urlscan.io logo urlscan.io
SecurityTrails logo

click.rzltrk.com Open in urlscan Pro
5.39.219.146  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://normandie.super-prizes.win/redirect.html
Effective URL: http://click.rzltrk.com/normandie/a.php
Submission: On May 17 via manual from FR — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 8 domains to perform 5 HTTP transactions. The main IP is 5.39.219.146, located in Netherlands and belongs to HOSTKEY-AS, NL. The main domain is click.rzltrk.com.
This is the only time click.rzltrk.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 5.39.219.146 57043 (HOSTKEY-AS)
2 151.101.112.193 54113 (FASTLY)
1 1 104.171.127.123 31863 (DACEN-2)
2 2 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 1 2a06:98c1:312... ()
1 1 52.58.114.47 ()
1 2 44.235.215.24 ()
5 3
2    5.39.219.146 (Netherlands)

ASN57043 (HOSTKEY-AS, NL)
PTR: srv.tims-rewards.com
normandie.super-prizes.win
click.rzltrk.com
2    151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
i.imgur.com
1    104.171.127.123 (United States)

ASN31863 (DACEN-2, US)
PTR: intelligentmedia.co
trkwebs.com
2    2a06:98c1:3120::a (United States)

ASN13335 (CLOUDFLARENET, US)
link-locked.com
1    2a06:98c1:3121::a (None, )

ASN- ()
so.slytrk06.com
1    52.58.114.47 (None, )

ASN- ()
bbcc-glo.applewes.com
2    44.235.215.24 (None, )

ASN- ()
go.grandprizewinners.com
Apex Domain
Subdomains		 Transfer
2 grandprizewinners.com
go.grandprizewinners.com
3 KB
2 link-locked.com
link-locked.com
1 KB
2 imgur.com
i.imgur.com — Cisco Umbrella Rank: 5319
250 KB
1 applewes.com
bbcc-glo.applewes.com
531 B
1 slytrk06.com
so.slytrk06.com
1 KB
1 trkwebs.com
trkwebs.com
598 B
1 rzltrk.com
click.rzltrk.com
594 B
1 super-prizes.win
normandie.super-prizes.win
652 B
5 8
Domain Requested by
2 go.grandprizewinners.com 1 redirects
2 link-locked.com 2 redirects
2 i.imgur.com normandie.super-prizes.win
click.rzltrk.com
1 bbcc-glo.applewes.com 1 redirects
1 so.slytrk06.com 1 redirects
1 trkwebs.com 1 redirects
1 click.rzltrk.com
1 normandie.super-prizes.win
5 8

This site contains no links.

Subject Issuer Validity Valid
normandie.super-prizes.win
R3		 2022-05-11 -
2022-08-09		 3 months crt.sh
*.imgur.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-03-16		 a year crt.sh

This page contains 1 frames:

Frame: http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Flg-glo.gloytrk1.com%2Ft%2Fclk%3Fid%3DqQ5uk1pUvNyOFMgVXS0%26s2%3DqMzntD8GSl-6283920e6cc58304d712f5e2%26
Frame ID: 0F23B19949EAB2F0C59B35049622C740
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://normandie.super-prizes.win/redirect.html Page URL
  2. http://click.rzltrk.com/normandie/a.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

5
Requests

60 %
HTTPS

29 %
IPv6

8
Domains

8
Subdomains

3
IPs

3
Countries

251 kB
Transfer

250 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://normandie.super-prizes.win/redirect.html Page URL
  2. http://click.rzltrk.com/normandie/a.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://trkwebs.com/click.php?camp=5422&pubid=282& HTTP 302
  • http://link-locked.com/click.php?camp=220&pubid=282&sid=&sid2=&sid3=&sid4= HTTP 301
  • https://link-locked.com/click.php?camp=220&pubid=282&sid=&sid2=&sid3=&sid4= HTTP 302
  • https://so.slytrk06.com/t/clk?id=rm2HA45fROEU6qL9SJ&s2=INM45c47c2f984e9f2&s1=282 HTTP 302
  • https://bbcc-glo.applewes.com/t/clk?id=QkM6f6J5fQ5vNIAkyMHo&s1=282&s2=INM45c47c2f984e9f2&rl=4oRXn&redirect-from=rm2HA45fROEU6qL9SJ&rcode=R01&rseq=R01 HTTP 302
  • http://go.grandprizewinners.com/click/rNJ9BhQ8Xx?c1=b54b52ce-0ef4-4665-a2a3-5b30fa074ba3&c2=4333&c7=30001 HTTP 302
  • http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Flg-glo.gloytrk1.com%2Ft%2Fclk%3Fid%3DqQ5uk1pUvNyOFMgVXS0%26s2%3DqMzntD8GSl-6283920e6cc58304d712f5e2%26

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redirect.html
normandie.super-prizes.win/ 		455 B
652 B 		Document
General
Check archive.org
Download Go to
Full URL
https://normandie.super-prizes.win/redirect.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.39.219.146 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
srv.tims-rewards.com
Software
Apache/2.4.53 (Unix) OpenSSL/1.0.2k-fips /
Resource Hash
7a22f2424f98fa426ab749a559fea77f2bb976ae293de1feeef1a6daf5acb3cb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
286
Content-Type
text/html
Date
Tue, 17 May 2022 12:16:08 GMT
ETag
"1c7-5df33f0965fbd-gzip"
Keep-Alive
timeout=5, max=100
Last-Modified
Tue, 17 May 2022 12:04:16 GMT
Server
Apache/2.4.53 (Unix) OpenSSL/1.0.2k-fips
Vary
Accept-Encoding,User-Agent
hTnbZux.gif
i.imgur.com/ 		125 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/hTnbZux.gif
Requested by
Host: normandie.super-prizes.win
URL: https://normandie.super-prizes.win/redirect.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
eaa81a78d6ab29a12b5b86e349f7d77abe19946f0d597e1b5191ad1845c4effd
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://normandie.super-prizes.win/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 12:16:08 GMT
x-content-type-options
nosniff
age
1179240
x-cache
HIT, HIT
content-length
127714
x-served-by
cache-iad-kcgs7200025-IAD, cache-hhn4028-HHN
last-modified
Tue, 02 Apr 2019 15:25:01 GMT
server
cat factory 1.0
x-timer
S1652789769.653249,VS0,VE0
etag
"f252b6501dcc02ff9a120712177c028c"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
6, 2
Primary Request a.php
click.rzltrk.com/normandie/ 		451 B
594 B 		Document
General
Check archive.org
Download Go to
Full URL
http://click.rzltrk.com/normandie/a.php
Protocol
HTTP/1.1
Server
5.39.219.146 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
srv.tims-rewards.com
Software
Apache/2.4.53 (Unix) OpenSSL/1.0.2k-fips / PHP/7.3.0
Resource Hash
9db71216095778ea531344c7621ed029e8b97891190bdf865c9f92f1fcb4f9dc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
288
Content-Type
text/html; charset=UTF-8
Date
Tue, 17 May 2022 12:16:09 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.53 (Unix) OpenSSL/1.0.2k-fips
Vary
Accept-Encoding,User-Agent
X-Powered-By
PHP/7.3.0
hTnbZux.gif
i.imgur.com/ 		125 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/hTnbZux.gif
Requested by
Host: click.rzltrk.com
URL: http://click.rzltrk.com/normandie/a.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
eaa81a78d6ab29a12b5b86e349f7d77abe19946f0d597e1b5191ad1845c4effd
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://click.rzltrk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 12:16:09 GMT
x-content-type-options
nosniff
age
1179241
x-cache
HIT, HIT
content-length
127714
x-served-by
cache-iad-kcgs7200025-IAD, cache-hhn4028-HHN
last-modified
Tue, 02 Apr 2019 15:25:01 GMT
server
cat factory 1.0
x-timer
S1652789770.917819,VS0,VE0
etag
"f252b6501dcc02ff9a120712177c028c"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
6, 3
d.php
go.grandprizewinners.com/main/
Redirect Chain
  • https://trkwebs.com/click.php?camp=5422&pubid=282&
  • http://link-locked.com/click.php?camp=220&pubid=282&sid=&sid2=&sid3=&sid4=
  • https://link-locked.com/click.php?camp=220&pubid=282&sid=&sid2=&sid3=&sid4=
  • https://so.slytrk06.com/t/clk?id=rm2HA45fROEU6qL9SJ&s2=INM45c47c2f984e9f2&s1=282
  • https://bbcc-glo.applewes.com/t/clk?id=QkM6f6J5fQ5vNIAkyMHo&s1=282&s2=INM45c47c2f984e9f2&rl=4oRXn&redirect-from=rm2HA45fROEU6qL9SJ&rcode=R01&rseq=R01
  • http://go.grandprizewinners.com/click/rNJ9BhQ8Xx?c1=b54b52ce-0ef4-4665-a2a3-5b30fa074ba3&c2=4333&c7=30001
  • http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Flg-glo.gloytrk1.com%2Ft%2Fclk%3Fid%3DqQ5uk1pUvNyOFMgVXS0%26s2%3DqMzntD8GSl-6283920e6cc58304d712f5e2%26
0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Flg-glo.gloytrk1.com%2Ft%2Fclk%3Fid%3DqQ5uk1pUvNyOFMgVXS0%26s2%3DqMzntD8GSl-6283920e6cc58304d712f5e2%26
Protocol
HTTP/1.1
Server
44.235.215.24 -, , ASN (),
Reverse DNS
Software
nginx/1.11.6 /
Resource Hash

Request headers

Referer
http://click.rzltrk.com/normandie/a.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 17 May 2022 12:16:14 GMT
Server
nginx/1.11.6
Transfer-Encoding
chunked

Redirect headers

Cache-Control
no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Tue, 17 May 2022 12:16:14 GMT
Location
/main/d.php?s=1&link=https%3A%2F%2Flg-glo.gloytrk1.com%2Ft%2Fclk%3Fid%3DqQ5uk1pUvNyOFMgVXS0%26s2%3DqMzntD8GSl-6283920e6cc58304d712f5e2%26
Server
nginx/1.11.6
Transfer-Encoding
chunked

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone

2 Cookies

Domain/Path Name / Value
trkwebs.com/ Name: PHPSESSID
Value: n2n5aqr13tj5b67rtk5ifvjhq3
link-locked.com/ Name: PHPSESSID
Value: gn9ebbs5i2g2ehj7skncqpboj5