onclkds.com Open in urlscan Pro
206.54.163.50 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://onclkds.com/afu.php?id=1249282
Submission: On June 06 via manual (June 6th 2017, 10:58:18 am UTC) from US

Summary HTTP 11 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 11 HTTP transactions. The main IP is 206.54.163.50, located in Amsterdam, Netherlands and belongs to WEBZILLA, NL. The main domain is onclkds.com.

This is the only time onclkds.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	206.54.163.50 206.54.163.50	35415 (WEBZILLA) (WEBZILLA)
1	52.28.160.181 52.28.160.181	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	35.157.225.171 35.157.225.171	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	188.72.201.34 188.72.201.34	35415 (WEBZILLA) (WEBZILLA)
1	188.42.162.170 188.42.162.170	35415 (WEBZILLA) (WEBZILLA)
1	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY - Fastly)
11	7

3 206.54.163.50 (Amsterdam, Netherlands)

ASN35415 (WEBZILLA, NL)

onclkds.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.160.181 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-28-160-181.eu-central-1.compute.amazonaws.com

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.225.171 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-225-171.eu-central-1.compute.amazonaws.com

mt.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.72.201.34 (Netherlands)

ASN35415 (WEBZILLA, NL)

content1req.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.42.162.170 (Luxembourg)

ASN35415 (WEBZILLA, NL)

go.pushnative.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	onclkds.com onclkds.com	4 KB
2	content1req.com content1req.com Failed	675 B
2	rtmark.net my.rtmark.net mt.rtmark.net
1	imgur.com i.imgur.com	40 KB
1	pushnative.com go.pushnative.com
0	amazonaws.com Failed load.s3.amazonaws.com Failed
11	6

	Domain	Requested by
3	onclkds.com	content1req.com
2	content1req.com
1	i.imgur.com	content1req.com
1	go.pushnative.com	content1req.com
1	mt.rtmark.net	onclkds.com
1	my.rtmark.net	onclkds.com
0	load.s3.amazonaws.com Failed
11	7

This site contains links to these domains. Also see Links.

Domain
go.ad2upapp.com

Subject Issuer	Validity	Valid

This page contains 2 frames:

Frame: http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1
Frame ID: 16839.1
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

7
IPs

4
Countries

45 kB
Transfer

52 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://go.ad2upapp.com/afu.php?id=872447
Title: Click Here if Result not Loading

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 1

http://loadr.exelator.com/load/?p=104&g=891&j=0&u=7cd162f4df4b2b4ad0657f324983762c
http://load.s3.amazonaws.com/pixel.gif

Request 3

http://onclkds.com/?r=%2Fmb%2Fhan&zoneid=1249282&pbk2=b5c4f747bf03456d8e909c7cc2ace44a6428478077392358552&uuid=0f8aca93-1a70-47f8-b463-647834685abf&ad_scheme=1&route_id=0&rotation_type=6&adparams=b...
http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72...

Request 6

http://go.pub2srv.com/apu.php?zoneid=872447
http://onclkds.com/apu.php?zoneid=872447

Request 7

http://go.mobtrks.com/notice.php?p=1019351&interstitial=1
http://go.pushnative.com/notice.php?p=1019351&interstitial=1

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set afu.php Show response onclkds.com/	11 KB 4 KB	75ms 61ms	Document text/html	206.54.163.50 WEBZILLA
General Check archive.org Show headers Download Go to Full URL http://onclkds.com/afu.php?id=1249282 Protocol HTTP/1.1 Server 206.54.163.50 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software QRATOR / Resource Hash `d0adadb650269cfef2ae6459e4d4ba6568368148ed7d27b23e945b0c9e2d5043` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host onclkds.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Pragma no-cache Date Tue, 06 Jun 2017 10:58:08 GMT Content-Encoding gzip Server QRATOR Timing-Allow-Origin * * Transfer-Encoding chunked Connection keep-alive P3P CP="CUR ADM OUR NOR STA NID" Cache-Control private, max-age=0, no-cache Set-Cookie SeenToday=1; expires=Wed, 07-Jun-2017 10:58:08 GMT; path=/ OAGEOf586f=5%7CDE%7CBY%7CGUNZENHAUSEN%7CBROADBAND%7CHETZNER+ONLINE+AG%7CHOSTING%7C10436%7C42476%7C%3F%7C276005%7CGUNZENHAUSEN%7C91710%7CWIRED; expires=Wed, 07-Jun-2017 10:58:08 GMT; path=/ oaits=1496746688; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ OAID=7cd162f4df4b2b4ad0657f324983762c; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ OAID=7cd162f4df4b2b4ad0657f324983762c; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ pbk2=b5c4f747bf03456d8e909c7cc2ace44a6428478077392358552; expires=Tue, 06-Jun-2017 11:08:08 GMT bcn_nls=1; expires=Wed, 07-Jun-2017 10:58:08 GMT; path=/ Content-Type text/html Keep-Alive timeout=15 Expires Mon, 26 Jul 1997 05:00:00 GMT
POST H/1.1	200 OK	Cookie set img.gif my.rtmark.net/	0 0	21ms 14ms	Other image/gif	52.28.160.181 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://my.rtmark.net/img.gif?f=merge&userId=7cd162f4df4b2b4ad0657f324983762c Requested by Host: onclkds.com URL: http://onclkds.com/afu.php?id=1249282 Protocol HTTP/1.1 Server 52.28.160.181 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-52-28-160-181.eu-central-1.compute.amazonaws.com Software nginx/1.10.1 / Resource Hash Request headers Pragma no-cache Origin http://onclkds.com Accept-Encoding gzip, deflate Host my.rtmark.net Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Accept / Cache-Control max-age=0 Referer http://onclkds.com/afu.php?id=1249282 Connection keep-alive Content-Length 0 Cache-Control max-age=0 Origin http://onclkds.com Referer http://onclkds.com/afu.php?id=1249282 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Set-Cookie ID=7cd162f4df4b2b4ad0657f324983762c; expires=Wed, 06 Jun 2018 10:58:08 GMT Date Tue, 06 Jun 2017 10:58:08 GMT Server nginx/1.10.1 Connection keep-alive Content-Length 43 Content-Type image/gif
GET		pixel.gif load.s3.amazonaws.com/ Redirect Chain http://loadr.exelator.com/load/?p=104&g=891&j=0&u=7cd162f4df4b2b4ad0657f324983762c http://load.s3.amazonaws.com/pixel.gif	0 0

POST H/1.1	200 OK	omr.gif mt.rtmark.net/	0 0	12ms 6ms	Other image/gif	35.157.225.171 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://mt.rtmark.net/omr.gif?s=nls_afu%2Crtg_afu&geo=DE&zoneid=1249282&oaid=1 Requested by Host: onclkds.com URL: http://onclkds.com/afu.php?id=1249282 Protocol HTTP/1.1 Server 35.157.225.171 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-157-225-171.eu-central-1.compute.amazonaws.com Software nginx/1.10.1 / Resource Hash Request headers Pragma no-cache Origin http://onclkds.com Accept-Encoding gzip, deflate Host mt.rtmark.net Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Accept / Cache-Control max-age=0 Referer http://onclkds.com/afu.php?id=1249282 Connection keep-alive Content-Length 0 Cache-Control max-age=0 Origin http://onclkds.com Referer http://onclkds.com/afu.php?id=1249282 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Access-Control-Allow-Origin * Date Tue, 06 Jun 2017 10:58:08 GMT Server nginx/1.10.1 Connection keep-alive Content-Length 43 Content-Type image/gif
GET		/ content1req.com/ Redirect Chain http://onclkds.com/?r=%2Fmb%2Fhan&zoneid=1249282&pbk2=b5c4f747bf03456d8e909c7cc2ace44a6428478077392358552&uuid=0f8aca93-1a70-47f8-b463-647834685abf&ad_scheme=1&route_id=0&rotation_type=6&adparams=b... http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72...	0 0

GET H/1.1	204 No Content	favicon.ico onclkds.com/	0 0	28ms 14ms	Other text/plain	206.54.163.50 WEBZILLA
General Check archive.org Show headers Download Go to Full URL http://onclkds.com/favicon.ico Protocol HTTP/1.1 Server 206.54.163.50 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software QRATOR / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host onclkds.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://onclkds.com/afu.php?id=1249282 Cookie SeenToday=1; OAGEOf586f=5%7CDE%7CBY%7CGUNZENHAUSEN%7CBROADBAND%7CHETZNER+ONLINE+AG%7CHOSTING%7C10436%7C42476%7C%3F%7C276005%7CGUNZENHAUSEN%7C91710%7CWIRED; oaits=1496746688; OAID=7cd162f4df4b2b4ad0657f324983762c; pbk2=b5c4f747bf03456d8e909c7cc2ace44a6428478077392358552; bcn_nls=1 Connection keep-alive Cache-Control no-cache Referer http://onclkds.com/afu.php?id=1249282 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Pragma public Date Tue, 06 Jun 2017 10:58:08 GMT Cache-Control max-age=315360000 public, must-revalidate, proxy-revalidate Server QRATOR Connection keep-alive Keep-Alive timeout=15 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	Cookie set / Show response content1req.com/ Frame 1685	1 KB 675 B	44ms 30ms	Document text/html	188.72.201.34 WEBZILLA
General Check archive.org Show headers Download Go to Full URL http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 Protocol HTTP/1.1 Server 188.72.201.34 , Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software nginx / PHP/7.1.5 Resource Hash `0c3dc3775720c106b378e92b6eaf8157c14e93d310606a48c7c68dbb9782e0f9` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host content1req.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Referer http://onclkds.com/afu.php?id=1249282 Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer http://onclkds.com/afu.php?id=1249282 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Tue, 06 Jun 2017 10:58:08 GMT Content-Encoding gzip Server nginx X-Powered-By PHP/7.1.5 Vary Accept-Encoding Access-Control-Allow-Methods GET, POST, OPTIONS, HEAD Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Set-Cookie reverse=Fcj-qBsayg_XE4nVvN00LSgZcmgWnMeIOhQDzc7wJ4w; expires=Tue, 06-Jun-2017 11:58:08 GMT; Max-Age=3600; path=/ Access-Control-Expose-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range Transfer-Encoding chunked Connection keep-alive Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
GET H/1.1	200 OK	Cookie set apu.php Show response onclkds.com/ Frame 1685 Redirect Chain http://go.pub2srv.com/apu.php?zoneid=872447 http://onclkds.com/apu.php?zoneid=872447	7 B 38 B	52ms 51ms	Script application/x-javascript	206.54.163.50 WEBZILLA
General Check archive.org Show headers Download Go to Full URL http://onclkds.com/apu.php?zoneid=872447 Requested by Host: content1req.com URL: http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 Protocol HTTP/1.1 Server 206.54.163.50 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software QRATOR / Resource Hash `a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host onclkds.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept / Referer http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 Cookie SeenToday=1; oaits=1496746688; pbk2=b5c4f747bf03456d8e909c7cc2ace44a6428478077392358552; bcn_nls=1; 57ae24c3753cd3bd3fdb0f14e4691ad5=bAc5wpHqFdc_liuSFDOMholSqw9xrwHbBYPYNtNCSo0; OAGEOf586f=5%7CDE%7CBY%7CGUNZENHAUSEN%7CBROADBAND%7CHETZNER+ONLINE+AG%7CHOSTING%7C10436%7C42476%7C%3F%7C276005%7CGUNZENHAUSEN%7C91710%7CWIRED; ppucnt=1; OAID=7cd162f4df4b2b4ad0657f324983762c; _OXCCLK[14083]=1; _OXPCLK[1127]=1 Connection keep-alive Cache-Control no-cache Referer http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Pragma no-cache Date Tue, 06 Jun 2017 10:58:08 GMT Content-Encoding gzip Server QRATOR Timing-Allow-Origin * * Transfer-Encoding chunked P3P CP="CUR ADM OUR NOR STA NID" Set-Cookie _OXCCLK[14083]=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ %5FOXCCLK%5B14083%5D=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ _OXPCLK[1127]=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ %5FOXPCLK%5B1127%5D=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ OAGEOf586f=5%7CDE%7CBY%7CGUNZENHAUSEN%7CBROADBAND%7CHETZNER+ONLINE+AG%7CHOSTING%7C10436%7C42476%7C%3F%7C276005%7CGUNZENHAUSEN%7C91710%7CWIRED; expires=Wed, 07-Jun-2017 10:58:08 GMT; path=/ OAID=7cd162f4df4b2b4ad0657f324983762c; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ OXCCLK=14083.1; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ OXPCLK=1127.1; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ OAID=7cd162f4df4b2b4ad0657f324983762c; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ OAVARS[]=a%3A2%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22zoneid%22%3Bi%3A872447%3B%7D; path=/ OXCCLK=14083.1; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ OXPCLK=1127.1; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ Cache-Control private, max-age=0, no-cache Connection keep-alive Content-Type application/x-javascript Keep-Alive timeout=15 Expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers Location http://onclkds.com/apu.php?zoneid=872447 Date Tue, 06 Jun 2017 10:58:08 GMT Server nginx Connection keep-alive Timing-Allow-Origin * Content-Length 154 Content-Type text/html
GET H/1.1	200 OK	Cookie set notice.php Show response go.pushnative.com/ Frame 1685 Redirect Chain http://go.mobtrks.com/notice.php?p=1019351&interstitial=1 http://go.pushnative.com/notice.php?p=1019351&interstitial=1	0 0	43ms 26ms	Script text/javascript	188.42.162.170 WEBZILLA
General Check archive.org Show headers Download Go to Full URL http://go.pushnative.com/notice.php?p=1019351&interstitial=1 Requested by Host: content1req.com URL: http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 Protocol HTTP/1.1 Server 188.42.162.170 , Luxembourg, ASN35415 (WEBZILLA, NL), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host go.pushnative.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept / Referer http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 Connection keep-alive Cache-Control no-cache Referer http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Pragma no-cache Date Tue, 06 Jun 2017 10:58:08 GMT Content-Encoding gzip Server nginx Timing-Allow-Origin * * Transfer-Encoding chunked Connection keep-alive P3P CP="CUR ADM OUR NOR STA NID" Cache-Control private, max-age=0, no-cache Set-Cookie SeenToday=1; expires=Wed, 07-Jun-2017 10:58:08 GMT; path=/ OAGEOf586f=5%7CDE%7C10436%7CBY%7CGUNZENHAUSEN%7C42476%7C%3F%7CBROADBAND%7CHETZNER+ONLINE+AG%7C1; expires=Wed, 07-Jun-2017 10:58:08 GMT; path=/ oaits=1496746688; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ OAID=accb19405017ded4b25ea0b58da76caa; expires=Wed, 06-Jun-2018 10:58:08 GMT; path=/ Content-Type text/javascript; charset=UTF-8 Expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers Location http://go.pushnative.com/notice.php?p=1019351&interstitial=1 Date Tue, 06 Jun 2017 10:58:08 GMT Server nginx Connection keep-alive Timing-Allow-Origin * Content-Length 154 Content-Type text/html
GET H/1.1	200 OK	l5wDCpl.gif i.imgur.com/ Frame 1685	40 KB 40 KB	12ms 5ms	Image image/gif	151.101.112.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL http://i.imgur.com/l5wDCpl.gif Requested by Host: content1req.com URL: http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 Protocol HTTP/1.1 Server 151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `bea067a1e616599fe27fcbb378fff06f3f688accdbbebdefcdd13fe4223b78b1` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host i.imgur.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 Connection keep-alive Cache-Control no-cache Referer http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Tue, 06 Jun 2017 10:58:08 GMT Age 1220343 X-Cache HIT, HIT Connection keep-alive Content-Length 41110 X-Served-By cache-iad2122-IAD, cache-hhn1536-HHN Last-Modified Sun, 11 Sep 2016 12:46:07 GMT Server cat factory 1.0 cache-control public, max-age=31536000 X-Timer S1496746688.262628,VS0,VE0 ETag "8c34f681ec8c2ebd27ad5eda9fe5b423" Vary Accept, Accept Access-Control-Allow-Methods GET, OPTIONS Content-Type image/gif Access-Control-Allow-Origin * Fastly-Debug-Digest 8ed772a6f3dc4c931e73f16819d9026fcc453ade26543048fd3fd9039988cb50 Accept-Ranges bytes X-Cache-Hits 8, 36572
GET H/1.1	204 No Content	favicon.ico content1req.com/ Frame 1685	0 0	14ms 13ms	Other text/plain	188.72.201.34 WEBZILLA
General Check archive.org Show headers Download Go to Full URL http://content1req.com/favicon.ico Protocol HTTP/1.1 Server 188.72.201.34 , Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host content1req.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://content1req.com/?rzi=1249282&rsz=1249282 Cookie reverse=Fcj-qBsayg_XE4nVvN00LSgZcmgWnMeIOhQDzc7wJ4w Connection keep-alive Cache-Control no-cache Referer http://content1req.com/?rzi=1249282&rsz=1249282 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Tue, 06 Jun 2017 10:58:08 GMT Server nginx Connection keep-alive Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range Access-Control-Allow-Methods GET, POST, OPTIONS, HEAD Access-Control-Expose-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: load.s3.amazonaws.com
URL: http://load.s3.amazonaws.com/pixel.gif

Domain: content1req.com
URL: http://content1req.com/?l=M9rk9NFkFoh0BaV&s=330493153247&z=1249282&g=DE&ba=1&dm=0&ep=0&vi=0&vo=0&i18db=1&fp=0&v1=792658&v2=792665&v3=792662&v4=808340&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&tr=default&svar=1496746688.1604&ssk=6cc5a1d302d2e02d02df72cf9dad6aaa&svarok=1

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			content1req.com/	2017-06-06 11:58:08	Name: reverse Value: Fcj-qBsayg_XE4nVvN00LSgZcmgWnMeIOhQDzc7wJ4w

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

content1req.com
go.pushnative.com
i.imgur.com
load.s3.amazonaws.com
mt.rtmark.net
my.rtmark.net
onclkds.com
content1req.com
load.s3.amazonaws.com
151.101.112.193
188.42.162.170
188.72.201.34
206.54.163.50
35.157.225.171
52.28.160.181
0c3dc3775720c106b378e92b6eaf8157c14e93d310606a48c7c68dbb9782e0f9
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
bea067a1e616599fe27fcbb378fff06f3f688accdbbebdefcdd13fe4223b78b1
d0adadb650269cfef2ae6459e4d4ba6568368148ed7d27b23e945b0c9e2d5043
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

onclkds.com Open in urlscan Pro 206.54.163.50 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

6 Domains

7 Subdomains

7 IPs

4 Countries

45 kBTransfer

52 kBSize

1 Cookies

1 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

1 Cookies

Indicators

onclkds.com Open in urlscan Pro
206.54.163.50 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

7
IPs

4
Countries

45 kB
Transfer

52 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions