cldrg.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 3 HTTP transactions. The main IP is 2a05:d018:483:6130:c386:82c4:1a2d:b043, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is cldrg.com.
TLS certificate: Issued by Amazon on April 22nd 2020. Valid for: a year.

This is the only time cldrg.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	216.146.38.125 216.146.38.125	33517 (DYNDNS) (DYNDNS)
1 2	2a05:d018:483... 2a05:d018:483:6130:c386:82c4:1a2d:b043	16509 (AMAZON-02) (AMAZON-02)
1	2a05:d018:483... 2a05:d018:483:6110:ec0e:b108:7f12:f2f9	16509 (AMAZON-02) (AMAZON-02)
1	35.190.66.152 35.190.66.152	15169 (GOOGLE) (GOOGLE)
3	3

1 216.146.38.125 (United States) 1 redirects

ASN33517 (DYNDNS, US)
PTR: webhop-iad.dyndns.com

s20s20.merseine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:483:6130:c386:82c4:1a2d:b043 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

cldrg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:483:6110:ec0e:b108:7f12:f2f9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

gdmconvtrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.66.152 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 152.66.190.35.bc.googleusercontent.com

www.gmmsafeads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	cldrg.com 1 redirects cldrg.com	4 KB
1	gmmsafeads.com www.gmmsafeads.com
1	gdmconvtrck.com gdmconvtrck.com	1 KB
1	merseine.com 1 redirects s20s20.merseine.com	188 B
3	4

	Domain	Requested by
2	cldrg.com	1 redirects
1	www.gmmsafeads.com	gdmconvtrck.com
1	gdmconvtrck.com	cldrg.com
1	s20s20.merseine.com	1 redirects
3	4

This site contains no links.

Subject Issuer	Validity	Valid
cldrf.com Amazon	`2020-04-22` - `2021-05-22`	a year	crt.sh
gdmconvtrck.com Amazon	`2020-03-21` - `2021-04-21`	a year	crt.sh
g33ktr4ck.com Go Daddy Secure Certificate Authority - G2	`2020-04-17` - `2021-03-26`	a year	crt.sh

This page contains 1 frames:

Frame: https://www.gmmsafeads.com/8LJN3/6JHXF/?uid=604&sub1=111364&sub2=&sub3=f63e920f99924a269ba615912bdea279e1c8
Frame ID: 7C214A27BA49FA16B687E0CFB398FD18
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://s20s20.merseine.com/ HTTP 302
https://cldrg.com/?a=111364&c=219698 Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

3
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

2 kB
Transfer

3 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://s20s20.merseine.com/ HTTP 302
https://cldrg.com/?a=111364&c=219698 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://cldrg.com/?a=111364&c=219698&oc=71209&sr=t&vt=1593520448261&h=b75e7e2264d6cacb2007cfc8116d48ddf873a84e&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D111364%26c%3D219698&us=5b841836ad174560bdb36876d900e263 HTTP 302
https://www.gmmsafeads.com/8LJN3/6JHXF/?uid=604&sub1=111364&sub2=&sub3=f63e920f99924a269ba615912bdea279e1c8

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response cldrg.com/ Redirect Chain http://s20s20.merseine.com/ https://cldrg.com/?a=111364&c=219698	2 KB 1 KB	122ms 30ms	Document text/html	2a05:d018:483:6130:c386:82c4:1a2d:b043 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cldrg.com/?a=111364&c=219698 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a05:d018:483:6130:c386:82c4:1a2d:b043 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash `eae2d771d61beb10ce8afe72d3162d72bf7e4d64003b53b8a852ee06412e6d8d` Request headers :method GET :authority cldrg.com :scheme https :path /?a=111364&c=219698 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Tue, 30 Jun 2020 12:34:08 GMT content-type text/html;charset=utf-8 server nginx vary Accept-Encoding cache-control no-cache, must-revalidate pragma no-cache expires Sat, 1 May 2020 12:00:00 GMT access-control-allow-origin * access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob content-encoding gzip Redirect headers Server nginx/0.7.67 Date Tue, 30 Jun 2020 12:34:08 GMT Transfer-Encoding chunked Connection close Location https://cldrg.com/?a=111364&c=219698
GET H2	200	user Show response gdmconvtrck.com/	1 KB 1 KB	119ms 34ms	Script text/javascript	2a05:d018:483:6110:ec0e:b108:7f12:f2f9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://gdmconvtrck.com/user?a=111364&c=219698 Requested by Host: cldrg.com URL: https://cldrg.com/?a=111364&c=219698 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a05:d018:483:6110:ec0e:b108:7f12:f2f9 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash `e526ceae2d707a6bc4d61c9f45b1dc7892e45a777ff9bae2802d3e284b6a389c` Request headers Referer https://cldrg.com/?a=111364&c=219698 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Tue, 30 Jun 2020 12:34:08 GMT content-encoding gzip server nginx status 200 vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type text/javascript;charset=utf-8 access-control-allow-origin , cache-control no-cache, must-revalidate access-control-allow-credentials true access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob expires Sat, 1 May 2020 12:00:00 GMT
GET H2	204	/ www.gmmsafeads.com/8LJN3/6JHXF/ Redirect Chain https://cldrg.com/?a=111364&c=219698&oc=71209&sr=t&vt=1593520448261&h=b75e7e2264d6cacb2007cfc8116d48ddf873a84e&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D111364%26c%3D219698&us=5b841836ad174560bdb36876d9... https://www.gmmsafeads.com/8LJN3/6JHXF/?uid=604&sub1=111364&sub2=&sub3=f63e920f99924a269ba615912bdea279e1c8	0 0	175ms 130ms	Document text/plain	35.190.66.152 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gmmsafeads.com/8LJN3/6JHXF/?uid=604&sub1=111364&sub2=&sub3=f63e920f99924a269ba615912bdea279e1c8 Requested by Host: gdmconvtrck.com URL: https://gdmconvtrck.com/user?a=111364&c=219698 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.66.152 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS 152.66.190.35.bc.googleusercontent.com Software nginx / Resource Hash Request headers :method GET :authority www.gmmsafeads.com :scheme https :path /8LJN3/6JHXF/?uid=604&sub1=111364&sub2=&sub3=f63e920f99924a269ba615912bdea279e1c8 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document referer https://cldrg.com/?a=111364&c=219698 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://cldrg.com/?a=111364&c=219698 Response headers status 204 server nginx date Tue, 30 Jun 2020 12:34:08 GMT vary Origin x-eflow-request-id def9d95e-b058-4720-ba87-448a0968b416 via 1.1 google alt-svc clear Redirect headers status 302 date Tue, 30 Jun 2020 12:34:08 GMT content-type text/html;charset=ISO-8859-1 location https://www.gmmsafeads.com/8LJN3/6JHXF/?uid=604&sub1=111364&sub2=&sub3=f63e920f99924a269ba615912bdea279e1c8 server nginx set-cookie gdm_suid_v2_1_001=IUnEwbXTDaeui3t0/1R9pN2jq6CsuLonqRD4RcvhMzZOSbWVYufQjFDZnyowCUX6; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/; Secure; SameSite=None gdm_click_adv_freq_v1_1_001=HSUfoXMu3hf0403QIr/sBCsnKnWbCuGSzQEMLKHx37SQHfNxZrvTjRda/NOITExR; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/ gdm_suid_v1_1_001=IUnEwbXTDaeui3t0/1R9pN2jq6CsuLonqRD4RcvhMzZOSbWVYufQjFDZnyowCUX6; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/ gdm_click_adv_freq_v2_1_001=HSUfoXMu3hf0403QIr/sBCsnKnWbCuGSzQEMLKHx37SQHfNxZrvTjRda/NOITExR; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/; Secure; SameSite=None gdm_click_freq_v2_1_001=JVOS/epIe/ftHRZSVyosbSP1dv3ps89z3sOCRLzfd1TIqzxxavyFZgl4M3ij1s+3; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/; Secure; SameSite=None gdm_uid_v2_1_001=IUnEwbXTDaeui3t0/1R9pN2jq6CsuLonqRD4RcvhMzZOSbWVYufQjFDZnyowCUX6; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/; Secure; SameSite=None gdm_sid_v1_3_001=9WQ1tdNC+BIJUODDETo4HIPszIEejmA7AifJY8EmmyZwz7kDWBZN6uXwPoDDb9/Cji7d+F2oYVI21Pu5M4s21atFdmVpuI0jmBQC4GmJD5iOG7zVUqLigSP/eEHcjZl2O0Oc9YrgDiKkNfC7IkEt55mZ+cqvMiuJH31es5Bz+bdjiT+uKRe0NuCFllWxBb7O5yhbF+hWWwK+TiLbFgpHV/IjQRVajMRVHAx5/WnGN9CnafJlCFigqvCbRzfWfPOoSkVm4Qmkg5H74xsEApHiFwTDeom1QU8/NprMGLo5cc5GK1SQy3Tpet18JBT+b15147Bkwv+nP7Pn5Tlp5fVxmeJ1Pa+2CkfCHye2CwsVzs6L2Pss9ATt2yFQO/RApbOAz696LET3aOI1xCXXj/f4zV5ricG1YyAX3BVnAWYtLN37dOpdcfXtJ0GqJ+A3fDHrHx+UfkLT1Gi8TP3DWc5PJk8T7gqGUL1O/OA1McWCSWBpCGEaevgaogzBHJ2gT0yLOOXaHkTHrpPDcYbn6Aqd+OxpEqbhxY114wMcBVLmirPpPs/RPrar306U7we5VKk2JNUqPx9uKrOybYBKP9rfIuJzf4hawe7/tNot4Nea0/f+It+tCUr72eaExyda45st5m7RJcwExlwbwsAmKk1DfwsEthUkxZ91LVjDmVNICSIXli8DS1uXV4T9RnYZsEgy/xnKxdgsvYFJq9a663BgcHL013U9Yjk7bBwY8okoe7J79kqclj2+yP1dVB4tjSbcQZc2zHYEXx9jPiBzWoLcB17dd35I+6QhuuGP/S/P1Nwjc29fVaw95utZnt0Ijc69SNj+AchkRovM64x+G4pm0LO8NW1GDpH+vFiDWOzDg+MRJIoD5CRNcF5Q283iROoTSFrl3sff33cpwpX8g+0S5mYrsyo5F7KCuXd0oWQsV3NIv3zoBmGzDxhZfQ8Qx3vczvdeUmaIr8l4+b6WSB0UW3oaxTAoRPayrTwk7LZqNJze8ldRkZvhaTxORH9WhOIDTRtjzJVI9Rb9i3eAQB7l+z11IbX3mGBeqkR15xqZvtMwJ103RE38202rdePGS7UNUU5WGwOziIPny+vTz8bPgQ==; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/ gdm_uid_v1_1_001=IUnEwbXTDaeui3t0/1R9pN2jq6CsuLonqRD4RcvhMzZOSbWVYufQjFDZnyowCUX6; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/ gdm_sid_v2_3_001=9WQ1tdNC+BIJUODDETo4HIPszIEejmA7AifJY8EmmyZwz7kDWBZN6uXwPoDDb9/Cji7d+F2oYVI21Pu5M4s21atFdmVpuI0jmBQC4GmJD5iOG7zVUqLigSP/eEHcjZl2O0Oc9YrgDiKkNfC7IkEt55mZ+cqvMiuJH31es5Bz+bdjiT+uKRe0NuCFllWxBb7O5yhbF+hWWwK+TiLbFgpHV/IjQRVajMRVHAx5/WnGN9CnafJlCFigqvCbRzfWfPOoSkVm4Qmkg5H74xsEApHiFwTDeom1QU8/NprMGLo5cc5GK1SQy3Tpet18JBT+b15147Bkwv+nP7Pn5Tlp5fVxmeJ1Pa+2CkfCHye2CwsVzs6L2Pss9ATt2yFQO/RApbOAz696LET3aOI1xCXXj/f4zV5ricG1YyAX3BVnAWYtLN37dOpdcfXtJ0GqJ+A3fDHrHx+UfkLT1Gi8TP3DWc5PJk8T7gqGUL1O/OA1McWCSWBpCGEaevgaogzBHJ2gT0yLOOXaHkTHrpPDcYbn6Aqd+OxpEqbhxY114wMcBVLmirPpPs/RPrar306U7we5VKk2JNUqPx9uKrOybYBKP9rfIuJzf4hawe7/tNot4Nea0/f+It+tCUr72eaExyda45st5m7RJcwExlwbwsAmKk1DfwsEthUkxZ91LVjDmVNICSIXli8DS1uXV4T9RnYZsEgy/xnKxdgsvYFJq9a663BgcHL013U9Yjk7bBwY8okoe7J79kqclj2+yP1dVB4tjSbcQZc2zHYEXx9jPiBzWoLcB17dd35I+6QhuuGP/S/P1Nwjc29fVaw95utZnt0Ijc69SNj+AchkRovM64x+G4pm0LO8NW1GDpH+vFiDWOzDg+MRJIoD5CRNcF5Q283iROoTSFrl3sff33cpwpX8g+0S5mYrsyo5F7KCuXd0oWQsV3NIv3zoBmGzDxhZfQ8Qx3vczvdeUmaIr8l4+b6WSB0UW3oaxTAoRPayrTwk7LZqNJze8ldRkZvhaTxORH9WhOIDTRtjzJVI9Rb9i3eAQB7l+z11IbX3mGBeqkR15xqZvtMwJ103RE38202rdePGS7UNUU5WGwOziIPny+vTz8bPgQ==; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/; Secure; SameSite=None gdm_click_freq_v1_1_001=JVOS/epIe/ftHRZSVyosbSP1dv3ps89z3sOCRLzfd1TIqzxxavyFZgl4M3ij1s+3; Expires=Mon, 28-Sep-2020 12:34:08 GMT; Path=/ content-language en-US access-control-allow-origin * access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| CDTracking

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cldrg.com
gdmconvtrck.com
s20s20.merseine.com
www.gmmsafeads.com
216.146.38.125
2a05:d018:483:6110:ec0e:b108:7f12:f2f9
2a05:d018:483:6130:c386:82c4:1a2d:b043
35.190.66.152
e526ceae2d707a6bc4d61c9f45b1dc7892e45a777ff9bae2802d3e284b6a389c
eae2d771d61beb10ce8afe72d3162d72bf7e4d64003b53b8a852ee06412e6d8d

cldrg.com Open in urlscan Pro 2a05:d018:483:6130:c386:82c4:1a2d:b043 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

2 kBTransfer

3 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

0 Cookies

Indicators

cldrg.com Open in urlscan Pro
2a05:d018:483:6130:c386:82c4:1a2d:b043 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

2 kB
Transfer

3 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions