urlscan.io logo urlscan.io
SecurityTrails logo

tq.ngcluster-d.site Open in urlscan Pro
173.239.53.32  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.sslvpn.shoelover.com/
Effective URL: https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=182677043...
Submission: On December 16 via automatic, source certstream-suspicious — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 15 HTTP transactions. The main IP is 173.239.53.32, located in New York, United States and belongs to WEBAIR-INTERNET, US. The main domain is tq.ngcluster-d.site.
TLS certificate: Issued by R11 on October 25th 2024. Valid for: 3 months.
This is the only time tq.ngcluster-d.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 13.248.148.254 16509 (AMAZON-02)
1 2600:9000:28a... 16509 (AMAZON-02)
1 2 54.205.42.70 14618 (AMAZON-AES)
1 2 3.33.192.145 16509 (AMAZON-02)
2 130.211.29.114 396982 (GOOGLE-CL...)
4 35.241.15.240 396982 (GOOGLE-CL...)
1 2 173.239.53.32 27257 (WEBAIR-IN...)
15 8
4    13.248.148.254 (United States)

ASN16509 (AMAZON-02, US)
PTR: aba1c1ff9d2ec5376.awsglobalaccelerator.com
www.sslvpn.shoelover.com
1    2600:9000:28ac:3400:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)
d38psrni17bvxu.cloudfront.net
2    54.205.42.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-42-70.compute-1.amazonaws.com
iunia-eap.com
2    3.33.192.145 (United States)

ASN16509 (AMAZON-02, US)
PTR: ab226b763647f1870.awsglobalaccelerator.com
wedlore-c.click
2    130.211.29.114 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 114.29.211.130.bc.googleusercontent.com
cdn.perfdrive.com
4    35.241.15.240 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.15.241.35.bc.googleusercontent.com
cas.avalon.perfdrive.com
2    173.239.53.32 (New York, United States)

ASN27257 (WEBAIR-INTERNET, US)
xml-v4.ngcluster-d.site
tq.ngcluster-d.site
Apex Domain
Subdomains		 Transfer
6 perfdrive.com
cdn.perfdrive.com — Cisco Umbrella Rank: 42639
cas.avalon.perfdrive.com — Cisco Umbrella Rank: 12953
99 KB
4 shoelover.com
www.sslvpn.shoelover.com
2 KB
2 ngcluster-d.site
xml-v4.ngcluster-d.site
tq.ngcluster-d.site
16 KB
2 wedlore-c.click
wedlore-c.click
21 KB
2 iunia-eap.com
iunia-eap.com
4 KB
1 cloudfront.net
d38psrni17bvxu.cloudfront.net
1 KB
0 flfdatings.com Failed
flfdatings.com Failed
15 7
Domain Requested by
4 cas.avalon.perfdrive.com cdn.perfdrive.com
4 www.sslvpn.shoelover.com d38psrni17bvxu.cloudfront.net
www.sslvpn.shoelover.com
2 cdn.perfdrive.com wedlore-c.click
tq.ngcluster-d.site
2 wedlore-c.click 1 redirects iunia-eap.com
2 iunia-eap.com 1 redirects www.sslvpn.shoelover.com
1 tq.ngcluster-d.site wedlore-c.click
1 xml-v4.ngcluster-d.site 1 redirects
1 d38psrni17bvxu.cloudfront.net www.sslvpn.shoelover.com
0 flfdatings.com Failed
15 9

This site contains links to these domains. Also see Links.

Domain
xml-v4.ngcluster-d.site
Subject Issuer Validity Valid
www.sslvpn.shoelover.com
R11		 2024-12-16 -
2025-03-16		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
iunia-eap.com
Amazon RSA 2048 M03		 2024-11-27 -
2025-12-26		 a year crt.sh
wedlore-c.click
Amazon RSA 2048 M03		 2024-11-18 -
2025-12-17		 a year crt.sh
*.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2024-09-20 -
2025-09-26		 a year crt.sh
cas.avalon.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2024-07-26 -
2025-08-05		 a year crt.sh
ngcluster-d.site
R11		 2024-10-25 -
2025-01-23		 3 months crt.sh

This page contains 1 frames:

Frame: https://flfdatings.com/?sub1=6760a7c79e149f0001124142&sub2=ons_52456&sub3=&affiliate_id=7603&source=ons_52456
Frame ID: A43117996C413AA692EDA1B890CC5CD2
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.sslvpn.shoelover.com/ Page URL
  2. https://iunia-eap.com/zclkvisitor/01dc1d13-bbfc-11ef-b046-0affe790322f/1304ac30-8585-11eb-af9e-0a5... Page URL
  3. https://iunia-eap.com/zclkredirect?visitid=01dc1d13-bbfc-11ef-b046-0affe790322f&type=js&browserWid... HTTP 302
    http://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE HTTP 307
    https://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE Page URL
  4. https://wedlore-c.click/api/v1/pxcheck?impId=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE&minfo=eyJjb29r... HTTP 302
    http://xml-v4.ngcluster-d.site/click?seat=3107750&i=WGfblb2vJHI_0 HTTP 307
    https://xml-v4.ngcluster-d.site/click?seat=3107750&i=WGfblb2vJHI_0 HTTP 302
    https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-63729331559... Page URL

Page Statistics

15
Requests

93 %
HTTPS

14 %
IPv6

7
Domains

9
Subdomains

8
IPs

2
Countries

142 kB
Transfer

379 kB
Size

27
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.sslvpn.shoelover.com/ Page URL
  2. https://iunia-eap.com/zclkvisitor/01dc1d13-bbfc-11ef-b046-0affe790322f/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=01e65643-bbfc-11ef-b046-0affe790322f Page URL
  3. https://iunia-eap.com/zclkredirect?visitid=01dc1d13-bbfc-11ef-b046-0affe790322f&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
    http://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE HTTP 307
    https://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE Page URL
  4. https://wedlore-c.click/api/v1/pxcheck?impId=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE&minfo=eyJjb29raWVEaXNhYmxlZCI6ZmFsc2UsInVhIjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTMxLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJpZnJhbWUiOmZhbHNlLCJkZXZpY2VQaXhlbFJhdGlvIjoxLCJ3bmRMb2NIcmVmIjoiaHR0cHM6Ly93ZWRsb3JlLWMuY2xpY2svYXBpL3YxL3B4P3htbGlkPVZCcWgxdXMwWWRYdDZXQzRIVTBuWmpkTkhnaTBCa0MzZXhHZFhKTkUiLCJkZXZpY2VTcmVlblNpemUiOiIxMjAweDE2MDAiLCJkZXZpY2VXaW5kb3dTaXplIjoiMTIwMHgxNjAwIiwid25kMnNyY1JhdGlvTHdyMDYiOmZhbHNlLCJlZmZlY3RpdmVUeXBlIjoiNGciLCJ0eiI6NjAwLCJ0ekludGwiOiJQYWNpZmljL0hvbm9sdWx1IiwiaXNCb3QiOmZhbHNlLCJmQm90TmFtZSI6IiIsImZSZWFzb25zIjoiIn0= HTTP 302
    http://xml-v4.ngcluster-d.site/click?seat=3107750&i=WGfblb2vJHI_0 HTTP 307
    https://xml-v4.ngcluster-d.site/click?seat=3107750&i=WGfblb2vJHI_0 HTTP 302
    https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://iunia-eap.com/zclkredirect?visitid=01dc1d13-bbfc-11ef-b046-0affe790322f&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
  • http://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE HTTP 307
  • https://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE
Request Chain 14
  • https://xml-v4.ngcluster-d.site/click2?i=WGfblb2vJHI_0&ci=-6372933155935424926&j=rv%3Db%26ss%3D1600x1200%26ws%3D1600x1200%26wp%3D110x110%26ce%3D1%26ck%3Djc%26cv%3D5788%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D2%26rf%3D%26lo%3Dtq.ngcluster-d.site%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28X11%253B%2BLinux%2Bx86_64%29%2BAppleWebKit%252F537.36%2B%28KHTML%252C%2Blike%2BGecko%29%2BChrome%252F131.0.0.0%2BSafari%252F537.36%26tp%3D104%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26er%3D%26shs%3D%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D1%26frc%3D1%26dbt%3D0%26prb%3D20030107%26tz%3D600%26hid%3D0%26mq%3D1%26my%3D8%26geo%3D1%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3D%26hwc%3D48%26hrl%3D%26acd%3Dpppmp%26vcd%3Dnpp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1600x1200%26wout%3D1600x1285%26wpof%3D0x0%26bcld%3D1584x18%26scrp%3D110x110%26scrad%3D1600x1200%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D53%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DIntel%2BInc.%26vrd%3DIntel%2BIris%2BOpenGL%2BEngine%26pnt%3Dprompt%26cnvs%3D80808080%26bch%3D1%26blv%3D1%26mmd_ao%3D3%26mmd_ai%3D3%26mmd_vi%3D1 HTTP 302
  • http://8cays.bemobtrcks.com/go/f3bef66f-e939-4577-bb90-7fc0466f4093?bid=0.0055&conversion=p47LD1co7mI&source_subid=8fbbbf1c7eb7478ba831b4ea0&campaign=1569164&search_referrer_domain=shoelover.com&pubfeed=314622&query=shoelover.com%252Cshoelover%252Ccom&carrier=Verizon+Internet+Services&state=ny&banner=6733385&ip=208.252.80.64 HTTP 307
  • https://8cays.bemobtrcks.com/go/f3bef66f-e939-4577-bb90-7fc0466f4093?bid=0.0055&conversion=p47LD1co7mI&source_subid=8fbbbf1c7eb7478ba831b4ea0&campaign=1569164&search_referrer_domain=shoelover.com&pubfeed=314622&query=shoelover.com%252Cshoelover%252Ccom&carrier=Verizon+Internet+Services&state=ny&banner=6733385&ip=208.252.80.64 HTTP 302
  • https://www1.affhone.fyi/click?pid=52456&offer_id=25&sub1=Th3pHqvR9DHzU2762kzzmO&sub1=Th3pHqvR9DHzU2762kzzmO HTTP 302
  • https://m.bingdone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6760a7c63bf465000154fb20&affpid=52456&action_id=USdesktop&referrer=https%3A%2F%2Ftq.ngcluster-d.site%2Ffilter%3Fq%3Dshoelover.com%25252Cshoelover%25252Ccom%26i%3DWGfblb2vJHI_0%26ci%3D-6372933155935424926%26t%3D1826770431%26h%3D32&sub1=Th3pHqvR9DHzU2762kzzmO&sub2=&sub3=&sub4=&sub5=&sub6= HTTP 302
  • https://tracking.boingooingo.com/click?pid=7603&offer_id=4620&sub1=199edmyghoj4k3y655&sub2=ons_52456 HTTP 302
  • https://flfdatings.com/?sub1=6760a7c79e149f0001124142&sub2=ons_52456&sub3=&affiliate_id=7603&source=ons_52456

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.sslvpn.shoelover.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.sslvpn.shoelover.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.248.148.254 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aba1c1ff9d2ec5376.awsglobalaccelerator.com
Software
Caddy nginx /
Resource Hash
a24fc8e74c26c3cb77327d2281070c07121a3a8e3fd9071ff518f3c057415d42

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
accept-ch-lifetime
30
alt-svc
h3=":50944"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 16 Dec 2024 22:20:51 GMT
server
Caddy nginx
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_e8dT9s1fMxbISRKeBKk/q42ecvROpP3dOX/1grtiAESGI3yZwX+AsyKayyWI6Lyrfqh5cdnTOxefYhJRPUyhHw==
x-domain
shoelover.com
x-pcrew-blocked-reason
x-pcrew-ip-organization
Verizon Internet Services
x-redirect
zeropark_zeroclick
x-subdomain
www.sslvpn
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: www.sslvpn.shoelover.com
URL: https://www.sslvpn.shoelover.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28ac:3400:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.sslvpn.shoelover.com/

Response headers

etag
"65fc1e7b-448"
age
14968
via
1.1 72d22463757809230afbfffdc6e24584.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
1096
x-amz-cf-id
MjsdrI67_lizu74nCxVKoOTnAq_g_j_tGV4gCsQsy_kEMAg8cOiT1w==
date
Mon, 16 Dec 2024 18:11:23 GMT
content-type
application/javascript
last-modified
Thu, 21 Mar 2024 11:48:11 GMT
server
nginx
x-amz-cf-pop
IAD12-P5
track.php
www.sslvpn.shoelover.com/ 		0
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sslvpn.shoelover.com/track.php?domain=shoelover.com&toggle=browserjs&uid=MTczNDM4NzY1MC44NzU6MjE4ZWJkMTczMmQ0ODI2YzBmMjdiYTliZjMxZDM3OTUwY2JiY2VhOGU0YzRiYzJjMzE5Y2VjNTJiM2QzY2IwMDo2NzYwYTdjMmQ1YTFk
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.248.148.254 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aba1c1ff9d2ec5376.awsglobalaccelerator.com
Software
Caddy, nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

viewport-width
1600
ect
4g
Referer
https://www.sslvpn.shoelover.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
rtt
200
downlink
10

Response headers

content-encoding
gzip
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
browserjs
access-control-allow-origin
*
alt-svc
h3=":50944"; ma=2592000
date
Mon, 16 Dec 2024 22:20:51 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
Caddy, nginx
ls.php
www.sslvpn.shoelover.com/ 		16 B
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sslvpn.shoelover.com/ls.php?t=6760a7c3&token=3d95886f8393e898005947e09be12c1f79d89817
Requested by
Host: www.sslvpn.shoelover.com
URL: https://www.sslvpn.shoelover.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.248.148.254 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aba1c1ff9d2ec5376.awsglobalaccelerator.com
Software
Caddy, nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://www.sslvpn.shoelover.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
rtt
200
downlink
10

Response headers

access-control-max-age
86400
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
access-control-allow-methods
POST, OPTIONS
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Ja8jtFr4CYOnVHpD12PQDg2rpAVZl/mkco2vEU0y5KnCq2WySp8Ij6+glcPyuTSOj4yJyoXXCYJo6MmQxfqumw==
accept-ch-lifetime
30
access-control-allow-origin
alt-svc
h3=":50944"; ma=2592000
date
Mon, 16 Dec 2024 22:20:51 GMT
charset
utf-8
content-type
text/javascript;charset=UTF-8
server
Caddy, nginx
track.php
www.sslvpn.shoelover.com/ 		0
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sslvpn.shoelover.com/track.php?click=ebb9b42512f72baed1564645e211bafbf98403b3&domain=shoelover.com&uid=MTczNDM4NzY1MC44NzU6MjE4ZWJkMTczMmQ0ODI2YzBmMjdiYTliZjMxZDM3OTUwY2JiY2VhOGU0YzRiYzJjMzE5Y2VjNTJiM2QzY2IwMDo2NzYwYTdjMmQ1YTFk&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDg4LGJ1Y2tldDA4OSxidWNrZXQwNzd8fHx8fHw2NzYwYTdjMmQ1OWQ0fHx8MTczNDM4NzY1MS4wMDM0fDE4MGVkZGZhYjZmMjM4NmYyYThlMDYxZGIzNzI0NTY2ZTY0ZjQyYzB8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwzZDk1ODg2ZjgzOTNlODk4MDA1OTQ3ZTA5YmUxMmMxZjc5ZDg5ODE3fDB8fDB8MHx8fHw%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.248.148.254 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aba1c1ff9d2ec5376.awsglobalaccelerator.com
Software
Caddy, nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://www.sslvpn.shoelover.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
rtt
200
downlink
10

Response headers

x-view-match
true
content-encoding
gzip
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
none
access-control-allow-origin
*
alt-svc
h3=":50944"; ma=2592000
date
Mon, 16 Dec 2024 22:20:51 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
Caddy, nginx
1304ac30-8585-11eb-af9e-0a51339b19df
iunia-eap.com/zclkvisitor/01dc1d13-bbfc-11ef-b046-0affe790322f/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://iunia-eap.com/zclkvisitor/01dc1d13-bbfc-11ef-b046-0affe790322f/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=01e65643-bbfc-11ef-b046-0affe790322f
Requested by
Host: www.sslvpn.shoelover.com
URL: https://www.sslvpn.shoelover.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.42.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-42-70.compute-1.amazonaws.com
Software
/
Resource Hash
b92b62e4fb1191dd62d392b8193002825017f0592333a96102578d798c85abe8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://www.sslvpn.shoelover.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
3088
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Mon, 16 Dec 2024 22:20:52 GMT
px
wedlore-c.click/api/v1/
Redirect Chain
  • https://iunia-eap.com/zclkredirect?visitid=01dc1d13-bbfc-11ef-b046-0affe790322f&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
  • http://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE
  • https://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE
90 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE
Requested by
Host: iunia-eap.com
URL: https://iunia-eap.com/zclkvisitor/01dc1d13-bbfc-11ef-b046-0affe790322f/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=01e65643-bbfc-11ef-b046-0affe790322f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.192.145 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ab226b763647f1870.awsglobalaccelerator.com
Software
/
Resource Hash
8a931937bf657c20582b4a22f47b0c7710bba9229688ec1e8135e11727df76cc

Request headers

Referer
https://iunia-eap.com/zclkvisitor/01dc1d13-bbfc-11ef-b046-0affe790322f/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=01e65643-bbfc-11ef-b046-0affe790322f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 22:20:52 GMT
etag
W/"1698d-w+0T/kpX7pNCwNamQk7rvc3syrI"
vary
Accept-Encoding

Redirect headers

Location
https://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE
Non-Authoritative-Reason
HttpsUpgrades
stormcaster.js
cdn.perfdrive.com/advanced/ 		240 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perfdrive.com/advanced/stormcaster.js
Requested by
Host: wedlore-c.click
URL: https://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.29.114 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
114.29.211.130.bc.googleusercontent.com
Software
nginx/1.10.1 /
Resource Hash
06355098292635455e261866d3ae12f98ce81e3dac79295425ed5863e823e79f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://wedlore-c.click/

Response headers

cache-control
max-age=3600,public
content-encoding
gzip
etag
W/"674e9704-3bf3a"
age
3081
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
91395
date
Mon, 16 Dec 2024 21:29:31 GMT
last-modified
Tue, 03 Dec 2024 05:28:36 GMT
content-type
application/javascript
server
nginx/1.10.1
vary
Accept-Encoding
jsdata
cas.avalon.perfdrive.com/ 		360 B
419 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/advanced/stormcaster.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://wedlore-c.click/

Response headers

via
1.1 google
x-response-time
11ms
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
360
date
Mon, 16 Dec 2024 22:20:52 GMT
content-type
text/plain; charset=UTF-8
jsdata
cas.avalon.perfdrive.com/ 		198 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/advanced/stormcaster.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://wedlore-c.click/

Response headers

via
1.1 google
x-response-time
2ms
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
198
date
Mon, 16 Dec 2024 22:20:52 GMT
content-type
text/plain; charset=UTF-8
Primary Request filter
tq.ngcluster-d.site/
Redirect Chain
  • https://wedlore-c.click/api/v1/pxcheck?impId=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE&minfo=eyJjb29raWVEaXNhYmxlZCI6ZmFsc2UsInVhIjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuM...
  • http://xml-v4.ngcluster-d.site/click?seat=3107750&i=WGfblb2vJHI_0
  • https://xml-v4.ngcluster-d.site/click?seat=3107750&i=WGfblb2vJHI_0
  • https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32
15 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32
Requested by
Host: wedlore-c.click
URL: https://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.239.53.32 New York, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
9aa44179432a0e07496a5eae826fad800483257868f852c7fc986fd6e10edf92

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store
Connection
keep-alive
Content-Length
15423
Content-Type
text/html; charset=utf-8
Date
Mon, 16 Dec 2024 22:20:53 GMT
Referrer-Policy
unsafe-url
Server
nginx

Redirect headers

Cache-Control
no-store
Connection
keep-alive
Content-Length
0
Date
Mon, 16 Dec 2024 22:20:53 GMT
Location
https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32
Server
nginx
aperture.js
cdn.perfdrive.com/aperture/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perfdrive.com/aperture/aperture.js
Requested by
Host: tq.ngcluster-d.site
URL: https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.29.114 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
114.29.211.130.bc.googleusercontent.com
Software
nginx/1.10.1 /
Resource Hash
9fb91ff0e8c179aea40dbe6842b36fd201654f5647c21dcec41fd18be535d506

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32

Response headers

cache-control
max-age=3600,public
content-encoding
gzip
etag
W/"674e9704-6844"
age
730
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7938
date
Mon, 16 Dec 2024 22:08:43 GMT
last-modified
Tue, 03 Dec 2024 05:28:36 GMT
content-type
application/javascript
server
nginx/1.10.1
vary
Accept-Encoding
jsdata
cas.avalon.perfdrive.com/ 		316 B
375 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/aperture/aperture.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash
f485134736a1c527cd4bea41660f0c1ce972d1d69e3fa90497ccb97c8e1f9b6d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32

Response headers

via
1.1 google
x-response-time
3ms
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
316
date
Mon, 16 Dec 2024 22:20:53 GMT
content-type
text/plain; charset=UTF-8
jsdata
cas.avalon.perfdrive.com/ 		198 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/aperture/aperture.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash
7041701b84338cf55c09d5b43458fe4950aa51d2428ef0c4227de4ea1b0fbbe2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32

Response headers

via
1.1 google
x-response-time
1ms
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
198
date
Mon, 16 Dec 2024 22:20:53 GMT
content-type
text/plain; charset=UTF-8
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32

Response headers

Content-Type
image/png
/
flfdatings.com/
Redirect Chain
  • https://xml-v4.ngcluster-d.site/click2?i=WGfblb2vJHI_0&ci=-6372933155935424926&j=rv%3Db%26ss%3D1600x1200%26ws%3D1600x1200%26wp%3D110x110%26ce%3D1%26ck%3Djc%26cv%3D5788%26cs%3D1%26fr%3D0%26hc%3D0%26...
  • http://8cays.bemobtrcks.com/go/f3bef66f-e939-4577-bb90-7fc0466f4093?bid=0.0055&conversion=p47LD1co7mI&source_subid=8fbbbf1c7eb7478ba831b4ea0&campaign=1569164&search_referrer_domain=shoelover.com&pu...
  • https://8cays.bemobtrcks.com/go/f3bef66f-e939-4577-bb90-7fc0466f4093?bid=0.0055&conversion=p47LD1co7mI&source_subid=8fbbbf1c7eb7478ba831b4ea0&campaign=1569164&search_referrer_domain=shoelover.com&p...
  • https://www1.affhone.fyi/click?pid=52456&offer_id=25&sub1=Th3pHqvR9DHzU2762kzzmO&sub1=Th3pHqvR9DHzU2762kzzmO
  • https://m.bingdone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=6760a7c63bf465000154fb20&affpid=52456&action_id=USdesktop&referrer=https%3A%2F%2Ftq.ngcluster-d.site%2Ffilter%3Fq%3Dshoelover.com%25252Cs...
  • https://tracking.boingooingo.com/click?pid=7603&offer_id=4620&sub1=199edmyghoj4k3y655&sub2=ons_52456
  • https://flfdatings.com/?sub1=6760a7c79e149f0001124142&sub2=ons_52456&sub3=&affiliate_id=7603&source=ons_52456
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
flfdatings.com
URL
https://flfdatings.com/?sub1=6760a7c79e149f0001124142&sub2=ons_52456&sub3=&affiliate_id=7603&source=ons_52456

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| tqs function| hc function| jsfload object| SSJSConnectorObj function| ssConf object| ssTimeLogs object| BrowserStyle string| j function| ssJSActionTaker function| ssJSConnWriteCookies

27 Cookies

Domain/Path Name / Value
.wedlore-c.click/ Name: __ssds
Value: 2
.wedlore-c.click/ Name: __ssuzjsr2
Value: a9be0cd8e
.wedlore-c.click/ Name: __uzmaj2
Value: d82fe040-a1b2-40ff-9c4e-8dfa5b6bc473
.wedlore-c.click/ Name: __uzmbj2
Value: 1734387652
.wedlore-c.click/ Name: __uzmcj2
Value: 453711018359
.wedlore-c.click/ Name: __uzmdj2
Value: 1734387652
.wedlore-c.click/ Name: __uzmlj2
Value: xK2s26iDi2VxJL9tSg5bmKhAgkeBB5b81ds22lhY/6c=
.wedlore-c.click/ Name: __uzmfj2
Value: 7f6000af63d6b2-8b5c-4746-9304-7b42ecd8813b17343876529310-cd2e00538a28984110
.ngcluster-d.site/ Name: x3325799
Value: 2074258294
tq.ngcluster-d.site/ Name: c1400166158
Value: 2074258294
.ngcluster-d.site/ Name: __ssds
Value: 2
tq.ngcluster-d.site/ Name: jc
Value: 5788
.ngcluster-d.site/ Name: __ssuzjsr2
Value: a9be0cd8e
.ngcluster-d.site/ Name: __uzmaj2
Value: 9dc4ecbe-0843-4176-b611-d2f4b695c329
.ngcluster-d.site/ Name: __uzmbj2
Value: 1734387653
.ngcluster-d.site/ Name: __uzmcj2
Value: 828101022987
.ngcluster-d.site/ Name: __uzmdj2
Value: 1734387653
.8cays.bemobtrcks.com/ Name: bemob-viewer-id
Value: 20573df3-1cca-466e-a61b-a7146efab6fe
.8cays.bemobtrcks.com/ Name: bemob-uniq-visit:f3bef66f-e939-4577-bb90-7fc0466f4093
Value: 1
.8cays.bemobtrcks.com/ Name: bemob-rotation:f3bef66f-e939-4577-bb90-7fc0466f4093:random:1aee7db0242ab3ef631e326c109c30b8
Value: 0-0-1
.8cays.bemobtrcks.com/ Name: bemob-click-id
Value: Th3pHqvR9DHzU2762kzzmO
www1.affhone.fyi/ Name: afclick
Value: 6760a7c63bf465000154fb20
www1.affhone.fyi/ Name: afoffers
Value: {"25":1734387654}
m.bingdone.com/ Name: uclick
Value: myghoj4k6o
m.bingdone.com/ Name: uclickhash
Value: myghoj4k6o-myghoj4k3y-j68n-twqd-hog5-2txo2t-twg63y-ae58d8
tracking.boingooingo.com/ Name: afclick
Value: 6760a7c79e149f0001124142
tracking.boingooingo.com/ Name: afoffers
Value: {"4620":1734387655}

3 Console Messages

Source Level URL
Text
rendering warning URL: https://iunia-eap.com/zclkvisitor/01dc1d13-bbfc-11ef-b046-0affe790322f/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=01e65643-bbfc-11ef-b046-0affe790322f
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0B05D003C380000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://wedlore-c.click/api/v1/px?xmlid=VBqh1us0YdXt6WC4HU0nZjdNHgi0BkC3exGdXJNE
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0F08F0A3C380000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://tq.ngcluster-d.site/filter?q=shoelover.com%252Cshoelover%252Ccom&i=WGfblb2vJHI_0&ci=-6372933155935424926&t=1826770431&h=32
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0F08F0A3C380000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.