urlscan.io logo urlscan.io
SecurityTrails logo

www.gearbest.com Open in urlscan Pro
104.109.72.141  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://reklamstore.go2affise.com/click?pid=28&offer_id=181
Effective URL: https://www.gearbest.com/promotion-bestseller-special-1308.html?lkid=45687009&cid=208747496854270823
Submission: On October 17 via manual from RO
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 10 domains to perform 8 HTTP transactions. The main IP is 104.109.72.141, located in Netherlands and belongs to AKAMAI-ASN1, US. The main domain is www.gearbest.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on February 9th 2019. Valid for: a year.
This is the only time www.gearbest.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 212.32.252.65 60781 (LEASEWEB-...)
1 1 34.225.190.7 14618 (AMAZON-AES)
1 3 34.231.89.205 14618 (AMAZON-AES)
1 23.111.9.35 33438 (HIGHWINDS2)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 188.42.162.170 35415 (WEBZILLA)
1 104.20.47.123 13335 (CLOUDFLAR...)
1 188.42.160.79 35415 (WEBZILLA)
1 104.109.72.141 20940 (AKAMAI-ASN1)
8 8
1    212.32.252.65 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
reklamstore.go2affise.com
1    34.225.190.7 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-225-190-7.compute-1.amazonaws.com
pu.vuer.net
3    34.231.89.205 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-231-89-205.compute-1.amazonaws.com
newsmagic.net
news-back.com
1    23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
use.fontawesome.com
1    2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
2    188.42.162.170 (Amsterdam, Netherlands)

ASN35415 (WEBZILLA, NL)
ellcurvth.com
1    104.20.47.123 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
feed.r-tb.com
1    188.42.160.79 (Amsterdam, Netherlands)

ASN35415 (WEBZILLA, NL)
my.rtmark.net
1    104.109.72.141 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-72-141.deploy.static.akamaitechnologies.com
www.gearbest.com
Domain Requested by
2 ellcurvth.com 1 redirects newsmagic.net
2 newsmagic.net newsmagic.net
1 www.gearbest.com ellcurvth.com
1 my.rtmark.net ellcurvth.com
1 feed.r-tb.com newsmagic.net
1 news-back.com 1 redirects
1 ajax.googleapis.com newsmagic.net
1 use.fontawesome.com newsmagic.net
1 pu.vuer.net 1 redirects
1 reklamstore.go2affise.com 1 redirects
8 10

This site contains no links.

Subject Issuer Validity Valid
newsmagic.net
Let's Encrypt Authority X3		 2019-09-07 -
2019-12-06		 3 months crt.sh
*.fontawesome.com
DigiCert SHA2 Secure Server CA		 2018-09-17 -
2019-11-21		 a year crt.sh
*.googleapis.com
GTS CA 1O1		 2019-10-03 -
2019-12-26		 3 months crt.sh
ellcurvth.com
Sectigo RSA Domain Validation Secure Server CA		 2019-05-06 -
2020-05-05		 a year crt.sh
ssl367514.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-09-19 -
2020-03-27		 6 months crt.sh
my.rtmark.net
Let's Encrypt Authority X3		 2019-09-24 -
2019-12-23		 3 months crt.sh
*.gearbest.com
DigiCert SHA2 Secure Server CA		 2019-02-09 -
2020-05-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.gearbest.com/promotion-bestseller-special-1308.html?lkid=45687009&cid=208747496854270823
Frame ID: DCF781CE771CE920DCDCAB62C8E40FE5
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://reklamstore.go2affise.com/click?pid=28&offer_id=181 HTTP 302
    https://pu.vuer.net/kfdsad58rt/ouyt53g1d.php?utm_source=312&utm_campaign=8595738&clck=5da8a2c36e... HTTP 302
    https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&si... Page URL
  2. https://news-back.com/ksbHaUip8OSGt4LlHiRPYsvE6_xEkSydIdIzbeu85rI?clck=d_0mCF0fyZiXvOS-BMhVoprSm5a... HTTP 302
    https://ellcurvth.com/afu.php?zoneid=2816292&var=rek_adult_wp&ymid=PMRqWXVy4xBMGKzHvfyW6qHn0TX2YvO... Page URL
  3. https://ellcurvth.com/?z=2816292 HTTP 302
    https://www.gearbest.com/promotion-bestseller-special-1308.html?lkid=45687009&cid=208747496854270823 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

8
Requests

100 %
HTTPS

11 %
IPv6

10
Domains

10
Subdomains

8
IPs

3
Countries

102 kB
Transfer

225 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://reklamstore.go2affise.com/click?pid=28&offer_id=181 HTTP 302
    https://pu.vuer.net/kfdsad58rt/ouyt53g1d.php?utm_source=312&utm_campaign=8595738&clck=5da8a2c36e528d0001758d6c&sid=28_ HTTP 302
    https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0 Page URL
  2. https://news-back.com/ksbHaUip8OSGt4LlHiRPYsvE6_xEkSydIdIzbeu85rI?clck=d_0mCF0fyZiXvOS-BMhVoprSm5a9x69WqoabtQe5J0X7V6RLKBIyNDo6hUqmL1uKokgjbKl5ANq_IzWybt1m813oI8lmlIh7i9WmDR-FN1329T-xa3QvhtiGeExRNXDSuUIV5sjZpVzl7gb7kJEU-eTlYyVFXFqxmA502a61EiwxNJIKH9iohsM0yh62qPL3&sid=rek_adult_wp HTTP 302
    https://ellcurvth.com/afu.php?zoneid=2816292&var=rek_adult_wp&ymid=PMRqWXVy4xBMGKzHvfyW6qHn0TX2YvO-8HmJe_i9ATqF1HdfS36vHeAS0nqAdE98W3-pWvZOcxvUKyD-yyHb0fwONaYRl_FOMbujo15sFlkEWDesLjGKVAwDpCkvuDSRn2iJ32f0pGyCf5xHz_yP0GtFixKtmJL6yyVR2QVWCQEb9sojgRy_Z-nM9NP41DBHGscKuv0L74WGaCMLesSgJdhdWjQ0yh_y2PrXUxPaHmCAHhtUlACL0vIlLsYvpo4ETLP31-7Zxp_rldmMSz5tRu7vkeCueTKW005fsup7iIY-oV9QFqSZuOFLSG7hV5ufy8w9HijmP3TUGzgcIS_n3JCHQsDQJieWpvIuFi1VsvL41Ifu7nHjLnHzhS7frjJL1wUsaGNlv1I0RjXrlvPVhuqUIsbF-FZ1D4JIJmT1BL0 Page URL
  3. https://ellcurvth.com/?z=2816292 HTTP 302
    https://www.gearbest.com/promotion-bestseller-special-1308.html?lkid=45687009&cid=208747496854270823 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://reklamstore.go2affise.com/click?pid=28&offer_id=181 HTTP 302
  • https://pu.vuer.net/kfdsad58rt/ouyt53g1d.php?utm_source=312&utm_campaign=8595738&clck=5da8a2c36e528d0001758d6c&sid=28_ HTTP 302
  • https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
Request Chain 6
  • https://news-back.com/ksbHaUip8OSGt4LlHiRPYsvE6_xEkSydIdIzbeu85rI?clck=d_0mCF0fyZiXvOS-BMhVoprSm5a9x69WqoabtQe5J0X7V6RLKBIyNDo6hUqmL1uKokgjbKl5ANq_IzWybt1m813oI8lmlIh7i9WmDR-FN1329T-xa3QvhtiGeExRNXDSuUIV5sjZpVzl7gb7kJEU-eTlYyVFXFqxmA502a61EiwxNJIKH9iohsM0yh62qPL3&sid=rek_adult_wp HTTP 302
  • https://ellcurvth.com/afu.php?zoneid=2816292&var=rek_adult_wp&ymid=PMRqWXVy4xBMGKzHvfyW6qHn0TX2YvO-8HmJe_i9ATqF1HdfS36vHeAS0nqAdE98W3-pWvZOcxvUKyD-yyHb0fwONaYRl_FOMbujo15sFlkEWDesLjGKVAwDpCkvuDSRn2iJ32f0pGyCf5xHz_yP0GtFixKtmJL6yyVR2QVWCQEb9sojgRy_Z-nM9NP41DBHGscKuv0L74WGaCMLesSgJdhdWjQ0yh_y2PrXUxPaHmCAHhtUlACL0vIlLsYvpo4ETLP31-7Zxp_rldmMSz5tRu7vkeCueTKW005fsup7iIY-oV9QFqSZuOFLSG7hV5ufy8w9HijmP3TUGzgcIS_n3JCHQsDQJieWpvIuFi1VsvL41Ifu7nHjLnHzhS7frjJL1wUsaGNlv1I0RjXrlvPVhuqUIsbF-FZ1D4JIJmT1BL0

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0
newsmagic.net/
Redirect Chain
  • https://reklamstore.go2affise.com/click?pid=28&offer_id=181
  • https://pu.vuer.net/kfdsad58rt/ouyt53g1d.php?utm_source=312&utm_campaign=8595738&clck=5da8a2c36e528d0001758d6c&sid=28_
  • https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
40 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.89.205 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-231-89-205.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2e3e83a21df6e84488ed55b4fc7c350de14715d15527564deb683f701a1ebd8a

Request headers

Host
newsmagic.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
referer
https://click2ckick.icu/

Response headers

Date
Thu, 17 Oct 2019 17:20:04 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
session=848eca92-dfd2-4502-974d-75f94d4cff83
Server
nginx

Redirect headers

Date
Thu, 17 Oct 2019 17:20:04 GMT
Content-Type
text/html
Content-Length
158
Connection
keep-alive
Location
https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
Server
nginx
all.css
use.fontawesome.com/releases/v5.4.1/css/ 		49 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.4.1/css/all.css
Requested by
Host: newsmagic.net
URL: https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
4d3b4d5d99f92dcc1f1c169db00f76aa1dc65d5d82192afcff04cf8a018a7ba1

Request headers

Sec-Fetch-Mode
cors
Referer
https://click2ckick.icu/
Origin
https://newsmagic.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 17 Oct 2019 17:20:04 GMT
content-encoding
gzip
last-modified
Thu, 11 Oct 2018 20:07:26 GMT
server
NetDNA-cache/2.2
status
200
etag
W/"beb60a9475685e87a9738a7306591e69"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: newsmagic.net
URL: https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://click2ckick.icu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 09 Oct 2019 21:56:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
674599
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
30399
x-xss-protection
0
last-modified
Thu, 25 Jan 2018 15:33:24 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 08 Oct 2020 21:56:45 GMT
domains.js
newsmagic.net/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newsmagic.net/domains.js
Requested by
Host: newsmagic.net
URL: https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.89.205 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-231-89-205.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2b3519ce4b3a07e48df661749fd3a131a62c51057e6528dc320d79560797e82a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://click2ckick.icu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 17 Oct 2019 17:20:04 GMT
Last-Modified
Thu, 17 Oct 2019 17:13:51 GMT
Server
nginx
ETag
"5da8a14f-1875"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6261
truncated
/ 		444 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3acdfb27687db55ebe9a07823cb618f6359bcdea11161a8a9e9d52ab6b27c28f

Request headers

Referer
https://click2ckick.icu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
474c2ae07275a5670abd0f39d367475319999c3ea8541007dfd74b9cdd551a11

Request headers

Referer
https://click2ckick.icu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
Cookie set afu.php
ellcurvth.com/
Redirect Chain
  • https://news-back.com/ksbHaUip8OSGt4LlHiRPYsvE6_xEkSydIdIzbeu85rI?clck=d_0mCF0fyZiXvOS-BMhVoprSm5a9x69WqoabtQe5J0X7V6RLKBIyNDo6hUqmL1uKokgjbKl5ANq_IzWybt1m813oI8lmlIh7i9WmDR-FN1329T-xa3QvhtiGeExRNX...
  • https://ellcurvth.com/afu.php?zoneid=2816292&var=rek_adult_wp&ymid=PMRqWXVy4xBMGKzHvfyW6qHn0TX2YvO-8HmJe_i9ATqF1HdfS36vHeAS0nqAdE98W3-pWvZOcxvUKyD-yyHb0fwONaYRl_FOMbujo15sFlkEWDesLjGKVAwDpCkvuDSRn2...
28 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ellcurvth.com/afu.php?zoneid=2816292&var=rek_adult_wp&ymid=PMRqWXVy4xBMGKzHvfyW6qHn0TX2YvO-8HmJe_i9ATqF1HdfS36vHeAS0nqAdE98W3-pWvZOcxvUKyD-yyHb0fwONaYRl_FOMbujo15sFlkEWDesLjGKVAwDpCkvuDSRn2iJ32f0pGyCf5xHz_yP0GtFixKtmJL6yyVR2QVWCQEb9sojgRy_Z-nM9NP41DBHGscKuv0L74WGaCMLesSgJdhdWjQ0yh_y2PrXUxPaHmCAHhtUlACL0vIlLsYvpo4ETLP31-7Zxp_rldmMSz5tRu7vkeCueTKW005fsup7iIY-oV9QFqSZuOFLSG7hV5ufy8w9HijmP3TUGzgcIS_n3JCHQsDQJieWpvIuFi1VsvL41Ifu7nHjLnHzhS7frjJL1wUsaGNlv1I0RjXrlvPVhuqUIsbF-FZ1D4JIJmT1BL0
Requested by
Host: newsmagic.net
URL: https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
188.42.162.170 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash
4b443345f0b3fc9a911b9b0128cf051995367bda837657140af7f6b6943c6e63
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Host
ellcurvth.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
referer
https://click2ckick.icu/
Referer
https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0

Response headers

Server
nginx
Date
Thu, 17 Oct 2019 17:20:05 GMT
Content-Type
text/html; charset=utf8
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding
Pragma
no-cache
Cache-Control
no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires
Tue, 11 Jan 1994 10:00:00 GMT
X-Trace-Id
8f32ede6adb853f1aba77ade352cb05f
Link
<//yacurlik.com>; rel="dns-prefetch preconnect",<//my.rtmark.net>; rel="dns-prefetch preconnect"
Set-Cookie
OAID=84adf9ab42614be9b011e9a617979daa; expires=Fri, 16 Oct 2020 17:20:05 GMT oaidts=1571332805; expires=Fri, 16 Oct 2020 17:20:05 GMT
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
Timing-Allow-Origin
*
Content-Encoding
gzip

Redirect headers

Date
Thu, 17 Oct 2019 17:20:05 GMT
Content-Type
text/html
Content-Length
158
Connection
keep-alive
Location
https://ellcurvth.com/afu.php?zoneid=2816292&var=rek_adult_wp&ymid=PMRqWXVy4xBMGKzHvfyW6qHn0TX2YvO-8HmJe_i9ATqF1HdfS36vHeAS0nqAdE98W3-pWvZOcxvUKyD-yyHb0fwONaYRl_FOMbujo15sFlkEWDesLjGKVAwDpCkvuDSRn2iJ32f0pGyCf5xHz_yP0GtFixKtmJL6yyVR2QVWCQEb9sojgRy_Z-nM9NP41DBHGscKuv0L74WGaCMLesSgJdhdWjQ0yh_y2PrXUxPaHmCAHhtUlACL0vIlLsYvpo4ETLP31-7Zxp_rldmMSz5tRu7vkeCueTKW005fsup7iIY-oV9QFqSZuOFLSG7hV5ufy8w9HijmP3TUGzgcIS_n3JCHQsDQJieWpvIuFi1VsvL41Ifu7nHjLnHzhS7frjJL1wUsaGNlv1I0RjXrlvPVhuqUIsbF-FZ1D4JIJmT1BL0
Set-Cookie
session=83c51d7c-0d71-4e84-941e-90619f1c311c
Server
nginx
AFU1kAAPZ-E
feed.r-tb.com/pushes/ 		0
257 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://feed.r-tb.com/pushes/AFU1kAAPZ-E?acc=51182759&compete=true&src=rek_adult_wp
Requested by
Host: newsmagic.net
URL: https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.47.123 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Sec-Fetch-Mode
cors
Referer
https://click2ckick.icu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
date
Thu, 17 Oct 2019 17:20:05 GMT
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
*
cf-ray
5273f0ef0ee79c39-AMS
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
img.gif
my.rtmark.net/ 		43 B
684 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=84adf9ab42614be9b011e9a617979daa
Requested by
Host: ellcurvth.com
URL: https://ellcurvth.com/afu.php?zoneid=2816292&var=rek_adult_wp&ymid=PMRqWXVy4xBMGKzHvfyW6qHn0TX2YvO-8HmJe_i9ATqF1HdfS36vHeAS0nqAdE98W3-pWvZOcxvUKyD-yyHb0fwONaYRl_FOMbujo15sFlkEWDesLjGKVAwDpCkvuDSRn2iJ32f0pGyCf5xHz_yP0GtFixKtmJL6yyVR2QVWCQEb9sojgRy_Z-nM9NP41DBHGscKuv0L74WGaCMLesSgJdhdWjQ0yh_y2PrXUxPaHmCAHhtUlACL0vIlLsYvpo4ETLP31-7Zxp_rldmMSz5tRu7vkeCueTKW005fsup7iIY-oV9QFqSZuOFLSG7hV5ufy8w9HijmP3TUGzgcIS_n3JCHQsDQJieWpvIuFi1VsvL41Ifu7nHjLnHzhS7frjJL1wUsaGNlv1I0RjXrlvPVhuqUIsbF-FZ1D4JIJmT1BL0
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
188.42.160.79 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://click2ckick.icu/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 17 Oct 2019 17:20:05 GMT
X-Content-Type-Options
nosniff
Server
nginx
Strict-Transport-Security
max-age=1
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
image/gif
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Authorization
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*, *
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
Content-Length
43
Primary Request promotion-bestseller-special-1308.html
www.gearbest.com/
Redirect Chain
  • https://ellcurvth.com/?z=2816292
  • https://www.gearbest.com/promotion-bestseller-special-1308.html?lkid=45687009&cid=208747496854270823
325 B
632 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.gearbest.com/promotion-bestseller-special-1308.html?lkid=45687009&cid=208747496854270823
Requested by
Host: ellcurvth.com
URL: https://ellcurvth.com/afu.php?zoneid=2816292&var=rek_adult_wp&ymid=PMRqWXVy4xBMGKzHvfyW6qHn0TX2YvO-8HmJe_i9ATqF1HdfS36vHeAS0nqAdE98W3-pWvZOcxvUKyD-yyHb0fwONaYRl_FOMbujo15sFlkEWDesLjGKVAwDpCkvuDSRn2iJ32f0pGyCf5xHz_yP0GtFixKtmJL6yyVR2QVWCQEb9sojgRy_Z-nM9NP41DBHGscKuv0L74WGaCMLesSgJdhdWjQ0yh_y2PrXUxPaHmCAHhtUlACL0vIlLsYvpo4ETLP31-7Zxp_rldmMSz5tRu7vkeCueTKW005fsup7iIY-oV9QFqSZuOFLSG7hV5ufy8w9HijmP3TUGzgcIS_n3JCHQsDQJieWpvIuFi1VsvL41Ifu7nHjLnHzhS7frjJL1wUsaGNlv1I0RjXrlvPVhuqUIsbF-FZ1D4JIJmT1BL0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.72.141 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-72-141.deploy.static.akamaitechnologies.com
Software
AkamaiGHost /
Resource Hash
dd473092fb4090787d27b1fc23a1812a8207fc94ac92b550c7e674a3dca25401

Request headers

:method
GET
:authority
www.gearbest.com
:scheme
https
:path
/promotion-bestseller-special-1308.html?lkid=45687009&cid=208747496854270823
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://ellcurvth.com/afu.php?zoneid=2816292&var=2816292&rid=wfxzsvAkbQDjdtH2xjZy_Q%3D%3D
accept-encoding
gzip, deflate, br
Origin
https://ellcurvth.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
referer
https://click2ckick.icu/
Referer
https://ellcurvth.com/afu.php?zoneid=2816292&var=2816292&rid=wfxzsvAkbQDjdtH2xjZy_Q%3D%3D

Response headers

status
403
server
AkamaiGHost
mime-version
1.0
content-type
text/html
content-length
325
cache-control
max-age=60
expires
Thu, 17 Oct 2019 17:21:05 GMT
date
Thu, 17 Oct 2019 17:20:05 GMT
set-cookie
AKAM_CLIENTID=bccc41ff6d303baa9db8bdb53b4df41a; expires=Mon, 31-Dec-2038 23:59:59 GMT; path=/; domain=.gearbest.com AKA_A2=A; expires=Thu, 17-Oct-2019 18:20:05 GMT; path=/; domain=gearbest.com; secure; HttpOnly
vary
User-Agent

Redirect headers

Server
nginx
Date
Thu, 17 Oct 2019 17:20:05 GMT
Content-Length
0
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
https://ellcurvth.com
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding
Pragma
no-cache
Cache-Control
no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires
Tue, 11 Jan 1994 10:00:00 GMT
X-Trace-Id
bec8563a634e76205a25f4a28ac8669a
Link
<https://www.gearbest.com>; rel="dns-prefetch preconnect",<//yacurlik.com>; rel="dns-prefetch preconnect"
Location
https://www.gearbest.com/promotion-bestseller-special-1308.html?lkid=45687009&cid=208747496854270823
Set-Cookie
OAID=84adf9ab42614be9b011e9a617979daa; expires=Fri, 16 Oct 2020 17:20:05 GMT oaidts=1571332805; expires=Fri, 16 Oct 2020 17:20:05 GMT OXCCLK=1041585.1; expires=Fri, 16 Oct 2020 17:20:05 GMT allcnt=1; expires=Fri, 16 Oct 2020 17:20:05 GMT
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
Timing-Allow-Origin
*

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

2 Cookies

Domain/Path Name / Value
.gearbest.com/ Name: AKA_A2
Value: A
.gearbest.com/ Name: AKAM_CLIENTID
Value: bccc41ff6d303baa9db8bdb53b4df41a

1 Console Messages

Source Level URL
Text
console-api log URL: https://newsmagic.net/QLGx3Fcr5DkKg3fWyL-gzE6gu6mK3qo5EdQkF_rFyU0?clck=5da8a2c36e528d0001758d6c&sid=28_&utm_campaign=NTY4ZwSkMwRD2vaSOf8xO3LpMjE0Nsk0(Line 18)
Message:
0