urlscan.io logo urlscan.io
SecurityTrails logo

www.reward1spot.com Open in urlscan Pro
2606:4700:e4::ac40:ae1d  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ccoronavirusnow.com/
Effective URL: https://www.reward1spot.com/ThankYou.aspx?source=P
Submission: On April 11 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 8 domains to perform 4 HTTP transactions. The main IP is 2606:4700:e4::ac40:ae1d, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.reward1spot.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 4th 2020. Valid for: 8 months.
This is the only time www.reward1spot.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 75.126.101.235 36351 (SOFTLAYER)
1 1 18.197.88.156 16509 (AMAZON-02)
2 91.228.153.25 44066 (DE-FIRSTC...)
1 2a03:90c0:999... 199524 (GCORE)
1 1 54.156.67.243 14618 (AMAZON-AES)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2606:4700:e4:... 13335 (CLOUDFLAR...)
4 3
1    75.126.101.235 (Dallas, United States)

ASN36351 (SOFTLAYER, US)
PTR: eb.65.7e4b.ip4.static.sl-reverse.com
ccoronavirusnow.com
1    18.197.88.156 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-88-156.eu-central-1.compute.amazonaws.com
click.tr4cknow.site
2    91.228.153.25 (Frankfurt am Main, Germany)

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
PTR: dsde252-4.fornex.org
dsfffmb.mobi
1    2a03:90c0:9997::9997 (Germany)

ASN199524 (GCORE, AT)
dadbab.info
1    54.156.67.243 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-67-243.compute-1.amazonaws.com
c.spnccrzone.com
1    2606:4700:3031::681b:be9b (United States)

ASN13335 (CLOUDFLARENET, US)
www.electronicproductzone.com
2    2606:4700::6810:3450 (United States)

ASN13335 (CLOUDFLARENET, US)
www.amarktflow.com
2    2606:4700:e4::ac40:ae1d (United States)

ASN13335 (CLOUDFLARENET, US)
www.reward1spot.com
Domain Requested by
2 www.reward1spot.com 1 redirects
2 www.amarktflow.com 2 redirects
2 dsfffmb.mobi dsfffmb.mobi
1 www.electronicproductzone.com 1 redirects
1 c.spnccrzone.com 1 redirects
1 dadbab.info dsfffmb.mobi
1 click.tr4cknow.site 1 redirects
1 ccoronavirusnow.com 1 redirects
4 8

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-04 -
2020-10-09		 8 months crt.sh

This page contains 1 frames:

Primary Page: https://www.reward1spot.com/ThankYou.aspx?source=P
Frame ID: E4B299B823F8E5E5097D942FB1255B0A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ccoronavirusnow.com/ HTTP 301
    http://click.tr4cknow.site/8ec57898-97cd-4524-9d72-6685a69e1bef?domain=ccoronavirusnow.com HTTP 302
    http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3... Page URL
  2. http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3... Page URL
  3. https://c.spnccrzone.com/?es4v=RfViPRNDoR3oyMWJmrzFsgp7YEC3AYcAvQJDRoz7h5U%3d-PxyaXNZ1JZM%3d&s1=d032a... HTTP 302
    https://www.electronicproductzone.com/?Flow=6b51d955-0748-462e-9eb5-0ccdd7eceb37&isPrePop=true&reward=iphone11&o=2... HTTP 302
    https://www.amarktflow.com/default.aspx?Flow=77633E9F-47E8-489C-5083-1293A97FBD147ACED00F&&PubSrc=%26re... HTTP 302
    https://www.amarktflow.com/default.aspx?Flow=c55c9d6f-e3b3-444e-8336-01fa5764e0a1&&PubSrc=%26PubSrc%3D%... HTTP 302
    https://www.reward1spot.com/default.aspx?Flow=14DFA36E-2CBA-FF63-0C3E-609127B1C063DB63355C&&PubSrc=%26Pu... HTTP 302
    https://www.reward1spot.com/ThankYou.aspx?source=P Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i

Page Statistics

4
Requests

25 %
HTTPS

50 %
IPv6

8
Domains

8
Subdomains

3
IPs

2
Countries

15 kB
Transfer

31 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ccoronavirusnow.com/ HTTP 301
    http://click.tr4cknow.site/8ec57898-97cd-4524-9d72-6685a69e1bef?domain=ccoronavirusnow.com HTTP 302
    http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm Page URL
  2. http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm&fingerprint_=e329350ec20e9ad7ef2138d75792c266 Page URL
  3. https://c.spnccrzone.com/?es4v=RfViPRNDoR3oyMWJmrzFsgp7YEC3AYcAvQJDRoz7h5U%3d-PxyaXNZ1JZM%3d&s1=d032ac8db9b860afc8f51ce9b4cafd38&s2=-7EBRQCgQAAAPHcQO9XgOQYDDEBQNzQgACDwUWkV4RDRoRDSIRDUIRDVoDREsHbmwxf2FkY29tYm__NGE1ZUJoaGwAA2la HTTP 302
    https://www.electronicproductzone.com/?Flow=6b51d955-0748-462e-9eb5-0ccdd7eceb37&isPrePop=true&reward=iphone11&o=210861&subaff1=d032ac8db9b860afc8f51ce9b4cafd38&subaff2=204406&subaff3=122628&subaff4=iphone11&DVID= HTTP 302
    https://www.amarktflow.com/default.aspx?Flow=77633E9F-47E8-489C-5083-1293A97FBD147ACED00F&&PubSrc=%26reward%3Diphone11%26o%3D210861&SubAff=d032ac8db9b860afc8f51ce9b4cafd38_204406_122628_iphone11&Freq=0&isUserLookUp=False&isULUDone=False&PIY=zLBm3gAephGOxDw70CkeMw2 HTTP 302
    https://www.amarktflow.com/default.aspx?Flow=c55c9d6f-e3b3-444e-8336-01fa5764e0a1&&PubSrc=%26PubSrc%3D%26reward%3Diphone11%26o%3D210861&SubAff=d032ac8db9b860afc8f51ce9b4cafd38_204406_122628_iphone11&Freq=0&isUserLookUp=False&isULUDone=False&PIY=zLBm3gAephGOxDw70CkeMw2 HTTP 302
    https://www.reward1spot.com/default.aspx?Flow=14DFA36E-2CBA-FF63-0C3E-609127B1C063DB63355C&&PubSrc=%26PubSrc%3D%26PubSrc%3D%26reward%3Diphone11%26o%3D210861&SubAff=d032ac8db9b860afc8f51ce9b4cafd38_204406_122628_iphone11&Freq=0&isUserLookUp=False&isULUDone=False&PIY=zLBm3gAephGOxDw70CkeMw2 HTTP 302
    https://www.reward1spot.com/ThankYou.aspx?source=P Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ccoronavirusnow.com/ HTTP 301
  • http://click.tr4cknow.site/8ec57898-97cd-4524-9d72-6685a69e1bef?domain=ccoronavirusnow.com HTTP 302
  • http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
dsfffmb.mobi/
Redirect Chain
  • http://ccoronavirusnow.com/
  • http://click.tr4cknow.site/8ec57898-97cd-4524-9d72-6685a69e1bef?domain=ccoronavirusnow.com
  • http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm
Protocol
HTTP/1.1
Server
91.228.153.25 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
dsde252-4.fornex.org
Software
openresty /
Resource Hash
5cffd0efa04cc91e6eaa0e4eb3618fb0f2404f56b658647981aa2e86af3f163b

Request headers

Host
dsfffmb.mobi
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
openresty
Date
Sat, 11 Apr 2020 00:57:40 GMT
Content-Type
text/html
Content-Length
1245
Connection
keep-alive
X-Node
slave-nl1 dsde252
Referrer-Policy
unsafe-url unsafe-url
Cache-Control
private, no-transform,no-cache private, no-transform,no-cache

Redirect headers

Server
nginx
Date
Sat, 11 Apr 2020 00:57:40 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm
Pragma
no-cache
Set-Cookie
8ec57898-97cd-4524-9d72-6685a69e1bef-v4=8ec57898-97cd-4524-9d72-6685a69e1bef; Max-Age=86400; Expires=Sun, 12-Apr-2020 00:57:40 GMT; Domain=click.tr4cknow.site; Path=/; HttpOnly cc-v4=U5gZBfLITCyLGs6O4PS52ofiyek4N4f%2BwBwGlJr6oZhLugxSSChctyPEibK0o6yVAK529xm9cDYacVvm0oNrK%2Bsn%2FXSjVMZCZucuPdEr0AL0Bl5XToY3ODL4TPS8C54rrdJCGI0b6qRgb2hsFRLpHA%3D%3D; Max-Age=31536000; Expires=Sun, 11-Apr-2021 00:57:40 GMT; Domain=click.tr4cknow.site; Path=/; HttpOnly
fingerprint2.2.1.0.min.js
dadbab.info/content/!common_files/js/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://dadbab.info/content/!common_files/js/fingerprint2.2.1.0.min.js
Requested by
Host: dsfffmb.mobi
URL: http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm
Protocol
HTTP/1.1
Server
2a03:90c0:9997::9997 , Germany, ASN199524 (GCORE, AT),
Reverse DNS
Software
nginx /
Resource Hash
b6c65ab685234e744044e9b94c2a52db31b84c54ff3a00044aa188012ad61365

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-ID
cec-up-gc10
Date
Sat, 11 Apr 2020 00:57:40 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Cached-Since
2020-04-07T13:09:17+00:00
Connection
keep-alive
Pragma
public
Last-Modified
Thu, 16 Jan 2020 09:58:32 GMT
Server
nginx
ETag
W/"5e2033c8-73a6"
Vary
Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Cache
HIT
Expires
Sat, 11 Apr 2020 01:57:40 GMT
Cookie set /
dsfffmb.mobi/ 		478 B
910 B 		Document
General
Check archive.org
Download Go to
Full URL
http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm&fingerprint_=e329350ec20e9ad7ef2138d75792c266
Requested by
Host: dsfffmb.mobi
URL: http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm
Protocol
HTTP/1.1
Server
91.228.153.25 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
dsde252-4.fornex.org
Software
openresty /
Resource Hash
b01d5e2454e7835adaaf15a2b313d3369d8530973ccbf67d91f7d7f471187407

Request headers

Host
dsfffmb.mobi
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
openresty
Date
Sat, 11 Apr 2020 00:57:41 GMT
Content-Type
text/html
Content-Length
478
Connection
keep-alive
Set-Cookie
adc_24253291270=1; Path=/; Domain=dsfffmb.mobi; Expires=Tue, 26 May 2020 00:57:41 GMT
X-Node
slave-nl1 dsde252
Referrer-Policy
unsafe-url unsafe-url
Cache-Control
private, no-transform,no-cache private, no-transform,no-cache
Primary Request ThankYou.aspx
www.reward1spot.com/
Redirect Chain
  • https://c.spnccrzone.com/?es4v=RfViPRNDoR3oyMWJmrzFsgp7YEC3AYcAvQJDRoz7h5U%3d-PxyaXNZ1JZM%3d&s1=d032ac8db9b860afc8f51ce9b4cafd38&s2=-7EBRQCgQAAAPHcQO9XgOQYDDEBQNzQgACDwUWkV4RDRoRDSIRDUIRDVoDREsHbmw...
  • https://www.electronicproductzone.com/?Flow=6b51d955-0748-462e-9eb5-0ccdd7eceb37&isPrePop=true&reward=iphone11&o=210861&subaff1=d032ac8db9b860afc8f51ce9b4cafd38&subaff2=204406&subaff3=122628&subaff...
  • https://www.amarktflow.com/default.aspx?Flow=77633E9F-47E8-489C-5083-1293A97FBD147ACED00F&&PubSrc=%26reward%3Diphone11%26o%3D210861&SubAff=d032ac8db9b860afc8f51ce9b4cafd38_204406_122628_iphone11&Fr...
  • https://www.amarktflow.com/default.aspx?Flow=c55c9d6f-e3b3-444e-8336-01fa5764e0a1&&PubSrc=%26PubSrc%3D%26reward%3Diphone11%26o%3D210861&SubAff=d032ac8db9b860afc8f51ce9b4cafd38_204406_122628_iphone1...
  • https://www.reward1spot.com/default.aspx?Flow=14DFA36E-2CBA-FF63-0C3E-609127B1C063DB63355C&&PubSrc=%26PubSrc%3D%26PubSrc%3D%26reward%3Diphone11%26o%3D210861&SubAff=d032ac8db9b860afc8f51ce9b4cafd38_...
  • https://www.reward1spot.com/ThankYou.aspx?source=P
828 B
470 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.reward1spot.com/ThankYou.aspx?source=P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e4::ac40:ae1d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
dbaac780a9203e57089c738d8df52f8ea56a59786da8b5c194bf70d744345369

Request headers

:method
GET
:authority
www.reward1spot.com
:scheme
https
:path
/ThankYou.aspx?source=P
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d7a3312bd36c3f7125eaa0a906a044a3d1586566662; ASP.NET_SessionId=4wvazzt2tptq0yymx0iz5hcz; AF3_Cookie=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://dsfffmb.mobi/?target=-7EBNQCgQAAAPHcQO9XgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&clickid=w3np2jd8bdcepo8uh05fcfjm&fingerprint_=e329350ec20e9ad7ef2138d75792c266

Response headers

status
200
date
Sat, 11 Apr 2020 00:57:42 GMT
content-type
text/html; charset=utf-8
cache-control
private
vary
Accept-Encoding
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5820c1488e96bf0f-FRA
content-encoding
br

Redirect headers

status
302
date
Sat, 11 Apr 2020 00:57:42 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d7a3312bd36c3f7125eaa0a906a044a3d1586566662; expires=Mon, 11-May-20 00:57:42 GMT; path=/; domain=.reward1spot.com; HttpOnly; SameSite=Lax ASP.NET_SessionId=4wvazzt2tptq0yymx0iz5hcz; path=/; HttpOnly; SameSite=Lax AF3_Cookie=; expires=Sun, 11-Apr-2021 00:57:42 GMT; path=/
cache-control
private
location
/ThankYou.aspx?source=P
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5820c1470dafbf0f-FRA

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

3 Cookies

Domain/Path Name / Value
www.reward1spot.com/ Name: AF3_Cookie
Value:
www.reward1spot.com/ Name: ASP.NET_SessionId
Value: 4wvazzt2tptq0yymx0iz5hcz
.reward1spot.com/ Name: __cfduid
Value: d7a3312bd36c3f7125eaa0a906a044a3d1586566662