click.e.nineware.org Open in urlscan Pro
50.3.179.184 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://click.e.nineware.org/?CmAzttK9&0mAtA&/mzf8ute&wmAThzQ&dp/B013ID263S/ref=strm_eo_80_nad_20_3.aspx
Submission: On October 19 via manual (October 19th 2017, 11:44:53 pm UTC) from US

Summary HTTP 53 Redirects Behaviour Indicators

Summary

This website contacted 20 IPs in 8 countries across 19 domains to perform 53 HTTP transactions. The main IP is 50.3.179.184, located in Frankfurt, Germany and belongs to SERVERHUB-PHOENIX - Eonix Corporation, US. The main domain is click.e.nineware.org.

This is the only time click.e.nineware.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	50.3.179.184 50.3.179.184	30693 (SERVERHUB...) (SERVERHUB-PHOENIX - Eonix Corporation)
1	192.41.73.93 192.41.73.93	13951 (CENTER-SEVEN) (CENTER-SEVEN - C7 Data Centers)
27	2400:cb00:204... 2400:cb00:2048:1::681b:a6d2	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	94.31.29.54 94.31.29.54	54104 (AS-NETDNA) (AS-NETDNA - netDNA)
1	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
3	2a00:1450:400... 2a00:1450:4001:819::200d	15169 (GOOGLE) (GOOGLE - Google Inc.)
1 1	2a00:1450:400... 2a00:1450:4001:819::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	91.190.219.145 91.190.219.145	198097 (SKYPE) (SKYPE)
3 3	194.132.198.98 194.132.198.98	43650 (SPOTIFY) (SPOTIFY)
1	194.132.198.118 194.132.198.118	43650 (SPOTIFY) (SPOTIFY)
1	104.244.42.193 104.244.42.193	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	2a03:2880:f22... 2a03:2880:f22d:c4:face:b00c:0:43fe	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY - Fastly)
1	104.108.56.129 104.108.56.129	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2620:100:6022... 2620:100:6022:1::a27d:4201	19679 (DROPBOX) (DROPBOX - Dropbox)
1	2.17.189.116 2.17.189.116	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	104.108.64.175 104.108.64.175	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2400:cb00:204... 2400:cb00:2048:1::6813:c066	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2400:cb00:204... 2400:cb00:2048:1::6818:6424	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
53	20

1 50.3.179.184 (Frankfurt, Germany)

ASN30693 (SERVERHUB-PHOENIX - Eonix Corporation, US)

click.e.nineware.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.41.73.93 (Riverton, United States)

ASN13951 (CENTER-SEVEN - C7 Data Centers, Inc., US)
PTR: 192-41-73-93.c7dc.com

pelesaf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2400:cb00:2048:1::681b:a6d2 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

nichesurveyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.54 (United Kingdom)

ASN54104 (AS-NETDNA - netDNA, US)
PTR: 94.31.29.54.IPYX-077437-ZYO.above.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:819::200d (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google Inc., US)

plus.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.190.219.145 (Luxembourg)

ASN198097 (SKYPE, LU)

login.skype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 194.132.198.98 (Japan) 3 redirects

ASN43650 (SPOTIFY, SE)
PTR: lon3-weblb-wg2000.lon3.spotify.com

www.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.132.198.118 (London, United Kingdom)

ASN43650 (SPOTIFY, SE)
PTR: lon3-weblb-wg9966.lon3.spotify.com

accounts.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.193 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f22d:c4:face:b00c:0:43fe (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.140 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.108.56.129 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-56-129.deploy.static.akamaitechnologies.com

www.expedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:6022:1::a27d:4201 (United States)

ASN19679 (DROPBOX - Dropbox, Inc., US)

www.dropbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.17.189.116 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)

www.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.108.64.175 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-64-175.deploy.static.akamaitechnologies.com

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6813:c066 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6818:6424 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

karconsulting.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	nichesurveyer.com nichesurveyer.com Failed	410 KB
4	spotify.com 3 redirects www.spotify.com accounts.spotify.com	4 KB
4	google.com 1 redirects accounts.google.com plus.google.com	550 B
2	facebook.com www.facebook.com staticxx.facebook.com Failed	66 B
1	karconsulting.us karconsulting.us	9 KB
1	facebook.net connect.facebook.net	62 KB
1	cloudflare.com cdnjs.cloudflare.com	10 KB
1	paypal.com www.paypal.com
1	amazon.com www.amazon.com
1	dropbox.com www.dropbox.com
1	expedia.com www.expedia.com
1	reddit.com www.reddit.com
1	instagram.com www.instagram.com
1	twitter.com twitter.com
1	skype.com login.skype.com
1	googleapis.com fonts.googleapis.com	353 B
1	jquery.com code.jquery.com	39 KB
1	pelesaf.com pelesaf.com Failed	141 B
1	nineware.org click.e.nineware.org	153 B
53	19

	Domain	Requested by
27	nichesurveyer.com	nichesurveyer.com
3	www.spotify.com	3 redirects
3	accounts.google.com	nichesurveyer.com
2	www.facebook.com	nichesurveyer.com connect.facebook.net
1	karconsulting.us	nichesurveyer.com
1	connect.facebook.net	nichesurveyer.com
1	cdnjs.cloudflare.com	nichesurveyer.com
1	www.paypal.com	nichesurveyer.com
1	www.amazon.com	nichesurveyer.com
1	www.dropbox.com	nichesurveyer.com
1	www.expedia.com	nichesurveyer.com
1	www.reddit.com	nichesurveyer.com
1	www.instagram.com	nichesurveyer.com
1	twitter.com	nichesurveyer.com
1	accounts.spotify.com	nichesurveyer.com
1	login.skype.com	nichesurveyer.com
1	plus.google.com	1 redirects
1	fonts.googleapis.com	nichesurveyer.com
1	code.jquery.com	nichesurveyer.com
1	pelesaf.com
1	click.e.nineware.org
0	staticxx.facebook.com Failed	connect.facebook.net
53	22

This site contains no links.

Subject Issuer	Validity	Valid
sni94980.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2017-10-19` - `2018-04-27`	6 months	crt.sh
code.jquery.com AlphaSSL CA - SHA256 - G2	`2017-07-25` - `2018-07-26`	a year	crt.sh
*.googleapis.com Google Internet Authority G2	`2017-10-10` - `2017-12-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2016-12-09` - `2018-01-25`	a year	crt.sh
accounts.google.com Google Internet Authority G2	`2017-10-10` - `2017-12-29`	3 months	crt.sh
login.skype.com Microsoft IT TLS CA 5	`2017-09-22` - `2019-09-22`	2 years	crt.sh
*.spotify.com DigiCert SHA2 Secure Server CA	`2017-05-16` - `2020-07-29`	3 years	crt.sh
twitter.com DigiCert SHA2 Extended Validation Server CA	`2017-07-25` - `2018-07-30`	a year	crt.sh
*.instagram.com DigiCert SHA2 High Assurance Server CA	`2016-12-10` - `2018-01-25`	a year	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2015-08-17` - `2018-08-21`	3 years	crt.sh
www.expedia.com GeoTrust SSL CA - G3	`2016-12-09` - `2017-12-31`	a year	crt.sh
www.dropbox.com DigiCert SHA2 Extended Validation Server CA	`2015-12-10` - `2017-12-13`	2 years	crt.sh
www.amazon.com Symantec Class 3 Secure Server CA - G4	`2017-10-06` - `2018-09-21`	a year	crt.sh
www.paypal.com Symantec Class 3 EV SSL CA - G3	`2017-09-22` - `2019-10-30`	2 years	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2017-05-27` - `2017-12-03`	6 months	crt.sh
sni79014.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2017-10-18` - `2018-04-26`	6 months	crt.sh

This page contains 6 frames:

Frame: http://pelesaf.com/?a=2&c=5328&p=m&s1=485302&s2=1zx4w
Frame ID: 27276.1
Requests: 2 HTTP requests in this frame

Frame: https://nichesurveyer.com/srv/ctr/n6/ix_info_logo.php?cid=&keyword=kohls&src=NAD-US-SUR-Kohls&tracker=in.quickredirectlink.com&region=Bayern&carrier=&model=Desktop&brand=Desktop&cc=us&ai=1&ft=2&pushn=1&sound=1&s_clickid=102ae9f9b3750bbb4861b13bf8ba6a&voluumdata=deprecated&eda=deprecated&cep=UTm5iJMbK5i8iiTK6A6_9fZjJK40kLNfs7hbkc09KO7VA4O8piamL6gmRBZIX_oPzHJ8WcNOHFc5EIsOXCld33yyMz5nCorT4P01dRv7cgtFXRUk58NQdgkw2dO7ES6R0pHuKG-6Wetio_9rWYvegHmflH0TPyHICk15Kj_hSnFyCwgMTeQCXs4rj9Vtj8lzZmsvU4gO9YcnGovt9vh23sTT3TF6VrDH8-eQh9pa5tD4FNNlDxlTYweUz1CQorVja4HzENEOH8shgl2iQrm4pjGPWaCt2bGAUJjeEo_WEkIbbckxPJP1qioZ_AUXMlU1Phw5jrtg5KhZXgq1TFeqKYDNkxaDin7fjvWg5Tw-Wa9CRCneH2nbc9WykGsDWxWjvSSkc0FEYCIEIPSJj1LQAJ5gj_kXz1GXKc1_CrYJN1HfxOi0WL8YWn8qY6qhYGC_VT15kCOIEdMdHupVtPEZQU-kGWFXZXjyoVZ3-hY0NAr22QWoco8IIR69c_f7x0JNxOem4yMIV7ODDCFzKcgMf598SgZkVo6CBtzyOJ1zGwBKbQN7h38bUHrAzYcy4zWLGNIcjR_fC33pgV50LzD6v2U0pIKGBmf2hNgoqf3OaZBpVHQht7jLVMdub0RANLSOaNgnlXZK95NbikTte1UhPbxKuMRx5OaPG4SEjGns4ijz8gsPSsCxupUpDmezZKglzAs8IJxT-AjN9eYgUHTAXVOaqBeYPvpEQ7HSnoRgvQUEO9KYpJVb8ojnA4RW5Q_b4rT-1e3q3Y9t9VRRQqGshd4TsPHmOcM7KRXCS-cbVeZFEUBykdyYh9_c41V7GzvODIb9e8QM7woxaIujelgV1t714SFFc-ApwlXkb-y0589oWdgc9rKUaTZRbH4rDRJUqmMcHElWpJLU5izK3iXwOagUkitimuKEnOP3slL8qT-QaEoH6yZ0bxLt0oxrFmV_8Iua_hHdpBHkzfvIkvBGzA&source=&c4=1102&c9=&c6=2&c7=485302&c8=1zx4w&dd=&cpc=0.54&clickid=102ae9f9b3750bbb4861b13bf8ba6a
Frame ID: 27294.1
Requests: 2 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/hsBwMj6iLmk.js?version=42
Frame ID: 27312.2
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.9/plugins/like.php?action=recommend&app_id=405670262806154&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FhsBwMj6iLmk.js%3Fversion%3D42%23cb%3Dfa8efcc5ff3e64%26domain%3Dnichesurveyer.com%26origin%3Dhttps%253A%252F%252Fnichesurveyer.com%252Ff36660acea865c8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2Ffacebook%2F&layout=standard&locale=en_US&sdk=joey&share=false&show_faces=true&size=small&width=400
Frame ID: 27312.3
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.9/plugins/like.php?action=recommend&app_id=405670262806154&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FhsBwMj6iLmk.js%3Fversion%3D42%23cb%3Df8627940fd7eac%26domain%3Dnichesurveyer.com%26origin%3Dhttps%253A%252F%252Fnichesurveyer.com%252Ff36660acea865c8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2Ffacebook%2F&layout=standard&locale=en_US&sdk=joey&share=false&show_faces=true&size=small&width=400
Frame ID: 27312.4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx(?:$|\?)/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

url /\.aspx(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /modernizr(?:-([\d.]*[\d]))?.*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

53
Requests

87 %
HTTPS

48 %
IPv6

19
Domains

22
Subdomains

20
IPs

8
Countries

531 kB
Transfer

1315 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://pranwtr.com/?a=2&c=5328&p=m&s1=485302&s2=1zx4w HTTP 302
https://pranwtr.com/?a=2&c=5328&p=m&s1=485302&s2=1zx4w&ckmguid=371c2557-df84-478e-818f-057a99fb000d HTTP 302
http://trk.saturnads.com/aff_c?offer_id=14&aff_id=1102&aff_sub=2&aff_sub2=485302&aff_sub3=1zx4w HTTP 302
http://in.quickredirectlink.com/454ba456-c4dd-4a15-8207-4793cd8e1c5f?src=NAD-US-SUR-Kohls&source=&keyword=kohls&c4=1102&c9=&c6=2&c7=485302&c8=1zx4w&dd=&s_clickid=102ae9f9b3750bbb4861b13bf8ba6a&cpc=0.54&clickid=102ae9f9b3750bbb4861b13bf8ba6a HTTP 302
https://nichesurveyer.com/run/run.php?url=https://nichesurveyer.com/srv/ctr/n6/ix_info_logo.php&cid=&keyword=kohls&src=NAD-US-SUR-Kohls&tracker=in.quickredirectlink.com&region=Bayern&carrier=&model=Desktop&brand=Desktop&cc=us&ai=1&ft=2&pushn=1&sound=1&s_clickid=102ae9f9b3750bbb4861b13bf8ba6a&voluumdata=deprecated&eda=deprecated&cep=UTm5iJMbK5i8iiTK6A6_9fZjJK40kLNfs7hbkc09KO7VA4O8piamL6gmRBZIX_oPzHJ8WcNOHFc5EIsOXCld33yyMz5nCorT4P01dRv7cgtFXRUk58NQdgkw2dO7ES6R0pHuKG-6Wetio_9rWYvegHmflH0TPyHICk15Kj_hSnFyCwgMTeQCXs4rj9Vtj8lzZmsvU4gO9YcnGovt9vh23sTT3TF6VrDH8-eQh9pa5tD4FNNlDxlTYweUz1CQorVja4HzENEOH8shgl2iQrm4pjGPWaCt2bGAUJjeEo_WEkIbbckxPJP1qioZ_AUXMlU1Phw5jrtg5KhZXgq1TFeqKYDNkxaDin7fjvWg5Tw-Wa9CRCneH2nbc9WykGsDWxWjvSSkc0FEYCIEIPSJj1LQAJ5gj_kXz1GXKc1_CrYJN1HfxOi0WL8YWn8qY6qhYGC_VT15kCOIEdMdHupVtPEZQU-kGWFXZXjyoVZ3-hY0NAr22QWoco8IIR69c_f7x0JNxOem4yMIV7ODDCFzKcgMf598SgZkVo6CBtzyOJ1zGwBKbQN7h38bUHrAzYcy4zWLGNIcjR_fC33pgV50LzD6v2U0pIKGBmf2hNgoqf3OaZBpVHQht7jLVMdub0RANLSOaNgnlXZK95NbikTte1UhPbxKuMRx5OaPG4SEjGns4ijz8gsPSsCxupUpDmezZKglzAs8IJxT-AjN9eYgUHTAXVOaqBeYPvpEQ7HSnoRgvQUEO9KYpJVb8ojnA4RW5Q_b4rT-1e3q3Y9t9VRRQqGshd4TsPHmOcM7KRXCS-cbVeZFEUBykdyYh9_c41V7GzvODIb9e8QM7woxaIujelgV1t714SFFc-ApwlXkb-y0589oWdgc9rKUaTZRbH4rDRJUqmMcHElWpJLU5izK3iXwOagUkitimuKEnOP3slL8qT-QaEoH6yZ0bxLt0oxrFmV_8Iua_hHdpBHkzfvIkvBGzA&source=&c4=1102&c9=&c6=2&c7=485302&c8=1zx4w&dd=&cpc=0.54&clickid=102ae9f9b3750bbb4861b13bf8ba6a HTTP 302
https://nichesurveyer.com/srv/ctr/n6/ix_info_logo.php?cid=&keyword=kohls&src=NAD-US-SUR-Kohls&tracker=in.quickredirectlink.com&region=Bayern&carrier=&model=Desktop&brand=Desktop&cc=us&ai=1&ft=2&pushn=1&sound=1&s_clickid=102ae9f9b3750bbb4861b13bf8ba6a&voluumdata=deprecated&eda=deprecated&cep=UTm5iJMbK5i8iiTK6A6_9fZjJK40kLNfs7hbkc09KO7VA4O8piamL6gmRBZIX_oPzHJ8WcNOHFc5EIsOXCld33yyMz5nCorT4P01dRv7cgtFXRUk58NQdgkw2dO7ES6R0pHuKG-6Wetio_9rWYvegHmflH0TPyHICk15Kj_hSnFyCwgMTeQCXs4rj9Vtj8lzZmsvU4gO9YcnGovt9vh23sTT3TF6VrDH8-eQh9pa5tD4FNNlDxlTYweUz1CQorVja4HzENEOH8shgl2iQrm4pjGPWaCt2bGAUJjeEo_WEkIbbckxPJP1qioZ_AUXMlU1Phw5jrtg5KhZXgq1TFeqKYDNkxaDin7fjvWg5Tw-Wa9CRCneH2nbc9WykGsDWxWjvSSkc0FEYCIEIPSJj1LQAJ5gj_kXz1GXKc1_CrYJN1HfxOi0WL8YWn8qY6qhYGC_VT15kCOIEdMdHupVtPEZQU-kGWFXZXjyoVZ3-hY0NAr22QWoco8IIR69c_f7x0JNxOem4yMIV7ODDCFzKcgMf598SgZkVo6CBtzyOJ1zGwBKbQN7h38bUHrAzYcy4zWLGNIcjR_fC33pgV50LzD6v2U0pIKGBmf2hNgoqf3OaZBpVHQht7jLVMdub0RANLSOaNgnlXZK95NbikTte1UhPbxKuMRx5OaPG4SEjGns4ijz8gsPSsCxupUpDmezZKglzAs8IJxT-AjN9eYgUHTAXVOaqBeYPvpEQ7HSnoRgvQUEO9KYpJVb8ojnA4RW5Q_b4rT-1e3q3Y9t9VRRQqGshd4TsPHmOcM7KRXCS-cbVeZFEUBykdyYh9_c41V7GzvODIb9e8QM7woxaIujelgV1t714SFFc-ApwlXkb-y0589oWdgc9rKUaTZRbH4rDRJUqmMcHElWpJLU5izK3iXwOagUkitimuKEnOP3slL8qT-QaEoH6yZ0bxLt0oxrFmV_8Iua_hHdpBHkzfvIkvBGzA&source=&c4=1102&c9=&c6=2&c7=485302&c8=1zx4w&dd=&cpc=0.54&clickid=102ae9f9b3750bbb4861b13bf8ba6a

Request Chain 20

https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0 HTTP 302
https://accounts.google.com/ServiceLogin?service=oz&passive=1209600&continue=https://plus.google.com/up/?continue%3Dhttps://www.google.com/intl/en/images/logos/accounts_logo.png%26type%3Dst%26gpsrc%3Dogpy0

Request Chain 22

https://www.spotify.com/en/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP 301
https://www.spotify.com/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP 302
https://www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP 302
https://accounts.spotify.com/de-DE/login/?continue=https%3A//www.spotify.com/favicon.ico

53 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
click.e.nineware.org/ 149 B
153 B 1253ms
868ms Document
text/html 50.3.179.184
Eonix Corporation

General

			Domain/Path	Expires	Name / Value
			nichesurveyer.com/	1970-01-01 00:00:00	Name: PHPSESSID Value: 1qj8sdoo0hkamhnauth04nsqi3
			.nichesurveyer.com/	1970-01-18 19:46:32	Name: __cfduid Value: d72a9ab7587a5b3c313237e7de6b172461508456684

Source	Level	URL Text
console-api	log	URL: https://karconsulting.us/api/javascripts/trackpush.js(Line 1) Message: Push notifications powered by pushNotifications. Learn more at pushNotifications.com
console-api	warning	URL: https://karconsulting.us/api/javascripts/trackpush.js(Line 1) Message: [PUSHNOTIFICATIONS] - Browser does not support push

Header	Value
Strict-Transport-Security	max-age=16000000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

click.e.nineware.org Open in urlscan Pro 50.3.179.184 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

53 Requests

87 %HTTPS

48 %IPv6

19 Domains

22 Subdomains

20 IPs

8 Countries

531 kBTransfer

1315 kBSize

2 Cookies

0 Outgoing links

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

click.e.nineware.org Open in urlscan Pro
50.3.179.184 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

87 %
HTTPS

48 %
IPv6

19
Domains

22
Subdomains

20
IPs

8
Countries

531 kB
Transfer

1315 kB
Size

2
Cookies

53 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!