urlscan.io logo urlscan.io
SecurityTrails logo

trackingads.offerclub.website Open in urlscan Pro
2606:4700:3033::ac43:bfe7  Public Scan

Go To Rescan Add Verdict Report
URL: https://trackingads.offerclub.website/
Submission: On February 25 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3033::ac43:bfe7, located in United States and belongs to CLOUDFLARENET, US. The main domain is trackingads.offerclub.website.
TLS certificate: Issued by GTS CA 1P5 on January 24th 2023. Valid for: 3 months.
This is the only time trackingads.offerclub.website was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 2a03:2880:f01... 32934 (FACEBOOK)
4 3
Apex Domain
Subdomains		 Transfer
2 offerclub.website
trackingads.offerclub.website
3 KB
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
28 KB
1 hubspot.de
blog.hubspot.de
50 KB
4 3
Domain Requested by
2 trackingads.offerclub.website trackingads.offerclub.website
1 connect.facebook.net trackingads.offerclub.website
1 blog.hubspot.de trackingads.offerclub.website
4 3

This site contains links to these domains. Also see Links.

Domain
wa.me
Subject Issuer Validity Valid
*.offerclub.website
GTS CA 1P5		 2023-01-24 -
2023-04-24		 3 months crt.sh
blog.hubspot.de
Cloudflare Inc ECC CA-3		 2022-12-31 -
2023-12-31		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-01-10 -
2023-03-05		 2 months crt.sh

This page contains 1 frames:

Primary Page: https://trackingads.offerclub.website/
Frame ID: D3A0F5212F1586E5D17F58DFF373E332
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Tracking Ads

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

4
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

82 kB
Transfer

162 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
trackingads.offerclub.website/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trackingads.offerclub.website/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:bfe7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11eab2b17c1a0fd9835f761d77e1eea8134415d0d494900264d7893f9cc6f856
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
79f312f91c062c49-FRA
content-encoding
br
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=utf-8
date
Sat, 25 Feb 2023 20:08:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BkSNIvHqcz964gOpHYwykbbzaZC4U1jD9sVbIoYykbwItxS8vxVV3cgO4ZjFbHpME4XP7pQDch5lkl1gcDIvw0dZq3ip70Ze9z7jOrZJ0nfr64PVoueKr143ZZ8A83YjyG5ZZwrNYo03HPY7h59OQB4NE40g8nNLdGhKZg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-litespeed-cache
miss
x-turbo-charged-by
LiteSpeed
style.css
trackingads.offerclub.website/landing-page/generic/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://trackingads.offerclub.website/landing-page/generic/css/style.css
Requested by
Host: trackingads.offerclub.website
URL: https://trackingads.offerclub.website/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:bfe7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd53be7b682593bd03cb5dec43dad9af8a00dadc6979fa130503df1ef95cc015
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://trackingads.offerclub.website/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Sat, 25 Feb 2023 20:08:39 GMT
content-security-policy
frame-ancestors 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
content-encoding
br
x-litespeed-cache
miss
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 09 Feb 2023 00:34:32 GMT
server
cloudflare
etag
W/"1d93c1e46e15bf9"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hMWIZLadk7%2FgRswSQZceajR86aKb92BhTQP5RCOVhoAiRfM7GH5jRgGkZCkh6t1MbtGIgsLpqbqwgS%2B5TbJXKHypU4Ob0b1%2Fcr1EvH5fPsqD1%2BIupn11uwJ9l6Q6Rw7yr%2F3FLXkbrN63oxP1kZ69YvtojBzi1mF0Q8o46g%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
79f312fc49bd2c49-FRA
expires
Sat, 04 Mar 2023 20:08:39 GMT
conversion-tracking-adwords-analytics.png
blog.hubspot.de/hubfs/Germany/Blog_images/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.hubspot.de/hubfs/Germany/Blog_images/conversion-tracking-adwords-analytics.png
Requested by
Host: trackingads.offerclub.website
URL: https://trackingads.offerclub.website/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
656923e04c4246a8074743637c25e16d4aaf504d7a7346337a437f2529c4c760
Security Headers
Name Value
Strict-Transport-Security max-age=31104000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://trackingads.offerclub.website/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Sat, 25 Feb 2023 20:08:40 GMT
strict-transport-security
max-age=31104000; includeSubDomains; preload
via
1.1 ba7789e51500bb7b69a0c33a90aec410.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11926702096,FD-4258036091,P-53,FLS-ALL
x-amz-version-id
fjgPAo3XI2_ispDoFQBgaGlQRcTTsHhF
x-amz-cf-pop
CDG52-P1
x-amz-request-id
GVHZKMAER26SBV0P
edge-cache-tag
F-11926702096,FD-4258036091,P-53,FLS-ALL
cache-tag
F-11926702096,FD-4258036091,P-53,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
49709
x-amz-id-2
ASAnz/lVhtNfiBCNpG20L7Puj2ryasoNI5y9iH6kJetS/hSkEVB/ee+QBYsP/NfMax8jIAzD8AwpEYh3IFnBbA==
last-modified
Wed, 07 Aug 2019 11:43:47 GMT
server
cloudflare
etag
"0e9e126b64f7951efd30d947764b4421"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKFQ%2FbclUcJpB6orxx%2BMN9FPy%2Bz6HPFt8aSIcxkofNmhXDwLKWzH9kpg%2B%2Fw9krzxJ20q5RsM6pHcC7EjV9j0Zr%2BPgPQGrjELp5QZBhiNnhleE8VwaZJYwNky57bR1LYzf0bDXvJb3Eq%2BhlMEBg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
79f312fccddf9b82-FRA
x-amz-cf-id
HYyHaw7FgiLJBGZWPMmEfNFEjOEcZhcqhIOXO7b7AMdGDqkf12FkwQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
fbevents.js
connect.facebook.net/en_US/ 		106 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: trackingads.offerclub.website
URL: https://trackingads.offerclub.website/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cab52dc3525d23d87fc3337ea17253060c6f723389a33e62699d510f1878972b
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://trackingads.offerclub.website/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 25 Feb 2023 20:08:39 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27843
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
NhNdh7vWQ7M/8CcAy2p2Y17atHTMLmdJPprYIyhJnSo29Tc9/Hp4v5UDoLV/heEzdYNBRXcrkgS3q6lAje3kdw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| fbq function| _fbq

2 Cookies

Domain/Path Name / Value
.blog.hubspot.de/ Name: __cf_bm
Value: CvY7wTmbue0Fq17ITJ_o_5tAYKnHNX.VrYnhyyC3dbE-1677355720-0-AdvjWCuKAepxvMmoy/B+mpBgeoH/v7VEa/MIGG5AXP18uNltYtvIDwI2Apf0NAzTEJNbgWZ1mxNQjv56Q7mcAYM=
.blog.hubspot.de/ Name: __cfruid
Value: 5ba9638f104f672f62557eec0a6ace6723a249ec-1677355720

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY