www.tk-locker.cpb.bplkmedia.online Open in urlscan Pro
2600:3c00::f03c:91ff:fe13:aed7  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.visit.bld.bplkmedia.online/loading?&sub_id=Damtrek&sa=D&sntz=1&usg=AOvVaw14vZFtgg6wKV2EvimUMU4C Page URL
2. https://www.visit.bld.bplkmedia.online/register?sub_id=Damtrek Page URL
3. https://www.tk-locker.cpb.bplkmedia.online/f75421e?s1=Damtrek Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	loading Show response www.visit.bld.bplkmedia.online/	3 KB 1 KB	648ms 251ms	Document text/html	2600:3c00::f03c:91ff:fe13:aed7 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.visit.bld.bplkmedia.online/loading?&sub_id=Damtrek&sa=D&sntz=1&usg=AOvVaw14vZFtgg6wKV2EvimUMU4C Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:3c00::f03c:91ff:fe13:aed7 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS Software DomaiNesia / Resource Hash fa1f62795bac5c0bd0dcdab0c01816da32814baf19764cd3e0945bdf6fe12381 Security Headers Name Value Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-security-policy default-src * data: 'unsafe-eval' 'unsafe-inline' content-type text/html; charset=UTF-8 date Wed, 07 Jun 2023 12:22:28 GMT dn-request-id c51b7dab4fe43197ac6a37160998701f dynamic-cache-status BYPASS referrer-policy strict-origin-when-cross-origin server DomaiNesia strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding Accept-Encoding,User-Agent x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	js15_as.js Show response s10.histats.com/	11 KB 5 KB	73ms 21ms	Script text/javascript	2606:4700:10::6814:51d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://s10.histats.com/js15_as.js Requested by Host: www.visit.bld.bplkmedia.online URL: https://www.visit.bld.bplkmedia.online/loading?&sub_id=Damtrek&sa=D&sntz=1&usg=AOvVaw14vZFtgg6wKV2EvimUMU4C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6814:51d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Request headers accept-language de-DE,de;q=0.9 Referer https://www.visit.bld.bplkmedia.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Wed, 07 Jun 2023 12:22:29 GMT content-encoding gzip cf-cache-status HIT last-modified Thu, 16 Apr 2020 10:44:16 GMT server cloudflare age 73485 etag "-375139978" vary Accept-Encoding content-type text/javascript cache-control max-age=28800 accept-ranges bytes cf-ray 7d38dc6029449b88-FRA content-length 4547
GET H/1.1	200 OK	0.php s4.histats.com/stats/	50 B 184 B	310ms 98ms	Script text/html	149.56.240.31 OVH
General Check archive.org Show headers Download Go to Full URL https://s4.histats.com/stats/0.php?4689086&@f16&@g1&@h1&@i1&@j1686140549173&@k0&@l1&@mDamtrek&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:88793802&@b3:1686140549&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwww.visit.bld.bplkmedia.online%2Floading%3F%26sub_id%3DDamtrek%26sa%3DD%26sntz%3D1%26usg%3DAOvVaw14vZFtgg6wKV2EvimUMU4C&@w Requested by Host: s10.histats.com URL: https://s10.histats.com/js15_as.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 149.56.240.31 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ns534110.ip-149-56-240.net Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://www.visit.bld.bplkmedia.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 07 Jun 2023 12:22:30 GMT Connection close Content-Length 50 Content-Type text/html;charset=UTF-8
GET H2	200	register www.visit.bld.bplkmedia.online/	597 B 709 B	156ms 156ms	Document text/html	2600:3c00::f03c:91ff:fe13:aed7 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.visit.bld.bplkmedia.online/register?sub_id=Damtrek Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:3c00::f03c:91ff:fe13:aed7 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS Software DomaiNesia / Resource Hash Security Headers Name Value Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.visit.bld.bplkmedia.online/loading?&sub_id=Damtrek&sa=D&sntz=1&usg=AOvVaw14vZFtgg6wKV2EvimUMU4C Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-security-policy default-src * data: 'unsafe-eval' 'unsafe-inline' content-type text/html; charset=UTF-8 date Wed, 07 Jun 2023 12:22:29 GMT dn-request-id 0e9b24444abcdcf16efad69e6bfeadfb dynamic-cache-status BYPASS referrer-policy strict-origin-when-cross-origin server DomaiNesia strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding Accept-Encoding,User-Agent x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	Primary Request f75421e Show response www.tk-locker.cpb.bplkmedia.online/	546 B 705 B	816ms 245ms	Document text/html	2600:3c00::f03c:91ff:fe13:aed7 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.tk-locker.cpb.bplkmedia.online/f75421e?s1=Damtrek Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:3c00::f03c:91ff:fe13:aed7 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS Software DomaiNesia / Resource Hash 25e51bd39a1d1a9b1392116ed361903867117f3d9fb5b363d69363d8d41ed024 Security Headers Name Value Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.visit.bld.bplkmedia.online/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-security-policy default-src * data: 'unsafe-eval' 'unsafe-inline' content-type text/html; charset=UTF-8 date Wed, 07 Jun 2023 12:22:30 GMT dn-request-id 944a1369076248cc8b77252d1ec104f1 dynamic-cache-status BYPASS referrer-policy strict-origin-when-cross-origin server DomaiNesia strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding Accept-Encoding,User-Agent x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	5MAy9r.js Show response d3h83s39ga3y3t.cloudfront.net/	24 KB 7 KB	287ms 198ms	Script application/javascript	2600:9000:237d:b400:d:d1ea:5a40:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3h83s39ga3y3t.cloudfront.net/5MAy9r.js Requested by Host: www.tk-locker.cpb.bplkmedia.online URL: https://www.tk-locker.cpb.bplkmedia.online/f75421e?s1=Damtrek Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:237d:b400:d:d1ea:5a40:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a28be45144d377ab16527a8b5d2d60fae4d780f9dec17e4327567ad90482f293 Request headers accept-language de-DE,de;q=0.9 Referer https://www.tk-locker.cpb.bplkmedia.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Wed, 07 Jun 2023 12:08:37 GMT content-encoding br via 1.1 e5f838cca0e0de4bbf3520e7a4d3ae3e.cloudfront.net (CloudFront) last-modified Sat, 13 May 2023 22:59:48 GMT server AmazonS3 x-amz-cf-pop MUC50-P2 age 1316 etag W/"2bfd2a5b8ac2dbc95efed9f39bf259ff" vary Accept-Encoding x-cache Error from cloudfront content-type application/javascript x-amz-cf-id 4SKcbV1xBaIQG0dddWS765eowddnvX_nmOIINC07dJqM-BsvMZC0jQ==
GET H2	200	html.3862793.d8869.0.js Show response d2a80scaiwzqau.cloudfront.net/public/external/v2/	15 KB 15 KB	372ms 319ms	Script application/javascript	2600:9000:2490:de00:7:aad:f980:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d2a80scaiwzqau.cloudfront.net/public/external/v2/html.3862793.d8869.0.js Requested by Host: d3h83s39ga3y3t.cloudfront.net URL: https://d3h83s39ga3y3t.cloudfront.net/5MAy9r.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:de00:7:aad:f980:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11 Resource Hash 06966927fe40a0bd882f51b5baff45a38c2fc718e78ec149e1d3102f9aeca5bc Request headers accept-language de-DE,de;q=0.9 Referer https://www.tk-locker.cpb.bplkmedia.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Wed, 07 Jun 2023 12:22:31 GMT via 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront) server Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop FRA56-P6 x-powered-by PHP/7.4.11 x-cache Miss from cloudfront content-type application/javascript x-amz-cf-id nkL3fx9_rYusl9GeA3NmeUvPceUsLfOZeGzq7koY3c7y22AGDl50ig==
GET H2	200	css_front.css d2a80scaiwzqau.cloudfront.net/public/external/	6 KB 7 KB	215ms 162ms	Stylesheet text/css	2600:9000:2490:de00:7:aad:f980:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d2a80scaiwzqau.cloudfront.net/public/external/css_front.css Requested by Host: d3h83s39ga3y3t.cloudfront.net URL: https://d3h83s39ga3y3t.cloudfront.net/5MAy9r.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:de00:7:aad:f980:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / Resource Hash a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec Request headers accept-language de-DE,de;q=0.9 Referer https://www.tk-locker.cpb.bplkmedia.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Wed, 07 Jun 2023 12:22:30 GMT via 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront) last-modified Tue, 23 Jun 2020 20:06:47 GMT server Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop FRA56-P6 etag "19c4-5a8c5e62e9d0a" x-cache Miss from cloudfront content-type text/css accept-ranges bytes content-length 6596 x-amz-cf-id gF0Ul97NBPBEz9mBaKqCY8ynebe-rnyR8x_HhtTqwVRxWiZ1n7RsNg==
GET		css.css d2a80scaiwzqau.cloudfront.net/public/clockers/PrimeApps/	0 0
GET		guid d2a80scaiwzqau.cloudfront.net/public/	0 0
GET		ct d2a80scaiwzqau.cloudfront.net/public/ Frame 0458	0 0
GET		impression.php d2a80scaiwzqau.cloudfront.net/public/external/	0 0
GET		guid d2a80scaiwzqau.cloudfront.net/public/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

d2a80scaiwzqau.cloudfront.net

URL

https://d2a80scaiwzqau.cloudfront.net/public/clockers/PrimeApps/css.css

Domain

d2a80scaiwzqau.cloudfront.net

URL

https://d2a80scaiwzqau.cloudfront.net/public/guid?cpguid=pddxfvj6t&s1=Damtrek&e=ll&t=1686140551783

Domain

d2a80scaiwzqau.cloudfront.net

URL

https://d2a80scaiwzqau.cloudfront.net/public/ct?cpguid=pddxfvj6t&s1=Damtrek&it=3862793&w=1600&h=1200&key=d8869&m=0&r=%1D%01%01%05%06OZZ%02%02%02%5B%03%1C%06%1C%01%5B%17%19%11%5B%17%05%19%1E%18%10%11%1C%14%5B%1A%1B%19%1C%1B%10Z

Domain

d2a80scaiwzqau.cloudfront.net

URL

https://d2a80scaiwzqau.cloudfront.net/public/external/impression.php?it=3862793&time=1686140552809

Domain

d2a80scaiwzqau.cloudfront.net

URL

https://d2a80scaiwzqau.cloudfront.net/public/guid?cpguid=pddxfvj6t&s1=Damtrek&e=opl&t=1686140552809

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.visit.bld.bplkmedia.online/	1970-01-20 21:07:56	Name: HstCfa4689086 Value: 1686140549173
			www.visit.bld.bplkmedia.online/	1970-01-20 21:07:56	Name: HstCla4689086 Value: 1686140549173
			www.visit.bld.bplkmedia.online/	1970-01-20 21:07:56	Name: HstCmu4689086 Value: 1686140549173
			www.visit.bld.bplkmedia.online/	1970-01-20 21:07:56	Name: HstPn4689086 Value: 1
			www.visit.bld.bplkmedia.online/	1970-01-20 21:07:56	Name: HstPt4689086 Value: 1
			www.visit.bld.bplkmedia.online/	1970-01-20 21:07:56	Name: HstCnv4689086 Value: 1
			www.visit.bld.bplkmedia.online/	1970-01-20 21:07:56	Name: HstCns4689086 Value: 1
			www.tk-locker.cpb.bplkmedia.online/	1970-01-20 12:36:44	Name: _cpguid Value: pddxfvj6t

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d2a80scaiwzqau.cloudfront.net
d3h83s39ga3y3t.cloudfront.net
s10.histats.com
s4.histats.com
www.tk-locker.cpb.bplkmedia.online
www.visit.bld.bplkmedia.online
d2a80scaiwzqau.cloudfront.net
149.56.240.31
2600:3c00::f03c:91ff:fe13:aed7
2600:9000:237d:b400:d:d1ea:5a40:21
2600:9000:2490:de00:7:aad:f980:21
2606:4700:10::6814:51d
06966927fe40a0bd882f51b5baff45a38c2fc718e78ec149e1d3102f9aeca5bc
25e51bd39a1d1a9b1392116ed361903867117f3d9fb5b363d69363d8d41ed024
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
a28be45144d377ab16527a8b5d2d60fae4d780f9dec17e4327567ad90482f293
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
fa1f62795bac5c0bd0dcdab0c01816da32814baf19764cd3e0945bdf6fe12381