traffic.tc-clicks.com Open in urlscan Pro
87.250.134.15 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tracking.moportals.com/go.php?c=1329&s=evsvfdebzr&l=2265&source=gigporno.com
Effective URL:
http://traffic.tc-clicks.com/?oid=15999&oid_hmac=1dd22330b581af50291a394ad810d7d3&p=3545&pi=expdaded&source=gigporno.com
Submission: On August 12 via manual (August 12th 2017, 3:42:54 am UTC) from RO

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 87.250.134.15, located in Netherlands and belongs to ASN-IS, NL. The main domain is traffic.tc-clicks.com.

This is the only time traffic.tc-clicks.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	87.250.134.15 87.250.134.15	15879 (ASN-IS) (ASN-IS)
2	87.250.134.11 87.250.134.11	15879 (ASN-IS) (ASN-IS)
6	87.250.134.17 87.250.134.17	15879 (ASN-IS) (ASN-IS)
10	4

1 87.250.134.15 (Netherlands)

ASN15879 (ASN-IS, NL)
PTR: traffic.trafficcompany.com

traffic.tc-clicks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 87.250.134.11 (Netherlands)

ASN15879 (ASN-IS, NL)
PTR: srv.moportals.com

www.safeofferz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 87.250.134.17 (Netherlands)

ASN15879 (ASN-IS, NL)
PTR: static.moportals.com

static.safeofferz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	safeofferz.com www.safeofferz.com Failed static.safeofferz.com	461 KB
1	tc-clicks.com traffic.tc-clicks.com	6 KB
10	2

	Domain	Requested by
6	static.safeofferz.com	www.safeofferz.com static.safeofferz.com
2	www.safeofferz.com	www.safeofferz.com
1	traffic.tc-clicks.com
10	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Frame: http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658
Frame ID: 5774.1
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

467 kB
Transfer

543 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response traffic.tc-clicks.com/ Redirect Chain http://tracking.moportals.com/go.php?c=1329&s=evsvfdebzr&l=2265&source=gigporno.com http://traffic.tc-clicks.com/?oid=15999&oid_hmac=1dd22330b581af50291a394ad810d7d3&p=3545&pi=expdaded&source=gigporno.com	10 KB 6 KB	176ms 164ms	Document text/html	87.250.134.15 ASN-IS
General Check archive.org Show headers Download Go to Full URL http://traffic.tc-clicks.com/?oid=15999&oid_hmac=1dd22330b581af50291a394ad810d7d3&p=3545&pi=expdaded&source=gigporno.com Protocol HTTP/1.1 Server 87.250.134.15 , Netherlands, ASN15879 (ASN-IS, NL), Reverse DNS traffic.trafficcompany.com Software nginx / Resource Hash `8aab7610a6265d03314d8609c278943c0ee4f085d68d8a8a8d3b1fdb73e22cb3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma no-cache Date Sat, 12 Aug 2017 03:42:43 GMT Content-Encoding gzip Last-Modified Sat, 12 Aug 2017 03:42:43 GMT Server nginx Vary Accept-Encoding, User-Agent Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Transfer-Encoding chunked Connection close Expires Sat, 12 Aug 2017 03:42:43 GMT Redirect headers Date Sat, 12 Aug 2017 03:42:43 GMT Frame-Options DENY Server nginx X-Frame-Options DENY Vary User-Agent Content-Type text/html; charset=UTF-8 Location http://traffic.tc-clicks.com/?oid=15999&oid_hmac=1dd22330b581af50291a394ad810d7d3&p=3545&pi=expdaded&source=gigporno.com Transfer-Encoding chunked Content-Security-Policy frame-ancestors 'none' Connection close
GET DATA	200 OK	truncated /	6 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3f434ea4d225b9ce8ceffff00bcaa7a3b75b123b0d4c05421fa42ef0d9d6b475` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/gif
GET		/ www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/	0 0

GET H/1.1	200 OK	/ Show response www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/ Frame 5786	8 KB 2 KB	636ms 15ms	Document text/html	87.250.134.11 ASN-IS
General Check archive.org Show headers Download Go to Full URL http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658 Protocol HTTP/1.1 Server 87.250.134.11 , Netherlands, ASN15879 (ASN-IS, NL), Reverse DNS srv.moportals.com Software nginx / Resource Hash `b59ac4883a31d6dd6b6bc6d3365557b38de8f101063e8f2384fca9d43a2aaefd` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sat, 12 Aug 2017 03:42:44 GMT Content-Encoding gzip Transfer-Encoding chunked Server nginx Connection close Vary Accept-Encoding, User-Agent Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	style.css static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/css/ Frame 5786	6 KB 6 KB	41ms 12ms	Stylesheet text/css	87.250.134.17 ASN-IS
General Check archive.org Show headers Download Go to Full URL http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/css/style.css Requested by Host: www.safeofferz.com URL: http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658 Protocol HTTP/1.1 Server 87.250.134.17 , Netherlands, ASN15879 (ASN-IS, NL), Reverse DNS static.moportals.com Software nginx / Resource Hash `9a5198a6ae263dcf3951db711d1b8f44ad74cc1b82d04ebba7ac8f37d89217c4` Request headers Referer http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sat, 12 Aug 2017 03:42:44 GMT Via 1.1 varnish Last-Modified Mon, 17 Jul 2017 07:16:22 GMT Server nginx Age 1974394 ETag "596c6446-19e0" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=31536000 X-Varnish 149299877 78512178 Connection keep-alive Accept-Ranges bytes Content-Length 6624 Expires Fri, 20 Jul 2018 07:16:10 GMT
GET H/1.1	200 OK	jquery-1.11.3.min.js Show response static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/js/ Frame 5786	94 KB 38 KB	41ms 12ms	Script application/javascript	87.250.134.17 ASN-IS
General Check archive.org Show headers Download Go to Full URL http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/js/jquery-1.11.3.min.js Requested by Host: www.safeofferz.com URL: http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658 Protocol HTTP/1.1 Server 87.250.134.17 , Netherlands, ASN15879 (ASN-IS, NL), Reverse DNS static.moportals.com Software nginx / Resource Hash `ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8` Request headers Referer http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sat, 12 Aug 2017 03:42:44 GMT Content-Encoding gzip Last-Modified Mon, 17 Jul 2017 07:16:22 GMT Server nginx Age 1975075 Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish Cache-Control max-age=31536000 X-Varnish 1932168733 1861222009 Connection keep-alive Accept-Ranges bytes Content-Length 38889 Expires Fri, 20 Jul 2018 07:04:49 GMT
GET H/1.1	200 OK	script.js Show response static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/js/ Frame 5786	5 KB 2 KB	40ms 12ms	Script application/javascript	87.250.134.17 ASN-IS
General Check archive.org Show headers Download Go to Full URL http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/js/script.js Requested by Host: www.safeofferz.com URL: http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658 Protocol HTTP/1.1 Server 87.250.134.17 , Netherlands, ASN15879 (ASN-IS, NL), Reverse DNS static.moportals.com Software nginx / Resource Hash `0c34d2cd648bba5404af5cbe33952fa065b78a1d3389bebf458693e2bf6b6d50` Request headers Referer http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sat, 12 Aug 2017 03:42:44 GMT Content-Encoding gzip Last-Modified Mon, 17 Jul 2017 07:16:22 GMT Server nginx Age 1975075 Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish Cache-Control max-age=31536000 X-Varnish 1932168734 1861222012 Connection keep-alive Accept-Ranges bytes Content-Length 1657 Expires Fri, 20 Jul 2018 07:04:49 GMT
GET H/1.1	200 OK	logo.png www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/images/ Frame 5786	4 KB 4 KB	23ms 11ms	Image image/png	87.250.134.11 ASN-IS
General Check archive.org Show headers Download Go to Show image Full URL http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/images/logo.png Requested by Host: www.safeofferz.com URL: http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658 Protocol HTTP/1.1 Server 87.250.134.11 , Netherlands, ASN15879 (ASN-IS, NL), Reverse DNS srv.moportals.com Software nginx / Resource Hash `5f52bdc1d144e5570bff39e7792f69fe9ce9fa89ba96a7d5623c2913d4b6b358` Request headers Referer http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma public Date Sat, 12 Aug 2017 03:42:44 GMT Last-Modified Fri, 11 Aug 2017 08:50:01 GMT Server nginx ETag "598d6fb9-1023" Content-Type image/png Cache-Control max-age=31536000, public Connection close Accept-Ranges bytes Content-Length 4131 Expires Sun, 12 Aug 2018 03:42:44 GMT
GET H/1.1	200 OK	background1.jpg static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/images/ Frame 5786	146 KB 146 KB	12ms 12ms	Image image/jpeg	87.250.134.17 ASN-IS
General Check archive.org Show headers Download Go to Show image Full URL http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/images/background1.jpg Requested by Host: static.safeofferz.com URL: http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/js/jquery-1.11.3.min.js Protocol HTTP/1.1 Server 87.250.134.17 , Netherlands, ASN15879 (ASN-IS, NL), Reverse DNS static.moportals.com Software nginx / Resource Hash `8f31c428593d808f5dd1697233414338d03fdc0f7f88334ef3be339efc2ebda2` Request headers Referer http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/css/style.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sat, 12 Aug 2017 03:42:44 GMT Via 1.1 varnish Last-Modified Mon, 17 Jul 2017 07:16:22 GMT Server nginx Age 1975074 ETag "596c6446-24781" Content-Type image/jpeg Cache-Control max-age=31536000 X-Varnish 1932168735 1861222026 Connection keep-alive Accept-Ranges bytes Content-Length 149377 Expires Fri, 20 Jul 2018 07:04:49 GMT
GET H/1.1	200 OK	background2.jpg static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/images/ Frame 5786	142 KB 142 KB	12ms 12ms	Image image/jpeg	87.250.134.17 ASN-IS
General Check archive.org Show headers Download Go to Show image Full URL http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/images/background2.jpg Requested by Host: static.safeofferz.com URL: http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/js/jquery-1.11.3.min.js Protocol HTTP/1.1 Server 87.250.134.17 , Netherlands, ASN15879 (ASN-IS, NL), Reverse DNS static.moportals.com Software nginx / Resource Hash `37a751df9353725b7e06bec81bc5c9f42c77c21701e4717465a13f4df5c0540d` Request headers Referer http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/css/style.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sat, 12 Aug 2017 03:42:44 GMT Via 1.1 varnish Last-Modified Mon, 17 Jul 2017 07:16:22 GMT Server nginx Age 1975021 ETag "596c6446-23667" Content-Type image/jpeg Cache-Control max-age=31536000 X-Varnish 1932168736 1861223592 Connection keep-alive Accept-Ranges bytes Content-Length 144999 Expires Fri, 20 Jul 2018 07:05:42 GMT
GET H/1.1	200 OK	background3.jpg static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/images/ Frame 5786	121 KB 121 KB	12ms 12ms	Image image/jpeg	87.250.134.17 ASN-IS
General Check archive.org Show headers Download Go to Show image Full URL http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/images/background3.jpg Requested by Host: static.safeofferz.com URL: http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/js/jquery-1.11.3.min.js Protocol HTTP/1.1 Server 87.250.134.17 , Netherlands, ASN15879 (ASN-IS, NL), Reverse DNS static.moportals.com Software nginx / Resource Hash `2949d919c1cbfea9a960e5a7a9fe4fe5086c1f9073c278d7e653980917a5a740` Request headers Referer http://static.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/css/style.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sat, 12 Aug 2017 03:42:44 GMT Via 1.1 varnish Last-Modified Mon, 17 Jul 2017 07:16:22 GMT Server nginx Age 1974400 ETag "596c6446-1e5f9" Content-Type image/jpeg Cache-Control max-age=31536000 X-Varnish 149299883 78511964 Connection keep-alive Accept-Ranges bytes Content-Length 124409 Expires Fri, 20 Jul 2018 07:16:04 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.safeofferz.com
URL: http://www.safeofferz.com/landing/de/all/revhunters/sexbadoo/mobi/?tid=4ctam8edxow0co88ks84os0o8,8555192,5,3545&ctrack=20563.4186190658

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

static.safeofferz.com
traffic.tc-clicks.com
www.safeofferz.com
www.safeofferz.com
87.250.134.11
87.250.134.15
87.250.134.17
0c34d2cd648bba5404af5cbe33952fa065b78a1d3389bebf458693e2bf6b6d50
2949d919c1cbfea9a960e5a7a9fe4fe5086c1f9073c278d7e653980917a5a740
37a751df9353725b7e06bec81bc5c9f42c77c21701e4717465a13f4df5c0540d
3f434ea4d225b9ce8ceffff00bcaa7a3b75b123b0d4c05421fa42ef0d9d6b475
5f52bdc1d144e5570bff39e7792f69fe9ce9fa89ba96a7d5623c2913d4b6b358
8aab7610a6265d03314d8609c278943c0ee4f085d68d8a8a8d3b1fdb73e22cb3
8f31c428593d808f5dd1697233414338d03fdc0f7f88334ef3be339efc2ebda2
9a5198a6ae263dcf3951db711d1b8f44ad74cc1b82d04ebba7ac8f37d89217c4
b59ac4883a31d6dd6b6bc6d3365557b38de8f101063e8f2384fca9d43a2aaefd
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

traffic.tc-clicks.com Open in urlscan Pro 87.250.134.15 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

4 IPs

1 Countries

467 kBTransfer

543 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

traffic.tc-clicks.com Open in urlscan Pro
87.250.134.15 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

467 kB
Transfer

543 kB
Size

0
Cookies

10 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!