clk.tncid.app Open in urlscan Pro
34.120.17.19 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://api.suggestiondamis.com/3_1/click/?data=c2VuZG91dElkfHx8fDE0ODIvLy8vbmV3c2xldHRlcklkfHx8fDM0Ni8vLy9yZWNpcGllbnRJZHx8fHwy...
Effective URL:
https://clk.tncid.app/?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0O...
Submission: On July 12 via api (July 12th 2021, 11:03:00 am UTC) from BE

Summary HTTP 6 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 8 domains to perform 6 HTTP transactions. The main IP is 34.120.17.19, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is clk.tncid.app.
TLS certificate: Issued by GTS CA 1D4 on June 29th 2021. Valid for: 3 months.

This is the only time clk.tncid.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.83.18.222 35.83.18.222	16509 (AMAZON-02) (AMAZON-02)
1	34.120.17.19 34.120.17.19	15169 (GOOGLE) (GOOGLE)
2 2	37.157.4.24 37.157.4.24	198622 (ADFORM) (ADFORM)
2	34.102.181.119 34.102.181.119	15169 (GOOGLE) (GOOGLE)
2 2	35.190.16.14 35.190.16.14	15169 (GOOGLE) (GOOGLE)
1	34.120.51.234 34.120.51.234	15169 (GOOGLE) (GOOGLE)
1 1	35.166.9.76 35.166.9.76	16509 (AMAZON-02) (AMAZON-02)
1 1	199.193.119.9 199.193.119.9	29802 (HVC-AS) (HVC-AS)
1	18.203.14.26 18.203.14.26	16509 (AMAZON-02) (AMAZON-02)
6	5

1 35.83.18.222 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-83-18-222.us-west-2.compute.amazonaws.com

api.suggestiondamis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.17.19 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 19.17.120.34.bc.googleusercontent.com

clk.tncid.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.24 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.102.181.119 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 119.181.102.34.bc.googleusercontent.com

im.thenewco.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.16.14 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 14.16.190.35.bc.googleusercontent.com

redirect.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.51.234 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 234.51.120.34.bc.googleusercontent.com

bd.tncid.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.166.9.76 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-166-9-76.us-west-2.compute.amazonaws.com

tk.kxaff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.193.119.9 (United States) 1 redirects

ASN29802 (HVC-AS, US)
PTR: 199-193-119-9.static.hvvc.us

tk.keyxel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.14.26 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-14-26.eu-west-1.compute.amazonaws.com

haof.hoeontrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	weborama.fr 2 redirects redirect.frontend.weborama.fr	659 B
2	thenewco.id im.thenewco.id	346 B
2	adform.net 2 redirects c1.adform.net	1004 B
2	tncid.app clk.tncid.app bd.tncid.app	62 KB
1	hoeontrack.com haof.hoeontrack.com	566 B
1	keyxel.com 1 redirects tk.keyxel.com	559 B
1	kxaff.com tk.kxaff.com Failed	312 B
1	suggestiondamis.com 1 redirects api.suggestiondamis.com	1016 B
6	8

	Domain	Requested by
2	redirect.frontend.weborama.fr	2 redirects
2	im.thenewco.id	clk.tncid.app
2	c1.adform.net	2 redirects
1	haof.hoeontrack.com	clk.tncid.app
1	tk.keyxel.com	1 redirects
1	tk.kxaff.com	clk.tncid.app
1	bd.tncid.app	clk.tncid.app
1	clk.tncid.app
1	api.suggestiondamis.com	1 redirects
6	9

This site contains no links.

Subject Issuer	Validity	Valid
clk.tncid.app GTS CA 1D4	`2021-06-29` - `2021-09-27`	3 months	crt.sh
im.thenewco.id GTS CA 1D4	`2021-06-27` - `2021-09-25`	3 months	crt.sh
bd.tncid.app GTS CA 1D4	`2021-06-28` - `2021-09-26`	3 months	crt.sh
haof.hoeontrack.com Amazon	`2020-11-27` - `2021-12-26`	a year	crt.sh

This page contains 1 frames:

Frame: https://haof.hoeontrack.com/aff_c?offer_id=135&aff_id=1265&url_id=10919&file_id=21660&source=wdbefr&aff_sub=BEFR
Frame ID: C7538E55F8AB7F4380B98978B0375A1E
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://api.suggestiondamis.com/3_1/click/?data=c2VuZG91dElkfHx8fDE0ODIvLy8vbmV3c2xldHRlcklkfHx8fDM0Ni8vLy9y... HTTP 302
https://clk.tncid.app/?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiO... Page URL

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Cloud (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /^1\.1 google$/i

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

8
Domains

9
Subdomains

5
IPs

3
Countries

63 kB
Transfer

62 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://api.suggestiondamis.com/3_1/click/?data=c2VuZG91dElkfHx8fDE0ODIvLy8vbmV3c2xldHRlcklkfHx8fDM0Ni8vLy9yZWNpcGllbnRJZHx8fHwyMzc3NDU5NjgvLy8vdXx8fHw0NmI2NmMxNDk4Y2Y3Zjk4ZGVkOTAyMTc2MDI0ZDhjOC8vLy9jbGlja0lkfHx8fDEvLy8vcnVybHx8fHxodHRwczovL2Nsay50bmNpZC5hcHA/cT1leUprWld4cGRtVnllVjkwYVcxbElqb2dJakl3TWpFdE1EY3RNVElnTURJNk1EWTZNVGdpTENBaWNISnZkbWxrWlhKZmFXUWlPaUFpWlRka01UbGpZVE10WXpNME9DMDBaamhrTFRsbVpEZ3RNMkZpTlRBelpUVXhOV1E1SWl3Z0ltTnZibk5sYm5SZmRYSnNJam9nSWlJc0lDSmpiMjV6Wlc1MFgzUnBiV1VpT2lBaUlpd2dJbU52Ym5ObGJuUmZjbVZoYzI5dUlqb2dJaUlzSUNKamIyNXpaVzUwWDJsd0lqb2dJaUlzSUNKdE5Xd2lPaUFpTkRaaU5qWmpNVFE1T0dObU4yWTVPR1JsWkRrd01qRTNOakF5TkdRNFl6Z2lMQ0FpY0d4aFkyVnRaVzUwWDJsa0lqb2dJakUwT0RKZk16UTJJaXdnSW1SbGMzUnBibUYwYVc5dVgzVnliQ0k2SUNKb2RIUndjem92TDNSckxtdDRZV1ptTG1OdmJTOC9jSEp2WjNKaGJVbGtQVEV4TmpNNE9Ua21ZV04wYVhacGRIbEpaRDAyTkRJM0ptRm1abWxzYVdGMFpVbGtQVGt3TWpJeU15WmpjbVZoZEdsMmFYUjVTV1E5TkRNM01UY21jREE5Sm5BeFBTWndNajBtY0RNOUpuQTBQU1p3TmoweE5qazVOeVowY2xSNWNHVTlTU1oxY213OWFIUjBjSE1sTTJFbE1tWWxNbVpvWVc5bUxtaHZaVzl1ZEhKaFkyc3VZMjl0SlRKbVlXWm1YMk1sTTJadlptWmxjbDlwWkNVelpERXpOU1V5Tm1GbVpsOXBaQ1V6WkRFeU5qVWxNaloxY214ZmFXUWxNMlF4TURreE9TVXlObVpwYkdWZmFXUWxNMlF5TVRZMk1DVXlObk52ZFhKalpTVXpaSGRrWW1WbWNpVXlObUZtWmw5emRXSWxNMlJDUlVaU0luMD0= HTTP 302
https://clk.tncid.app/?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0OC00ZjhkLTlmZDgtM2FiNTAzZTUxNWQ5IiwgImNvbnNlbnRfdXJsIjogIiIsICJjb25zZW50X3RpbWUiOiAiIiwgImNvbnNlbnRfcmVhc29uIjogIiIsICJjb25zZW50X2lwIjogIiIsICJtNWwiOiAiNDZiNjZjMTQ5OGNmN2Y5OGRlZDkwMjE3NjAyNGQ4YzgiLCAicGxhY2VtZW50X2lkIjogIjE0ODJfMzQ2IiwgImRlc3RpbmF0aW9uX3VybCI6ICJodHRwczovL3RrLmt4YWZmLmNvbS8/cHJvZ3JhbUlkPTExNjM4OTkmYWN0aXZpdHlJZD02NDI3JmFmZmlsaWF0ZUlkPTkwMjIyMyZjcmVhdGl2aXR5SWQ9NDM3MTcmcDA9JnAxPSZwMj0mcDM9JnA0PSZwNj0xNjk5NyZ0clR5cGU9SSZ1cmw9aHR0cHMlM2ElMmYlMmZoYW9mLmhvZW9udHJhY2suY29tJTJmYWZmX2MlM2ZvZmZlcl9pZCUzZDEzNSUyNmFmZl9pZCUzZDEyNjUlMjZ1cmxfaWQlM2QxMDkxOSUyNmZpbGVfaWQlM2QyMTY2MCUyNnNvdXJjZSUzZHdkYmVmciUyNmFmZl9zdWIlM2RCRUZSIn0= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://c1.adform.net/serving/cookie/match?party=1218&cid=3289a72b-9186-480b-b170-1223d53b1ac2 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=1218&cid=3289a72b-9186-480b-b170-1223d53b1ac2 HTTP 302
https://im.thenewco.id/gif?uuid=3289a72b-9186-480b-b170-1223d53b1ac2&3puuid=6375741529369796974&3pid=55b2bb61-cdc3-434a-ac07-704b66d42956

Request Chain 1

https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fim.thenewco.id%2Fgif%3Fuuid%3D3289a72b-9186-480b-b170-1223d53b1ac2%263puuid%3D%7BWEBO_CID%7D%263pid%3Da0f846a5-be22-4884-b857-fa3a0cda1601 HTTP 302
https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fim.thenewco.id%2Fgif%3Fuuid%3D3289a72b-9186-480b-b170-1223d53b1ac2%263puuid%3D%7BWEBO_CID%7D%263pid%3Da0f846a5-be22-4884-b857-fa3a0cda1601&bounce=1&random=4136142967 HTTP 302
https://im.thenewco.id/gif?uuid=3289a72b-9186-480b-b170-1223d53b1ac2&3puuid=3.l63cragHLtO2rj0OpeGO&3pid=a0f846a5-be22-4884-b857-fa3a0cda1601

Request Chain 4

https://tk.kxaff.com/?programId=1163899&activityId=6427&affiliateId=902223&creativityId=43717&p0=&p1=&p2=&p3=&p4=&p6=16997&trType=I&url=https%3a%2f%2fhaof.hoeontrack.com%2faff_c%3foffer_id%3d135%26aff_id%3d1265%26url_id%3d10919%26file_id%3d21660%26source%3dwdbefr%26aff_sub%3dBEFR HTTP 301
https://tk.keyxel.com/?programId=1163899&activityId=6427&affiliateId=902223&creativityId=43717&p0=&p1=&p2=&p3=&p4=&p6=16997&trType=I&url=https%3a%2f%2fhaof.hoeontrack.com%2faff_c%3foffer_id%3d135%26aff_id%3d1265%26url_id%3d10919%26file_id%3d21660%26source%3dwdbefr%26aff_sub%3dBEFR HTTP 302
https://haof.hoeontrack.com/aff_c?offer_id=135&aff_id=1265&url_id=10919&file_id=21660&source=wdbefr&aff_sub=BEFR

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response clk.tncid.app/ Redirect Chain http://api.suggestiondamis.com/3_1/click/?data=c2VuZG91dElkfHx8fDE0ODIvLy8vbmV3c2xldHRlcklkfHx8fDM0Ni8vLy9yZWNpcGllbnRJZHx8fHwyMzc3NDU5NjgvLy8vdXx8fHw0NmI2NmMxNDk4Y2Y3Zjk4ZGVkOTAyMTc2MDI0ZDhjOC8vLy... https://clk.tncid.app/?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0OC00ZjhkLTlmZDgtM2FiNTAzZTUxNWQ5IiwgImNvbnNlbnRfdXJsIjogIiIsICJjb25zZW50X3RpbWUi...	61 KB 62 KB	162ms 49ms	Document text/html	34.120.17.19 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://clk.tncid.app/?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0OC00ZjhkLTlmZDgtM2FiNTAzZTUxNWQ5IiwgImNvbnNlbnRfdXJsIjogIiIsICJjb25zZW50X3RpbWUiOiAiIiwgImNvbnNlbnRfcmVhc29uIjogIiIsICJjb25zZW50X2lwIjogIiIsICJtNWwiOiAiNDZiNjZjMTQ5OGNmN2Y5OGRlZDkwMjE3NjAyNGQ4YzgiLCAicGxhY2VtZW50X2lkIjogIjE0ODJfMzQ2IiwgImRlc3RpbmF0aW9uX3VybCI6ICJodHRwczovL3RrLmt4YWZmLmNvbS8/cHJvZ3JhbUlkPTExNjM4OTkmYWN0aXZpdHlJZD02NDI3JmFmZmlsaWF0ZUlkPTkwMjIyMyZjcmVhdGl2aXR5SWQ9NDM3MTcmcDA9JnAxPSZwMj0mcDM9JnA0PSZwNj0xNjk5NyZ0clR5cGU9SSZ1cmw9aHR0cHMlM2ElMmYlMmZoYW9mLmhvZW9udHJhY2suY29tJTJmYWZmX2MlM2ZvZmZlcl9pZCUzZDEzNSUyNmFmZl9pZCUzZDEyNjUlMjZ1cmxfaWQlM2QxMDkxOSUyNmZpbGVfaWQlM2QyMTY2MCUyNnNvdXJjZSUzZHdkYmVmciUyNmFmZl9zdWIlM2RCRUZSIn0= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.17.19 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 19.17.120.34.bc.googleusercontent.com Software nginx/1.18.0 (Ubuntu) / Resource Hash `95dde310cc48b58cad7ee4488dc6e42cce46f8e44f0da0f234cc6f08afacbba6` Request headers :method GET :authority clk.tncid.app :scheme https :path /?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0OC00ZjhkLTlmZDgtM2FiNTAzZTUxNWQ5IiwgImNvbnNlbnRfdXJsIjogIiIsICJjb25zZW50X3RpbWUiOiAiIiwgImNvbnNlbnRfcmVhc29uIjogIiIsICJjb25zZW50X2lwIjogIiIsICJtNWwiOiAiNDZiNjZjMTQ5OGNmN2Y5OGRlZDkwMjE3NjAyNGQ4YzgiLCAicGxhY2VtZW50X2lkIjogIjE0ODJfMzQ2IiwgImRlc3RpbmF0aW9uX3VybCI6ICJodHRwczovL3RrLmt4YWZmLmNvbS8/cHJvZ3JhbUlkPTExNjM4OTkmYWN0aXZpdHlJZD02NDI3JmFmZmlsaWF0ZUlkPTkwMjIyMyZjcmVhdGl2aXR5SWQ9NDM3MTcmcDA9JnAxPSZwMj0mcDM9JnA0PSZwNj0xNjk5NyZ0clR5cGU9SSZ1cmw9aHR0cHMlM2ElMmYlMmZoYW9mLmhvZW9udHJhY2suY29tJTJmYWZmX2MlM2ZvZmZlcl9pZCUzZDEzNSUyNmFmZl9pZCUzZDEyNjUlMjZ1cmxfaWQlM2QxMDkxOSUyNmZpbGVfaWQlM2QyMTY2MCUyNnNvdXJjZSUzZHdkYmVmciUyNmFmZl9zdWIlM2RCRUZSIn0= pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers server nginx/1.18.0 (Ubuntu) date Mon, 12 Jul 2021 11:02:42 GMT content-type text/html; charset=utf-8 content-length 62916 last-modified Mon, 12 Jul 2021 11:02:42 GMT expires Wed, 11 Nov 1998 11:11:11 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache etag W/"f5c4-c82JKCVEPvp7sPdnIJcSzINO6X8" via 1.1 google alt-svc clear Redirect headers Date Mon, 12 Jul 2021 11:02:42 GMT Content-Type text/html; charset=utf-8 Content-Length 873 Connection keep-alive Cache-Control private Location https://clk.tncid.app?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0OC00ZjhkLTlmZDgtM2FiNTAzZTUxNWQ5IiwgImNvbnNlbnRfdXJsIjogIiIsICJjb25zZW50X3RpbWUiOiAiIiwgImNvbnNlbnRfcmVhc29uIjogIiIsICJjb25zZW50X2lwIjogIiIsICJtNWwiOiAiNDZiNjZjMTQ5OGNmN2Y5OGRlZDkwMjE3NjAyNGQ4YzgiLCAicGxhY2VtZW50X2lkIjogIjE0ODJfMzQ2IiwgImRlc3RpbmF0aW9uX3VybCI6ICJodHRwczovL3RrLmt4YWZmLmNvbS8/cHJvZ3JhbUlkPTExNjM4OTkmYWN0aXZpdHlJZD02NDI3JmFmZmlsaWF0ZUlkPTkwMjIyMyZjcmVhdGl2aXR5SWQ9NDM3MTcmcDA9JnAxPSZwMj0mcDM9JnA0PSZwNj0xNjk5NyZ0clR5cGU9SSZ1cmw9aHR0cHMlM2ElMmYlMmZoYW9mLmhvZW9udHJhY2suY29tJTJmYWZmX2MlM2ZvZmZlcl9pZCUzZDEzNSUyNmFmZl9pZCUzZDEyNjUlMjZ1cmxfaWQlM2QxMDkxOSUyNmZpbGVfaWQlM2QyMTY2MCUyNnNvdXJjZSUzZHdkYmVmciUyNmFmZl9zdWIlM2RCRUZSIn0= Server Microsoft-IIS/10.0 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET
GET H2	200	gif im.thenewco.id/ Redirect Chain https://c1.adform.net/serving/cookie/match?party=1218&cid=3289a72b-9186-480b-b170-1223d53b1ac2 https://c1.adform.net/serving/cookie/match?CC=1&party=1218&cid=3289a72b-9186-480b-b170-1223d53b1ac2 https://im.thenewco.id/gif?uuid=3289a72b-9186-480b-b170-1223d53b1ac2&3puuid=6375741529369796974&3pid=55b2bb61-cdc3-434a-ac07-704b66d42956	43 B 242 B	305ms 49ms	Image image/gif	34.102.181.119 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://im.thenewco.id/gif?uuid=3289a72b-9186-480b-b170-1223d53b1ac2&3puuid=6375741529369796974&3pid=55b2bb61-cdc3-434a-ac07-704b66d42956 Requested by Host: clk.tncid.app URL: https://clk.tncid.app/?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0OC00ZjhkLTlmZDgtM2FiNTAzZTUxNWQ5IiwgImNvbnNlbnRfdXJsIjogIiIsICJjb25zZW50X3RpbWUiOiAiIiwgImNvbnNlbnRfcmVhc29uIjogIiIsICJjb25zZW50X2lwIjogIiIsICJtNWwiOiAiNDZiNjZjMTQ5OGNmN2Y5OGRlZDkwMjE3NjAyNGQ4YzgiLCAicGxhY2VtZW50X2lkIjogIjE0ODJfMzQ2IiwgImRlc3RpbmF0aW9uX3VybCI6ICJodHRwczovL3RrLmt4YWZmLmNvbS8/cHJvZ3JhbUlkPTExNjM4OTkmYWN0aXZpdHlJZD02NDI3JmFmZmlsaWF0ZUlkPTkwMjIyMyZjcmVhdGl2aXR5SWQ9NDM3MTcmcDA9JnAxPSZwMj0mcDM9JnA0PSZwNj0xNjk5NyZ0clR5cGU9SSZ1cmw9aHR0cHMlM2ElMmYlMmZoYW9mLmhvZW9udHJhY2suY29tJTJmYWZmX2MlM2ZvZmZlcl9pZCUzZDEzNSUyNmFmZl9pZCUzZDEyNjUlMjZ1cmxfaWQlM2QxMDkxOSUyNmZpbGVfaWQlM2QyMTY2MCUyNnNvdXJjZSUzZHdkYmVmciUyNmFmZl9zdWIlM2RCRUZSIn0= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.102.181.119 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 119.181.102.34.bc.googleusercontent.com Software / Resource Hash Request headers Referer https://clk.tncid.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 12 Jul 2021 11:02:43 GMT via 1.1 google last-modified Mon, 12 Jul 2021 11:02:43 GMT content-type image/gif cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 alt-svc clear content-length 43 expires Wed, 11 Nov 1998 11:11:11 GMT Redirect headers pragma no-cache date Mon, 12 Jul 2021 11:02:43 GMT server nginx location https://im.thenewco.id/gif?uuid=3289a72b-9186-480b-b170-1223d53b1ac2&3puuid=6375741529369796974&3pid=55b2bb61-cdc3-434a-ac07-704b66d42956 access-control-max-age 86400 access-control-allow-methods GET access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, no-transform access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains access-control-allow-headers Content-Type,Cache-Control,Accept-Encoding,X-Requested-With content-length 0 expires -1
GET H2	200	gif im.thenewco.id/ Redirect Chain https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fim.thenewco.id%2Fgif%3Fuuid%3D3289a72b-9186-480b-b170-1223d53b1ac2%263puuid%3D%7BWEBO_CID%7D%263pid%3Da0f846a5-be22-4884-b8... https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fim.thenewco.id%2Fgif%3Fuuid%3D3289a72b-9186-480b-b170-1223d53b1ac2%263puuid%3D%7BWEBO_CID%7D%263pid%3Da0f846a5-be22-4884-b8... https://im.thenewco.id/gif?uuid=3289a72b-9186-480b-b170-1223d53b1ac2&3puuid=3.l63cragHLtO2rj0OpeGO&3pid=a0f846a5-be22-4884-b857-fa3a0cda1601	43 B 104 B	276ms 49ms	Image image/gif	34.102.181.119 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://im.thenewco.id/gif?uuid=3289a72b-9186-480b-b170-1223d53b1ac2&3puuid=3.l63cragHLtO2rj0OpeGO&3pid=a0f846a5-be22-4884-b857-fa3a0cda1601 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.102.181.119 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 119.181.102.34.bc.googleusercontent.com Software / Resource Hash Request headers Referer https://clk.tncid.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 12 Jul 2021 11:02:43 GMT via 1.1 google last-modified Mon, 12 Jul 2021 11:02:43 GMT content-type image/gif cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 alt-svc clear content-length 43 expires Wed, 11 Nov 1998 11:11:11 GMT Redirect headers pragma no-cache date Mon, 12 Jul 2021 11:02:43 GMT via 1.1 google last-modified Mon, 12 Jul 2021 11:02:43 GMT server nginx/1.12.0 location https://im.thenewco.id/gif?uuid=3289a72b-9186-480b-b170-1223d53b1ac2&3puuid=3.l63cragHLtO2rj0OpeGO&3pid=a0f846a5-be22-4884-b857-fa3a0cda1601 p3p CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM" access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 alt-svc clear content-length 0 expires Tue, 03 Jul 2001 06:00:00 GMT
POST H2	200	pv bd.tncid.app/	0 333 B	138ms 46ms	XHR text/html	34.120.51.234 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://bd.tncid.app/pv Requested by Host: clk.tncid.app URL: https://clk.tncid.app/?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0OC00ZjhkLTlmZDgtM2FiNTAzZTUxNWQ5IiwgImNvbnNlbnRfdXJsIjogIiIsICJjb25zZW50X3RpbWUiOiAiIiwgImNvbnNlbnRfcmVhc29uIjogIiIsICJjb25zZW50X2lwIjogIiIsICJtNWwiOiAiNDZiNjZjMTQ5OGNmN2Y5OGRlZDkwMjE3NjAyNGQ4YzgiLCAicGxhY2VtZW50X2lkIjogIjE0ODJfMzQ2IiwgImRlc3RpbmF0aW9uX3VybCI6ICJodHRwczovL3RrLmt4YWZmLmNvbS8/cHJvZ3JhbUlkPTExNjM4OTkmYWN0aXZpdHlJZD02NDI3JmFmZmlsaWF0ZUlkPTkwMjIyMyZjcmVhdGl2aXR5SWQ9NDM3MTcmcDA9JnAxPSZwMj0mcDM9JnA0PSZwNj0xNjk5NyZ0clR5cGU9SSZ1cmw9aHR0cHMlM2ElMmYlMmZoYW9mLmhvZW9udHJhY2suY29tJTJmYWZmX2MlM2ZvZmZlcl9pZCUzZDEzNSUyNmFmZl9pZCUzZDEyNjUlMjZ1cmxfaWQlM2QxMDkxOSUyNmZpbGVfaWQlM2QyMTY2MCUyNnNvdXJjZSUzZHdkYmVmciUyNmFmZl9zdWIlM2RCRUZSIn0= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.51.234 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 234.51.120.34.bc.googleusercontent.com Software / Resource Hash Request headers Referer https://clk.tncid.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 12 Jul 2021 11:02:43 GMT via 1.1 google last-modified Mon, 12 Jul 2021 11:02:43 GMT access-control-allow-headers Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers access-control-allow-methods POST content-type text/html access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 alt-svc clear content-length 0 expires Wed, 11 Nov 1998 11:11:11 GMT
GET		/ tk.kxaff.com/	0 0

GET H/1.1	200 OK	Cookie set aff_c Show response haof.hoeontrack.com/ Redirect Chain https://tk.kxaff.com/?programId=1163899&activityId=6427&affiliateId=902223&creativityId=43717&p0=&p1=&p2=&p3=&p4=&p6=16997&trType=I&url=https%3a%2f%2fhaof.hoeontrack.com%2faff_c%3foffer_id%3d135%26... https://tk.keyxel.com/?programId=1163899&activityId=6427&affiliateId=902223&creativityId=43717&p0=&p1=&p2=&p3=&p4=&p6=16997&trType=I&url=https%3a%2f%2fhaof.hoeontrack.com%2faff_c%3foffer_id%3d135%2... https://haof.hoeontrack.com/aff_c?offer_id=135&aff_id=1265&url_id=10919&file_id=21660&source=wdbefr&aff_sub=BEFR	0 566 B	254ms 59ms	Document text/plain	18.203.14.26 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://haof.hoeontrack.com/aff_c?offer_id=135&aff_id=1265&url_id=10919&file_id=21660&source=wdbefr&aff_sub=BEFR Requested by Host: clk.tncid.app URL: https://clk.tncid.app/?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0OC00ZjhkLTlmZDgtM2FiNTAzZTUxNWQ5IiwgImNvbnNlbnRfdXJsIjogIiIsICJjb25zZW50X3RpbWUiOiAiIiwgImNvbnNlbnRfcmVhc29uIjogIiIsICJjb25zZW50X2lwIjogIiIsICJtNWwiOiAiNDZiNjZjMTQ5OGNmN2Y5OGRlZDkwMjE3NjAyNGQ4YzgiLCAicGxhY2VtZW50X2lkIjogIjE0ODJfMzQ2IiwgImRlc3RpbmF0aW9uX3VybCI6ICJodHRwczovL3RrLmt4YWZmLmNvbS8/cHJvZ3JhbUlkPTExNjM4OTkmYWN0aXZpdHlJZD02NDI3JmFmZmlsaWF0ZUlkPTkwMjIyMyZjcmVhdGl2aXR5SWQ9NDM3MTcmcDA9JnAxPSZwMj0mcDM9JnA0PSZwNj0xNjk5NyZ0clR5cGU9SSZ1cmw9aHR0cHMlM2ElMmYlMmZoYW9mLmhvZW9udHJhY2suY29tJTJmYWZmX2MlM2ZvZmZlcl9pZCUzZDEzNSUyNmFmZl9pZCUzZDEyNjUlMjZ1cmxfaWQlM2QxMDkxOSUyNmZpbGVfaWQlM2QyMTY2MCUyNnNvdXJjZSUzZHdkYmVmciUyNmFmZl9zdWIlM2RCRUZSIn0= Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.203.14.26 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-203-14-26.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Host haof.hoeontrack.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://clk.tncid.app/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://clk.tncid.app/?q=eyJkZWxpdmVyeV90aW1lIjogIjIwMjEtMDctMTIgMDI6MDY6MTgiLCAicHJvdmlkZXJfaWQiOiAiZTdkMTljYTMtYzM0OC00ZjhkLTlmZDgtM2FiNTAzZTUxNWQ5IiwgImNvbnNlbnRfdXJsIjogIiIsICJjb25zZW50X3RpbWUiOiAiIiwgImNvbnNlbnRfcmVhc29uIjogIiIsICJjb25zZW50X2lwIjogIiIsICJtNWwiOiAiNDZiNjZjMTQ5OGNmN2Y5OGRlZDkwMjE3NjAyNGQ4YzgiLCAicGxhY2VtZW50X2lkIjogIjE0ODJfMzQ2IiwgImRlc3RpbmF0aW9uX3VybCI6ICJodHRwczovL3RrLmt4YWZmLmNvbS8/cHJvZ3JhbUlkPTExNjM4OTkmYWN0aXZpdHlJZD02NDI3JmFmZmlsaWF0ZUlkPTkwMjIyMyZjcmVhdGl2aXR5SWQ9NDM3MTcmcDA9JnAxPSZwMj0mcDM9JnA0PSZwNj0xNjk5NyZ0clR5cGU9SSZ1cmw9aHR0cHMlM2ElMmYlMmZoYW9mLmhvZW9udHJhY2suY29tJTJmYWZmX2MlM2ZvZmZlcl9pZCUzZDEzNSUyNmFmZl9pZCUzZDEyNjUlMjZ1cmxfaWQlM2QxMDkxOSUyNmZpbGVfaWQlM2QyMTY2MCUyNnNvdXJjZSUzZHdkYmVmciUyNmFmZl9zdWIlM2RCRUZSIn0= Response headers Server nginx Date Mon, 12 Jul 2021 11:02:44 GMT Content-Length 0 Connection keep-alive Cache-Control no-cache, no-store, must-revalidate Expires Sat, 26 Jul 1997 05:00:00 GMT P3p CP="NOI CUR OUR NOR INT" Pragma no-cache Set-Cookie aff_ran_url_135=10919; expires=Tue, 13 Jul 2021 11:02:44 GMT; path=/; SameSite=None; Secure Tracking_id 102f3ef0aa77bc71394ac9b7dc0dde X-Robots-Tag noindex, nofollow Access-Control-Allow-Origin * X-Request-Id 60637827a7ba4891a0d38679ae6954c7 Access-Control-Allow-Headers Tune-SDK-Version Redirect headers cache-control private content-type text/html; charset=utf-8 location https://haof.hoeontrack.com/aff_c?offer_id=135&aff_id=1265&url_id=10919&file_id=21660&source=wdbefr&aff_sub=BEFR server Microsoft-IIS/10.0 x-aspnet-version 4.0.30319 set-cookie __kx=u_uuid=10a62ed8-2d91-4783-82c5-46b1156d050b; expires=Tue, 12-Jul-2022 11:01:15 GMT; path=/; secure; SameSite=None td_1163899=programId=1163899&affiliateId=902223&creativityId=43717&activityId=6427&param0=&param1=&param2=&param3=&param4=&param5=&param6=16997&frt=&_ltc=637616844752013011&expireOn=637642368000000000; expires=Tue, 10-Aug-2021 22:00:00 GMT; path=/; secure; SameSite=None x-powered-by ASP.NET p3p policyref="/W3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa OUR IND" date Mon, 12 Jul 2021 11:01:15 GMT content-length 249

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tk.kxaff.com
URL: https://tk.kxaff.com/?programId=1163899&activityId=6427&affiliateId=902223&creativityId=43717&p0=&p1=&p2=&p3=&p4=&p6=16997&trType=I&url=https%3a%2f%2fhaof.hoeontrack.com%2faff_c%3foffer_id%3d135%26aff_id%3d1265%26url_id%3d10919%26file_id%3d21660%26source%3dwdbefr%26aff_sub%3dBEFR

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			haof.hoeontrack.com/	1970-01-19 19:42:54	Name: aff_ran_url_135 Value: 10919

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.suggestiondamis.com
bd.tncid.app
c1.adform.net
clk.tncid.app
haof.hoeontrack.com
im.thenewco.id
redirect.frontend.weborama.fr
tk.keyxel.com
tk.kxaff.com
tk.kxaff.com
18.203.14.26
199.193.119.9
34.102.181.119
34.120.17.19
34.120.51.234
35.166.9.76
35.190.16.14
35.83.18.222
37.157.4.24
95dde310cc48b58cad7ee4488dc6e42cce46f8e44f0da0f234cc6f08afacbba6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

clk.tncid.app Open in urlscan Pro 34.120.17.19 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

83 %HTTPS

0 %IPv6

8 Domains

9 Subdomains

5 IPs

3 Countries

63 kBTransfer

62 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

1 Cookies

Indicators

clk.tncid.app Open in urlscan Pro
34.120.17.19 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

0 %
IPv6

8
Domains

9
Subdomains

5
IPs

3
Countries

63 kB
Transfer

62 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions