go.9click.net Open in urlscan Pro
195.181.174.28 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://click.yourdailyemailbox.com/ga/click/2-6722237-56-826-2025-15677-9456a007cb-424f8ed5c0
Effective URL:
http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&...
Submission: On February 28 via manual (February 28th 2018, 9:07:43 am UTC) from SG

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 4 countries across 6 domains to perform 11 HTTP transactions. The main IP is 195.181.174.28, located in United Kingdom and belongs to CDN77, GB. The main domain is go.9click.net.

This is the only time go.9click.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	148.251.233.206 148.251.233.206	24940 (HETZNER-AS) (HETZNER-AS)
1 1	95.170.86.124 95.170.86.124	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
2 2	84.22.107.177 84.22.107.177	196752 (TILAA) (TILAA)
2 2	84.22.114.216 84.22.114.216	196752 (TILAA) (TILAA)
8	195.181.174.28 195.181.174.28	60068 (CDN77) (CDN77)
1	216.58.214.42 216.58.214.42	15169 (GOOGLE) (GOOGLE - Google LLC)
2	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE - Google LLC)
11	3

1 148.251.233.206 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: iris.alphabet-mail.com

click.yourdailyemailbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.170.86.124 (Netherlands) 1 redirects

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 95-170-86-124.colo.transip.net

www.fwd.mobi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 84.22.107.177 (Netherlands) 2 redirects

ASN196752 (TILAA, NL)
PTR: vps-11626-1633.cloud.tilaa.com

sem.e12.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 84.22.114.216 (Netherlands) 2 redirects

ASN196752 (TILAA, NL)
PTR: vps-11626-2882.cloud.tilaa.com

track.e12.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 195.181.174.28 (United Kingdom)

ASN60068 (CDN77, GB)
PTR: frankfurt-20.cdn77.com

go.9click.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.214.42 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s09-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.195 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s08-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	9click.net go.9click.net	446 KB
4	e12.be 4 redirects sem.e12.be track.e12.be	2 KB
2	gstatic.com fonts.gstatic.com	25 KB
1	googleapis.com fonts.googleapis.com	765 B
1	fwd.mobi 1 redirects www.fwd.mobi	502 B
1	yourdailyemailbox.com 1 redirects click.yourdailyemailbox.com	680 B
11	6

	Domain	Requested by
8	go.9click.net	go.9click.net
2	fonts.gstatic.com	go.9click.net
2	track.e12.be	2 redirects
2	sem.e12.be	2 redirects
1	fonts.googleapis.com	go.9click.net
1	www.fwd.mobi	1 redirects
1	click.yourdailyemailbox.com	1 redirects
11	7

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Frame ID: (4F00C24959B174894F358D1E81FE2B4)
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://click.yourdailyemailbox.com/ga/click/2-6722237-56-826-2025-15677-9456a007cb-424f8ed5c0 HTTP 302
http://www.fwd.mobi/a66?email=&first_name=&last_name=&phone=&country=&external_campaign_id=OL_20... HTTP 302
http://sem.e12.be/path/lp.php?trvid=10106&trvx=c57c4b5e&email=&first_name=&last_name=&phone=&c... HTTP 302
http://sem.e12.be/api/connector/thrive/create?trvid=10106&trvx=c57c4b5e&email=&first_name=&las... HTTP 302
http://track.e12.be/path/lp.php?trvid=10106&trvx=c57c4b5e&email=&first_name=&last_name=&phone=&c... HTTP 302
http://track.e12.be/path/302.php?d=aHR0cDovL2dvLjljbGljay5uZXQvbmwvc3dlZXAvYWxiZXJ0aGVpam4yL2luZ... HTTP 302
http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNum... Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

3
IPs

4
Countries

472 kB
Transfer

548 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://click.yourdailyemailbox.com/ga/click/2-6722237-56-826-2025-15677-9456a007cb-424f8ed5c0 HTTP 302
http://www.fwd.mobi/a66?email=&first_name=&last_name=&phone=&country=&external_campaign_id=OL_20180228 HTTP 302
http://sem.e12.be/path/lp.php?trvid=10106&trvx=c57c4b5e&email=&first_name=&last_name=&phone=&country=NL&source=ownlist&external_campaign_id=OL_20180228 HTTP 302
http://sem.e12.be/api/connector/thrive/create?trvid=10106&trvx=c57c4b5e&email=&first_name=&last_name=&phone=&country=NL&source=ownlist&external_campaign_id=OL_20180228 HTTP 302
http://track.e12.be/path/lp.php?trvid=10106&trvx=c57c4b5e&email=&first_name=&last_name=&phone=&country=NL&source=ownlist&external_campaign_id=OL_20180228 HTTP 302
http://track.e12.be/path/302.php?d=aHR0cDovL2dvLjljbGljay5uZXQvbmwvc3dlZXAvYWxiZXJ0aGVpam4yL2luZGV4Lmh0bWw/Zmlyc3ROYW1lPSZsYXN0TmFtZT0mZW1haWxBZGRyZXNzPSZwaG9uZU51bWJlcj0mY291bnRyeUNvZGU9Tkwmc3hpZD16ODE4ZW45YTg1dXU_1 HTTP 302
http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index.html Show response
go.9click.net/nl/sweep/albertheijn2/
Redirect Chain

http://click.yourdailyemailbox.com/ga/click/2-6722237-56-826-2025-15677-9456a007cb-424f8ed5c0
http://www.fwd.mobi/a66?email=&first_name=&last_name=&phone=&country=&external_campaign_id=OL_20180228
http://sem.e12.be/path/lp.php?trvid=10106&trvx=c57c4b5e&email=&first_name=&last_name=&phone=&country=NL&source=ownlist&external_campaign_id=OL_20180228
http://sem.e12.be/api/connector/thrive/create?trvid=10106&trvx=c57c4b5e&email=&first_name=&last_name=&phone=&country=NL&source=ownlist&external_campaign_id=OL_20180228
http://track.e12.be/path/lp.php?trvid=10106&trvx=c57c4b5e&email=&first_name=&last_name=&phone=&country=NL&source=ownlist&external_campaign_id=OL_20180228
http://track.e12.be/path/302.php?d=aHR0cDovL2dvLjljbGljay5uZXQvbmwvc3dlZXAvYWxiZXJ0aGVpam4yL2luZGV4Lmh0bWw/Zmlyc3ROYW1lPSZsYXN0TmFtZT0mZW1haWxBZGRyZXNzPSZwaG9uZU51bWJlcj0mY291bnRyeUNvZGU9Tkwmc3hpZD...
http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu

4 KB
2 KB

1128ms
20ms

Document
text/html

195.181.174.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Protocol: HTTP/1.1
Server: 195.181.174.28 , United Kingdom, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 3383ea6114fc6d53d1fecaf12818030fb53cc48b4907d773a634e1e6ecb80d0d

Request headers

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
Host: go.9click.net
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 28 Feb 2018 09:07:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Feb 2018 13:10:54 GMT
Server: CDN77-Turbo
X-Edge-Location: frankfurtDE
ETag: W/"5a8c1e5e-fbb"
Transfer-Encoding: chunked
X-Cache: REVALIDATED
Content-Type: text/html
Access-Control-Allow-Origin: *
X-Edge-IP: 195.181.174.20
Connection: keep-alive
X-Age: 1378

Redirect headers

location: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Date: Wed, 28 Feb 2018 09:07:31 GMT
Server: Apache/2.4.29 (Debian)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK lander1.css
go.9click.net/nl/sweep/albertheijn2/assets/ 6 KB
2 KB 27ms
26ms Stylesheet
text/css 195.181.174.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: http://go.9click.net/nl/sweep/albertheijn2/assets/lander1.css
Requested by: Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Protocol: HTTP/1.1
Server: 195.181.174.28 , United Kingdom, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: ca19aac30a10f1c04b765a4ec59a442660fb428ae5e83331ae699238503cf881

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: go.9click.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Connection: keep-alive
Cache-Control: no-cache
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 28 Feb 2018 09:07:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Feb 2018 13:10:54 GMT
Server: CDN77-Turbo
X-Edge-Location: frankfurtDE
ETag: W/"5a8c1e5e-1859"
Transfer-Encoding: chunked
X-Cache: REVALIDATED
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Edge-IP: 195.181.174.20
Connection: keep-alive
X-Age: 5942

GET
S 200 css
fonts.googleapis.com/ 5 KB
765 B 17ms
16ms Stylesheet
text/css 216.58.214.42
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700

Requested by

Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu

Protocol

SPDY

Server

216.58.214.42 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s09-in-f10.1e100.net

Software

ESF /

Resource Hash

5d08b9d421e23c22fbc28de2090a689a571946c3f845be3330fe21212b632f8a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Wed, 28 Feb 2018 09:07:32 GMT
content-encoding: gzip
last-modified: Wed, 28 Feb 2018 09:07:32 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
x-xss-protection: 1; mode=block
expires: Wed, 28 Feb 2018 09:07:32 GMT

GET
H/1.1 200
OK normalize.css
go.9click.net/nl/sweep/albertheijn2/assets/ 7 KB
3 KB 27ms
21ms Stylesheet
text/css 195.181.174.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: http://go.9click.net/nl/sweep/albertheijn2/assets/normalize.css
Requested by: Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Protocol: HTTP/1.1
Server: 195.181.174.28 , United Kingdom, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: cbd7e3958eec849f55f0965ee5fc0a9750b7174e4e0e70a9f8b441aa3d9c40a8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: go.9click.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Connection: keep-alive
Cache-Control: no-cache
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 28 Feb 2018 09:07:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Feb 2018 13:10:54 GMT
Server: CDN77-Turbo
X-Edge-Location: frankfurtDE
ETag: W/"5a8c1e5e-1d50"
Transfer-Encoding: chunked
X-Cache: REVALIDATED
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Edge-IP: 195.181.174.20
Connection: keep-alive
X-Age: 5942

GET
H/1.1 200
OK voucher.png
go.9click.net/nl/sweep/albertheijn2/assets/images/ 133 KB
133 KB 34ms
28ms Image
image/png 195.181.174.28
CDN77

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://go.9click.net/nl/sweep/albertheijn2/assets/images/voucher.png
Requested by: Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Protocol: HTTP/1.1
Server: 195.181.174.28 , United Kingdom, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 0b363d62df067c4cf2d9e7c0d8e7ae5f01a98847f89f45948b8cbfd71efbac71

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: go.9click.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Connection: keep-alive
Cache-Control: no-cache
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 28 Feb 2018 09:07:32 GMT
Last-Modified: Tue, 20 Feb 2018 13:10:56 GMT
Server: CDN77-Turbo
X-Edge-Location: frankfurtDE
ETag: "5a8c1e60-2123b"
X-Cache: REVALIDATED
Content-Type: image/png
Access-Control-Allow-Origin: *
X-Edge-IP: 195.181.174.20
Connection: keep-alive
Accept-Ranges: bytes
X-Age: 5942
Content-Length: 135739

GET
H/1.1 200
OK check.png
go.9click.net/nl/sweep/albertheijn2/assets/images/ 1 KB
2 KB 26ms
20ms Image
image/png 195.181.174.28
CDN77

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://go.9click.net/nl/sweep/albertheijn2/assets/images/check.png
Requested by: Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Protocol: HTTP/1.1
Server: 195.181.174.28 , United Kingdom, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 54685db07aca72f8729aafc7d545ad6cd2804361d9d1960a48c20a5bc02967f9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: go.9click.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Connection: keep-alive
Cache-Control: no-cache
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 28 Feb 2018 09:07:32 GMT
Last-Modified: Tue, 20 Feb 2018 13:10:55 GMT
Server: CDN77-Turbo
X-Edge-Location: frankfurtDE
ETag: "5a8c1e5f-5c5"
X-Cache: REVALIDATED
Content-Type: image/png
Access-Control-Allow-Origin: *
X-Edge-IP: 195.181.174.20
Connection: keep-alive
Accept-Ranges: bytes
X-Age: 5942
Content-Length: 1477

GET
H/1.1 200
OK jquery.min.js Show response
go.9click.net/nl/sweep/albertheijn2/assets/ 94 KB
33 KB 30ms
29ms Script
application/javascript 195.181.174.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: http://go.9click.net/nl/sweep/albertheijn2/assets/jquery.min.js
Requested by: Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Protocol: HTTP/1.1
Server: 195.181.174.28 , United Kingdom, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: go.9click.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Connection: keep-alive
Cache-Control: no-cache
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 28 Feb 2018 09:07:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Feb 2018 13:10:54 GMT
Server: CDN77-Turbo
X-Edge-Location: frankfurtDE
ETag: W/"5a8c1e5e-1787d"
Transfer-Encoding: chunked
X-Cache: REVALIDATED
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-Edge-IP: 195.181.174.20
Connection: keep-alive
X-Age: 5942

GET
H/1.1 200
OK questions.js Show response
go.9click.net/nl/sweep/albertheijn2/assets/ 2 KB
1 KB 21ms
21ms Script
application/javascript 195.181.174.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: http://go.9click.net/nl/sweep/albertheijn2/assets/questions.js
Requested by: Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Protocol: HTTP/1.1
Server: 195.181.174.28 , United Kingdom, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 26194667b776a417e5657355c9ab34fbd858e1fc0d3336930c7a44fd5eb293e9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: go.9click.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Connection: keep-alive
Cache-Control: no-cache
Referer: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 28 Feb 2018 09:07:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Feb 2018 13:10:54 GMT
Server: CDN77-Turbo
X-Edge-Location: frankfurtDE
ETag: W/"5a8c1e5e-98e"
Transfer-Encoding: chunked
X-Cache: REVALIDATED
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-Edge-IP: 195.181.174.20
Connection: keep-alive
X-Age: 5942

GET
H/1.1 200
OK background.jpg
go.9click.net/nl/sweep/albertheijn2/assets/images/ 270 KB
270 KB 30ms
28ms Image
image/jpeg 195.181.174.28
CDN77

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://go.9click.net/nl/sweep/albertheijn2/assets/images/background.jpg
Requested by: Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu
Protocol: HTTP/1.1
Server: 195.181.174.28 , United Kingdom, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 255c45285ab1a32f53a07c7f5d4512a212b9fe57ba117163bde7e50ca19479cc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: go.9click.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://go.9click.net/nl/sweep/albertheijn2/assets/lander1.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://go.9click.net/nl/sweep/albertheijn2/assets/lander1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 28 Feb 2018 09:07:32 GMT
Last-Modified: Tue, 20 Feb 2018 13:10:55 GMT
Server: CDN77-Turbo
X-Edge-Location: frankfurtDE
ETag: "5a8c1e5f-43731"
X-Cache: REVALIDATED
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Edge-IP: 195.181.174.20
Connection: keep-alive
Accept-Ranges: bytes
X-Age: 5942
Content-Length: 276273

GET
S 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v11/ 12 KB
12 KB 7ms
6ms Font
font/woff2 172.217.16.195
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2

Requested by

Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu

Protocol

SPDY

Server

172.217.16.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

sffe /

Resource Hash

a0066433a645f196eb0ece299c86dc27a5c74dbe2cae7ae6d9211c1549a92085

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700
Origin: http://go.9click.net

Response headers

date: Fri, 23 Feb 2018 11:30:55 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:26:10 GMT
server: sffe
age: 423397
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 12600
x-xss-protection: 1; mode=block
expires: Sat, 23 Feb 2019 11:30:55 GMT

GET
S 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v11/ 13 KB
13 KB 7ms
4ms Font
font/woff2 172.217.16.195
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v11/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2

Requested by

Host: go.9click.net
URL: http://go.9click.net/nl/sweep/albertheijn2/index.html?firstName=&lastName=&emailAddress=&phoneNumber=&countryCode=NL&sxid=z818en9a85uu

Protocol

SPDY

Server

172.217.16.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

sffe /

Resource Hash

547ea67155dac1c27efb550426c4848b7364357ed040fd531719c4797e356a1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700
Origin: http://go.9click.net

Response headers

date: Mon, 12 Feb 2018 14:31:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:25:48 GMT
server: sffe
age: 1362953
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 12960
x-xss-protection: 1; mode=block
expires: Tue, 12 Feb 2019 14:31:39 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.yourdailyemailbox.com
fonts.googleapis.com
fonts.gstatic.com
go.9click.net
sem.e12.be
track.e12.be
www.fwd.mobi
148.251.233.206
172.217.16.195
195.181.174.28
216.58.214.42
84.22.107.177
84.22.114.216
95.170.86.124
0b363d62df067c4cf2d9e7c0d8e7ae5f01a98847f89f45948b8cbfd71efbac71
255c45285ab1a32f53a07c7f5d4512a212b9fe57ba117163bde7e50ca19479cc
26194667b776a417e5657355c9ab34fbd858e1fc0d3336930c7a44fd5eb293e9
3383ea6114fc6d53d1fecaf12818030fb53cc48b4907d773a634e1e6ecb80d0d
54685db07aca72f8729aafc7d545ad6cd2804361d9d1960a48c20a5bc02967f9
547ea67155dac1c27efb550426c4848b7364357ed040fd531719c4797e356a1d
5d08b9d421e23c22fbc28de2090a689a571946c3f845be3330fe21212b632f8a
a0066433a645f196eb0ece299c86dc27a5c74dbe2cae7ae6d9211c1549a92085
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
ca19aac30a10f1c04b765a4ec59a442660fb428ae5e83331ae699238503cf881
cbd7e3958eec849f55f0965ee5fc0a9750b7174e4e0e70a9f8b441aa3d9c40a8

go.9click.net Open in urlscan Pro 195.181.174.28 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

6 Domains

7 Subdomains

3 IPs

4 Countries

472 kBTransfer

548 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

0 Cookies

Indicators

go.9click.net Open in urlscan Pro
195.181.174.28 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

3
IPs

4
Countries

472 kB
Transfer

548 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!