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.26.25 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://pushwelcome.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 17 Mar 2021 09:00:08 GMT content-encoding gzip cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type application/json; charset=utf-8 access-control-allow-origin * cache-control no-cache cf-request-id 08e102fd82000033197b1d4000000001 cf-ray 631507759aa73319-CDG krcc FR
GET H/1.1	200 OK	Primary Request next.php Show response www.performanceonclick.com/jump/ Redirect Chain https://news-easy.com/YgYyj9njvdqH8lL1n5Qp_k-q2m2Gs6Gl0KNYbqrISl4?clck=wj2Z4LlBZiLSYJvIDBvMRi75UmdMZMo7OXxGsEDfF0UKdinFytzi3RgEOypj6V08LMCXPmyScLiuMCaSyM57IWuZmINOe7FxppsT5o30wcS8bQcKVeFvogAgrdEn5C... http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=boQYQSIgZAUNBF-GZKGpZ8o1Bj2a1EJEI3u3prV3WPHTpDZqVp3c7XsT9h4TFmyd6X8ikQ-FXBM8u4dC-fg-TLU6vxPLycNIfRshXU9_M54EH5kjVwAoKPkzv8N6phI...	9 KB 4 KB	144ms 129ms	Document text/html	35.227.196.138 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=boQYQSIgZAUNBF-GZKGpZ8o1Bj2a1EJEI3u3prV3WPHTpDZqVp3c7XsT9h4TFmyd6X8ikQ-FXBM8u4dC-fg-TLU6vxPLycNIfRshXU9_M54EH5kjVwAoKPkzv8N6phIn6ZhUFJF6z1HJ-4agsXV09gpgLiPR4uifGYE-UpQBy5Ha9OPn6CWna6plkk5NIdN9g798PB72BmAevUCnO0G9JPVCQt85YWP3mMDFK009Ti4NThsksOYUlH2XkUVCfWHhFBamKGyqEPrD1b8nvI8ue6l9edQ8jykyl1fKhxuQw0xj6V_rWh79r74c0o9ReHCer5lhykyCtlLAzoOalTGYkpD_Zw76CCwIc_lqBXr3HFMF0KQvw11ft04w9lZRevWFkK3izOkikNM5fqLmtzT1DU68MRctEzEzJUzRclTSjOrERom1m20BAxoeaWDiQ4rEOZ4f_oB6cMVsIg0L2C3Zc_zn4n0BXeO4uGqeltpopr8&sub1=dnetc_wp_2610_FR-0.09-262516 Requested by Host: pushwelcome.com URL: https://pushwelcome.com/vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g?utm_campaign=NTY4ZwSkMwRD2uWtdA0xO3xgMjE0Np19&sid=262516&qs1=Install+virtual+machine+network+driver+for+microsoft+device+emulator&cid=ABfFUWB0AQQA2z4CAEZSFwASANUgDsUA Protocol HTTP/1.1 Server 35.227.196.138 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 138.196.227.35.bc.googleusercontent.com Software openresty / Resource Hash `e503d074c7cc33dd53be65aac937cb1d3111d8176e66c0eddc060ee523efe370` Request headers Host www.performanceonclick.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://pushwelcome.com/vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g?utm_campaign=NTY4ZwSkMwRD2uWtdA0xO3xgMjE0Np19#utm_source=dnetc_wp_2610_FR-0.09-262516&sid=262516&qs1=Install+virtual+machine+network+driver+for+microsoft+device+emulator&cid=ABfFUWB0AQQA2z4CAEZSFwASANUgDsUA&utm_click=wj2Z4LlBZiLSYJvIDBvMRi75UmdMZMo7OXxGsEDfF0UKdinFytzi3RgEOypj6V08LMCXPmyScLiuMCaSyM57IWuZmINOe7FxppsT5o30wcS8bQcKVeFvogAgrdEn5CB5SxZIR2OoC5PrRUdagCIQ_LGuE2QGfjo2jCQ1OywIUWiZ_3cSWfK54sukBpZBvXVJnrckOcZaZs1mPXUZSfoEfA Response headers Server openresty Date Wed, 17 Mar 2021 09:00:08 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Access-Control-Allow-Origin * Content-Encoding gzip Via 1.1 google Redirect headers Date Wed, 17 Mar 2021 09:00:08 GMT Content-Type text/html Content-Length 142 Connection keep-alive Access-Control-Allow-Origin * Location http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=boQYQSIgZAUNBF-GZKGpZ8o1Bj2a1EJEI3u3prV3WPHTpDZqVp3c7XsT9h4TFmyd6X8ikQ-FXBM8u4dC-fg-TLU6vxPLycNIfRshXU9_M54EH5kjVwAoKPkzv8N6phIn6ZhUFJF6z1HJ-4agsXV09gpgLiPR4uifGYE-UpQBy5Ha9OPn6CWna6plkk5NIdN9g798PB72BmAevUCnO0G9JPVCQt85YWP3mMDFK009Ti4NThsksOYUlH2XkUVCfWHhFBamKGyqEPrD1b8nvI8ue6l9edQ8jykyl1fKhxuQw0xj6V_rWh79r74c0o9ReHCer5lhykyCtlLAzoOalTGYkpD_Zw76CCwIc_lqBXr3HFMF0KQvw11ft04w9lZRevWFkK3izOkikNM5fqLmtzT1DU68MRctEzEzJUzRclTSjOrERom1m20BAxoeaWDiQ4rEOZ4f_oB6cMVsIg0L2C3Zc_zn4n0BXeO4uGqeltpopr8&sub1=dnetc_wp_2610_FR-0.09-262516 Set-Cookie session=473a907a-83ee-41c7-9e27-0b44cb3786f4 Server nginx
GET H2	204	imp t.r-tb.com/	0 0	79ms 76ms	Fetch	172.67.26.25 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.r-tb.com/imp?l2=rIWDwEZgZ1e1CdiN1T6tUoMPUIBNRS44OkLjFl1CM9zMwwESCU9nV1DaS39qe30C1VPBIeH3c6MbcwgyY6JgVHBf7JTHy_eKt5OswSVMqJYTW0oLuvQmwF9i7uSGmMDFQKXJa6VKGdZDUD8zgSpXOBQG8XMR8y28Ysm48zQP79E Requested by Host: pushwelcome.com URL: https://pushwelcome.com/vCxmgYLfSrytJPCKzDefNS4nHeFjrZo9TfbvEkq1O0g?utm_campaign=NTY4ZwSkMwRD2uWtdA0xO3xgMjE0Np19&sid=262516&qs1=Install+virtual+machine+network+driver+for+microsoft+device+emulator&cid=ABfFUWB0AQQA2z4CAEZSFwASANUgDsUA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.26.25 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://pushwelcome.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 17 Mar 2021 09:00:08 GMT cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-allow-origin * cache-control no-cache cf-ray 631507778f733319-CDG cf-request-id 08e102feb600003319ef3c5000000001
GET H2	200	player_app.exe d2hx7lcr8j9n3p.cloudfront.net/apps/ Redirect Chain http://www.performanceonclick.com/jump/next.php?stamat=m%7C%2C%2CQ3Z_9jO-oGU3BJ-GH0dEdHP3xP.b61%2CHiBXuBvbMzdgZ12-NKLn08ywfUDDBwMEHStwTbV9Ja1upkvUpA7096oSKPl0xKOTDK0Z4eVvMmvoax6eurYpevotDArquiD0mPP... http://www.performanceonclick.com/script/i.php?stamat=m%7C%2C%2CA2P6djd3tGU3Bk4GH0dEdHP3xP.579%2CPFdfcNHlDMPgSE2Hze6sRr6UDCeORdQnDpkdvnM9Sizi_rR6IeD7r4YLQreB1rta0mbAzDBhOAedRWOOEHEJn6tjd-YeUiDk8PDv... https://pu.vuer.net/56he45wg/56h4w5ta/?utm_source=48&utm_campaign=14345918&sub=2575139-3841085657-0&ctrack=16159716081382421227154815726515776 https://operateprogressive-theheavilyfile.best/ovGmrLXX2KvVsrIvPrgVW4zeTZ9m7mTDdM_zqNm85CA?cid=16159716081382421227154815726515776&pubid=2575139-3841085657-0 https://d2hx7lcr8j9n3p.cloudfront.net/apps/player_app.exe	0 0	42ms 12ms	Document application/x-msdownload	2600:9000:2182:9000:14:fd68:d40:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d2hx7lcr8j9n3p.cloudfront.net/apps/player_app.exe Requested by Host: www.performanceonclick.com URL: http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=boQYQSIgZAUNBF-GZKGpZ8o1Bj2a1EJEI3u3prV3WPHTpDZqVp3c7XsT9h4TFmyd6X8ikQ-FXBM8u4dC-fg-TLU6vxPLycNIfRshXU9_M54EH5kjVwAoKPkzv8N6phIn6ZhUFJF6z1HJ-4agsXV09gpgLiPR4uifGYE-UpQBy5Ha9OPn6CWna6plkk5NIdN9g798PB72BmAevUCnO0G9JPVCQt85YWP3mMDFK009Ti4NThsksOYUlH2XkUVCfWHhFBamKGyqEPrD1b8nvI8ue6l9edQ8jykyl1fKhxuQw0xj6V_rWh79r74c0o9ReHCer5lhykyCtlLAzoOalTGYkpD_Zw76CCwIc_lqBXr3HFMF0KQvw11ft04w9lZRevWFkK3izOkikNM5fqLmtzT1DU68MRctEzEzJUzRclTSjOrERom1m20BAxoeaWDiQ4rEOZ4f_oB6cMVsIg0L2C3Zc_zn4n0BXeO4uGqeltpopr8&sub1=dnetc_wp_2610_FR-0.09-262516 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2182:9000:14:fd68:d40:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash Request headers :method GET :authority d2hx7lcr8j9n3p.cloudfront.net :scheme https :path /apps/player_app.exe pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer http://www.performanceonclick.com/jump/next.php?r=2575139&pub_clickid=boQYQSIgZAUNBF-GZKGpZ8o1Bj2a1EJEI3u3prV3WPHTpDZqVp3c7XsT9h4TFmyd6X8ikQ-FXBM8u4dC-fg-TLU6vxPLycNIfRshXU9_M54EH5kjVwAoKPkzv8N6phIn6ZhUFJF6z1HJ-4agsXV09gpgLiPR4uifGYE-UpQBy5Ha9OPn6CWna6plkk5NIdN9g798PB72BmAevUCnO0G9JPVCQt85YWP3mMDFK009Ti4NThsksOYUlH2XkUVCfWHhFBamKGyqEPrD1b8nvI8ue6l9edQ8jykyl1fKhxuQw0xj6V_rWh79r74c0o9ReHCer5lhykyCtlLAzoOalTGYkpD_Zw76CCwIc_lqBXr3HFMF0KQvw11ft04w9lZRevWFkK3izOkikNM5fqLmtzT1DU68MRctEzEzJUzRclTSjOrERom1m20BAxoeaWDiQ4rEOZ4f_oB6cMVsIg0L2C3Zc_zn4n0BXeO4uGqeltpopr8&sub1=dnetc_wp_2610_FR-0.09-262516 Response headers content-type application/x-msdownload content-length 349867 date Tue, 16 Mar 2021 16:05:12 GMT last-modified Tue, 02 Mar 2021 20:15:30 GMT etag "15d1c6b476be83aba6e3152bf5e99059" accept-ranges bytes server AmazonS3 x-cache Hit from cloudfront via 1.1 8033f9c6b87a03b2eca7c2db5157e10e.cloudfront.net (CloudFront) x-amz-cf-pop DUS51-C1 x-amz-cf-id TlFDV723yAMfxrNJKzQzu2xZEVCsHxLoq-YQLNjBNef5uclFQe6MRQ== age 60898 Redirect headers Date Wed, 17 Mar 2021 09:00:09 GMT Content-Type text/html Content-Length 158 Connection keep-alive Location https://d2hx7lcr8j9n3p.cloudfront.net/apps/player_app.exe Set-Cookie session=9e7e6cf0-da65-411a-89fd-620598db3dc0 Server nginx

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amat-file.com
coolluck.info
d2hx7lcr8j9n3p.cloudfront.net
feed.r-tb.com
news-easy.com
operateprogressive-theheavilyfile.best
pu.vuer.net
pushwelcome.com
t.r-tb.com
www.performanceonclick.com
172.67.26.25
188.72.236.136
2600:9000:2182:9000:14:fd68:d40:21
3.208.81.246
34.225.190.7
34.231.89.205
35.153.20.85
35.227.196.138
90a31c6c178b26be628857ece012b5969eaabce350552893174615f2f4f829a8
9d1cbea88bb97549fd52ba1c7f0cdb7e15a8884339d1bbff76e4bc70d4a2ab99
a6756d136fed0f75611d09d54c7d0e06293f9a45e72063e4605a6b6a735e707a
e503d074c7cc33dd53be65aac937cb1d3111d8176e66c0eddc060ee523efe370
f2d973a5cbe7a7390c93b35ed7339cd35c3b8d327f6716b7dd9f926ed45b7e18

www.performanceonclick.com Open in urlscan Pro 35.227.196.138 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

86 %HTTPS

13 %IPv6

9 Domains

10 Subdomains

6 IPs

2 Countries

44 kBTransfer

57 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

0 Cookies

Indicators

www.performanceonclick.com Open in urlscan Pro
35.227.196.138 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

13 %
IPv6

9
Domains

10
Subdomains

6
IPs

2
Countries

44 kB
Transfer

57 kB
Size

0
Cookies

7 HTTP transactions
1 data transactions