517s61.reminews.com
Open in
urlscan Pro
213.174.135.2
Public Scan
Effective URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1...
Submission: On October 26 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 22nd 2021. Valid for: a year.
This is the only time 517s61.reminews.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
2 3 | 213.32.106.139 213.32.106.139 | 16276 (OVH) (OVH) | |
1 | 185.209.21.129 185.209.21.129 | 204601 (ON-LINE-D...) (ON-LINE-DATA Server location - Netherlands) | |
5 | 109.206.162.83 109.206.162.83 | 50245 (SERVEREL-AS) (SERVEREL-AS) | |
9 | 213.174.135.2 213.174.135.2 | 39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS) | |
16 | 4 |
ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL)
PTR: zm1.mobiteasy.com
click2go.xyz |
ASN39572 (ADVANCEDHOSTERS-AS, NL)
517s61.reminews.com | |
123.selornews.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
selornews.com
123.selornews.com |
46 KB |
5 |
klsdee.com
klsdee.com |
16 KB |
3 |
directoffermature.com
2 redirects
www.directoffermature.com |
5 KB |
1 |
reminews.com
517s61.reminews.com |
7 KB |
1 |
click2go.xyz
click2go.xyz |
828 B |
1 |
bit.ly
1 redirects
bit.ly |
349 B |
16 | 6 |
Domain | Requested by | |
---|---|---|
8 | 123.selornews.com |
517s61.reminews.com
|
5 | klsdee.com |
klsdee.com
|
3 | www.directoffermature.com | 2 redirects |
1 | 517s61.reminews.com |
klsdee.com
|
1 | click2go.xyz |
www.directoffermature.com
|
1 | bit.ly | 1 redirects |
16 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.directoffermature.com R3 |
2021-09-06 - 2021-12-05 |
3 months | crt.sh |
click2go.xyz R3 |
2021-09-26 - 2021-12-25 |
3 months | crt.sh |
klsdee.com R3 |
2021-09-03 - 2021-12-02 |
3 months | crt.sh |
*.reminews.com Sectigo RSA Domain Validation Secure Server CA |
2021-10-22 - 2022-11-21 |
a year | crt.sh |
*.selornews.com Sectigo RSA Domain Validation Secure Server CA |
2021-02-18 - 2022-02-18 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://klsdee.com/afu.php?zoneid=1542726&var=1541147
Frame ID: CD124AF7FFFEB9C649A78C9B823C80DA
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/3b2MVks
HTTP 301
https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_so... Page URL
-
https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_so...
HTTP 302
https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_so... HTTP 301
https://click2go.xyz/go/4995/1?subid1=43100e13b8876547cc9f407d25b26f3d43e751026-202110-flb*543859... Page URL
- https://klsdee.com/1541147/?var=4995&ymid=0pkma0p200084 Page URL
- https://klsdee.com/?r=dir&zoneid=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f7387... Page URL
- https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe2... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/3b2MVks
HTTP 301
https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID} Page URL
-
https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&eyeg=9f91a094169aa6ddc142cd295665a110&eyer=0.2929294145777106&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=
HTTP 302
https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&oyeg=9f91a094169aa6ddc142cd295665a110&eyer=0.2929294145777106&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=&eyeg=3 HTTP 301
https://click2go.xyz/go/4995/1?subid1=43100e13b8876547cc9f407d25b26f3d43e751026-202110-flb*5438597-c017b**sl_5438597-c017b*ef94e0fd88fef06802afb5d8eb19d3ea6928a2a7*{subID}*{sub_subID}&subid2=rest Page URL
- https://klsdee.com/1541147/?var=4995&ymid=0pkma0p200084 Page URL
- https://klsdee.com/?r=dir&zoneid=1541147&var=4995&ymid=0pkma0p200084&pb=08714457f854292b32f73877f19e75931635218470&psp=vAdhicZluxuXy2Chpz2kk0-JIFcHMjXdpKITWTgXVUb-JFDsI3EH5N3uKl_GA8SAXngpa9bvymCKTrE8kxDHQIz6IVNq_Fk-MxSkMJbDCZouJLGUPcaHDxj3SNa7AiYmbg3B5Dv-yL5QEkkPYd43C76gZ7II4Dhlk3eYDuO5alZaR9YJgc_5Mn1DiS4vK50rOIh7-KqFG1jsy1nesK3SL-RQjodyNjYC1xRRrwhFNpBmU5tL_Yx4h5acw5VaGLP1Eke7ma5spyI0EoTM8GsYF8znpB9_V8F6TeJo3VW9HHiO1RAWfOob7bq_-QA-uMUQfGqkmdzSR1gDD6FlNp1jufX3-8jtqp0GFrUlkPjBk3v74lV8hcNcg_XTDoOvpKlgGEwZHV3inLDalgrq4VFFFIFchW7igALE18x7jSoowGpqQsoDhgLhd7hJXL_5Sj4g8jVbjYgzsz0hyv8Bfkpq9wiZnyWF9jGQh0OMX_jx2fXjD_pK_SFEXVVxzZfg4bWA1kf81VskOqLtPC1wRacsZ_NATvJFGu7kSFmWW4sbR0xTkSLR2CFqOXj6d6iDsrSGJ_goMf5mYy7Zgq7WgXjPSU842NnKVcpRB-Qw6kTxNpXjeimwSN9IT1vj6_Fu8VI9yZa_XgxYbX83zqFfc77_N8UiAy9U5iPAr5A0j8EAxIjQAvkxfKEBGsB97h2JDk9hpQ==&nojs=0&ix=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&pl=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Linux%20x86_64&cd=24&0 Page URL
- https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1785930&ymid=211025202151dd44e9fe244b47986328299d&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bit.ly/3b2MVks HTTP 301
- https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}
- https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&eyeg=9f91a094169aa6ddc142cd295665a110&eyer=0.2929294145777106&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
- https://www.directoffermature.com/?sl=5438597-c017b&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}&oyeg=9f91a094169aa6ddc142cd295665a110&eyer=0.2929294145777106&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=&eyeg=3 HTTP 301
- https://click2go.xyz/go/4995/1?subid1=43100e13b8876547cc9f407d25b26f3d43e751026-202110-flb*5438597-c017b**sl_5438597-c017b*ef94e0fd88fef06802afb5d8eb19d3ea6928a2a7*{subID}*{sub_subID}&subid2=rest
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.directoffermature.com/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
1
click2go.xyz/go/4995/ Redirect Chain
|
272 B 828 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
klsdee.com/1541147/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
submit.min.js
klsdee.com/ |
31 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
klsdee.com/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.html
517s61.reminews.com/dannig/common-player-arrow/ |
6 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
dupa.gif
klsdee.com/ |
43 B 123 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
123.selornews.com/dannig/common-player-arrow/ |
4 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon1.png
123.selornews.com/dannig/common-player-arrow/img/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon2.png
123.selornews.com/dannig/common-player-arrow/img/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon3.png
123.selornews.com/dannig/common-player-arrow/img/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon4.png
123.selornews.com/dannig/common-player-arrow/img/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon5.png
123.selornews.com/dannig/common-player-arrow/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon7.png
123.selornews.com/dannig/common-player-arrow/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon8.png
123.selornews.com/dannig/common-player-arrow/img/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
afu.php
klsdee.com/ |
0 81 B |
Document
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bit.ly/ | Name: _bit Value: l9q1la-fb5ffc5bd4ad22dd5b-00M |
|
click2go.xyz/ | Name: mobitck Value: 1 |
|
klsdee.com/ | Name: UID Value: 2110252021117b27bd2e9a4e3f960c97796c |
|
klsdee.com/ | Name: OXCCLK Value: ABPemAAAAAAAAAAB |
|
klsdee.com/ | Name: OXPCLK Value: AAHg4AAAAAAAAAAB |
|
klsdee.com/ | Name: ppucnt Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
123.selornews.com
517s61.reminews.com
bit.ly
click2go.xyz
klsdee.com
www.directoffermature.com
109.206.162.83
185.209.21.129
213.174.135.2
213.32.106.139
67.199.248.11
3f2d16ea36b9b12dca2ca28689e06d630c3a6fa332ced379662b58767c54384a
45e73da2806a11d7d03796150d86d9f26a1550c1a0d32767458ac0130dafc003
4d23eca65ee87fd5bce9aaefc863c5f836ad13dbb3069c72533bddfe2054d0d9
704ac850576addb36549716f2a7a2dc0e1cfd2ec0fb7316e8fb8c59c224eb52a
958b18d211320caadb6a1ad60fdc6faf3474abeee710445d378321acf5f69143
aff74a1831751f8e3fdd28604cabf62fb86905165017a0c7dc108bb9c8ffc34e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea53c322dd6fb93aa9bac81455149afa36a7a012f56c21400db7eedcfaafcc4e