urlscan.io logo urlscan.io
SecurityTrails logo

malwaredefensive.com Open in urlscan Pro
161.35.38.81  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://redq.metrobank.com/
Effective URL: https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung%20SM-A205U&model=SM-A205U&country=GB&...
Submission: On April 06 via api from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 8 domains to perform 17 HTTP transactions. The main IP is 161.35.38.81, located in Slough, United Kingdom and belongs to DIGITALOCEAN-ASN, US. The main domain is malwaredefensive.com.
TLS certificate: Issued by R3 on March 27th 2024. Valid for: 3 months.
This is the only time malwaredefensive.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 185.53.177.52 61969 (TEAMINTER...)
1 2600:9000:225... 16509 (AMAZON-02)
2 52.202.197.6 14618 (AMAZON-AES)
3 2606:4700:303... 13335 (CLOUDFLAR...)
3 216.104.36.156 32475 (SINGLEHOP...)
1 1 24.144.83.121 14061 (DIGITALOC...)
4 161.35.38.81 14061 (DIGITALOC...)
17 6
4    185.53.177.52 (Germany)

ASN61969 (TEAMINTERNET-AS, DE)
redq.metrobank.com
1    2600:9000:2250:8200:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)
d38psrni17bvxu.cloudfront.net
2    52.202.197.6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-197-6.compute-1.amazonaws.com
sadbh-kye.com
iuven-ojr.com
3    2606:4700:3035::6815:22c7 (United States)

ASN13335 (CLOUDFLARENET, US)
673752.takemybackup.co
3    216.104.36.156 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
mtpp.bidrdtrck.com
1    24.144.83.121 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
thisclicker.com
4    161.35.38.81 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)
malwaredefensive.com
Domain Requested by
4 malwaredefensive.com mtpp.bidrdtrck.com
malwaredefensive.com
4 redq.metrobank.com d38psrni17bvxu.cloudfront.net
redq.metrobank.com
3 mtpp.bidrdtrck.com
3 673752.takemybackup.co iuven-ojr.com
673752.takemybackup.co
1 thisclicker.com 1 redirects
1 iuven-ojr.com sadbh-kye.com
1 sadbh-kye.com redq.metrobank.com
1 d38psrni17bvxu.cloudfront.net redq.metrobank.com
17 8

This site contains no links.

Subject Issuer Validity Valid
*.parkingcrew.net
Thawte TLS RSA CA G1		 2020-07-20 -
2022-09-18		 2 years crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
zeropark.com
Amazon RSA 2048 M01		 2023-07-12 -
2024-08-09		 a year crt.sh
iuven-ojr.com
Amazon RSA 2048 M03		 2023-12-22 -
2025-01-19		 a year crt.sh
takemybackup.co
GTS CA 1P5		 2024-02-27 -
2024-05-27		 3 months crt.sh
mtpp.bidrdtrck.com
R3		 2024-02-01 -
2024-05-01		 3 months crt.sh
malwaredefensive.com
R3		 2024-03-27 -
2024-06-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung%20SM-A205U&model=SM-A205U&country=GB&city=London&language=en-GB&cid=co8n93r4f74c73bk8h00
Frame ID: 02B402D89594662B8E6A7B281B4C6770
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Win Rewards

Page URL History Show full URLs

  1. http://redq.metrobank.com/ HTTP 307
    https://redq.metrobank.com/ Page URL
  2. http://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f... HTTP 307
    https://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f... Page URL
  3. https://iuven-ojr.com/zclkredirect?visitid=890a3860-f430-11ee-a5b0-0afff6116d99&type=js&browserWid... Page URL
  4. https://673752.takemybackup.co/?ownid=l9f1328a0-dvm-nilurmf&enparms2=1997%2C2068639%2C3341206%2C1948%2C1951... Page URL
  5. https://673752.takemybackup.co/ Page URL
  6. https://mtpp.bidrdtrck.com/?utm_medium=c2764d62b24ee7b0e5aab79b5fa18e0d35acd60a&utm_campaign=0click&cid... Page URL
  7. https://thisclicker.com/click?key=69dbafd8a350020adbd2&subid=M7354787815428718657&pid=2018-4b71208c&... HTTP 307
    https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung%20SM-A205U&model=... Page URL

Page Statistics

17
Requests

71 %
HTTPS

29 %
IPv6

8
Domains

8
Subdomains

6
IPs

3
Countries

58 kB
Transfer

93 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://redq.metrobank.com/ HTTP 307
    https://redq.metrobank.com/ Page URL
  2. http://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=8916bb81-f430-11ee-a5b0-0afff6116d99 HTTP 307
    https://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=8916bb81-f430-11ee-a5b0-0afff6116d99 Page URL
  3. https://iuven-ojr.com/zclkredirect?visitid=890a3860-f430-11ee-a5b0-0afff6116d99&type=js&browserWidth=1600&browserHeight=1113&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B01%3A00&timezoneName=Europe%2FLondon Page URL
  4. https://673752.takemybackup.co/?ownid=l9f1328a0-dvm-nilurmf&enparms2=1997%2C2068639%2C3341206%2C1948%2C1951%2C5947%2C2156%2C0%2C0%2C1952%2C0%2C2073426%2C673752%2C163205%2C132596839469%2C116470254%2Cnlx.pmzyligvn&u_agnt=34e31726fbc7d351f736b6911f8960c6&skter=wizx%20grwvix%20pmzyligvn%2Cmlrmf%20grwvix%20ligvn%2Cvmroml%20pmzyligvn%2Cvmroml%20ligvn%2Cpmzy%20ligvn%2Cpmzyligvn&czero=-1&cstate=wmzotmv&skwdb=MLI&ccntry=PF&cctid=109&chsh=64b904356aa0dd29818a02bbcda5f31c&rn=304048868202&cf=24&dlt=0&da=873265&pbi=0&cq=77&exids=&frdto=673752 Page URL
  5. https://673752.takemybackup.co/ Page URL
  6. https://mtpp.bidrdtrck.com/?utm_medium=c2764d62b24ee7b0e5aab79b5fa18e0d35acd60a&utm_campaign=0click&cid=cid217129c7a16a64e763de5231262ce7f45553&1=64b904356aa0dd29818a02bbcda5f31c Page URL
  7. https://thisclicker.com/click?key=69dbafd8a350020adbd2&subid=M7354787815428718657&pid=2018-4b71208c&partner_id=2018&v4 HTTP 307
    https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung%20SM-A205U&model=SM-A205U&country=GB&city=London&language=en-GB&cid=co8n93r4f74c73bk8h00 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://redq.metrobank.com/ HTTP 307
  • https://redq.metrobank.com/
Request Chain 5
  • http://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=8916bb81-f430-11ee-a5b0-0afff6116d99 HTTP 307
  • https://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=8916bb81-f430-11ee-a5b0-0afff6116d99

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
redq.metrobank.com/
Redirect Chain
  • http://redq.metrobank.com/
  • https://redq.metrobank.com/
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://redq.metrobank.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.52 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
2b21b09f0f752ca370e5945b312a04d7c8bda87cf67c276c31fb0823ac6947e4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
en-GB,en;q=0.9

Response headers

Accept-Ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
Accept-Ch-Lifetime
30
Content-Encoding
gzip
Content-Length
1332
Content-Type
text/html; charset=UTF-8
Date
Sat, 06 Apr 2024 16:12:59 GMT
Server
nginx
Vary
Accept-Encoding
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Q45u6xoB4s/V69DsJxh6dd7wRmA65rnvemWRqLDcE4wu67qCpKwlpj6tzLmQLqd+pQkyUnPwifjWANsasM/99w==
X-Buckets
bucket077
X-Domain
metrobank.com
X-Language
english
X-Redirect
zeropark_zeroclick
X-Subdomain
redq
X-Template
tpl_MobileCleanBlack_twoclick

Redirect headers

Location
https://redq.metrobank.com/
Non-Authoritative-Reason
HttpsUpgrades
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: redq.metrobank.com
URL: https://redq.metrobank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:8200:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://redq.metrobank.com/
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Sat, 06 Apr 2024 04:32:53 GMT
via
1.1 da4de4427d18bee1d3254f1bbdad25f2.cloudfront.net (CloudFront)
last-modified
Thu, 21 Mar 2024 11:48:11 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
age
42006
etag
"65fc1e7b-448"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
1096
x-amz-cf-id
4w7v-THr1WYMD56D05_xJsgBvBB0qWa-x8SduCbnn_xuAjI7NZTbnA==
track.php
redq.metrobank.com/ 		0
565 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://redq.metrobank.com/track.php?domain=metrobank.com&toggle=browserjs&uid=MTcxMjQxOTk3OC44MTU2OjNkYzM0MTQ3MWEwOTYyYzZkY2JhMjEyZDIxZjFlYTNkNWQ4NWQ3ZjViMDA4NTJkOGM5YWRlYjA3NjhmM2NiNjk6NjYxMTc0OGFjNzFkMw%3D%3D
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.52 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

device-memory
8
rtt
100
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
viewport-width
1600
Referer
https://redq.metrobank.com/
dpr
1
downlink
10
ect
4g

Response headers

Date
Sat, 06 Apr 2024 16:12:59 GMT
Content-Encoding
gzip
Accept-Ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server
nginx
X-Custom-Track
browserjs
Vary
Accept-Encoding
Accept-Ch-Lifetime
30
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Content-Length
20
ls.php
redq.metrobank.com/ 		16 B
863 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://redq.metrobank.com/ls.php?t=6611748b&token=c7f5c1be59dbe296c2ac8c3150339d59cd60856c
Requested by
Host: redq.metrobank.com
URL: https://redq.metrobank.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.52 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

device-memory
8
rtt
100
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
viewport-width
1600
Referer
https://redq.metrobank.com/
dpr
1
downlink
10
ect
4g

Response headers

Date
Sat, 06 Apr 2024 16:12:59 GMT
Accept-Ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server
nginx
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
POST, OPTIONS
Content-Type
text/javascript;charset=UTF-8
Access-Control-Allow-Origin
Accept-Ch-Lifetime
30
Charset
utf-8
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_f9dB5uG81flJbB2UIs1psTEuxONfSlUkCR2WCpbbwg4L6s3ay0aoKaCGiUM5ares1IQSUBUupKG23W4sRH/M1Q==
X-Log-Success
6611748bce044372690c26f1
Content-Length
16
track.php
redq.metrobank.com/ 		0
580 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://redq.metrobank.com/track.php?click=b03d3e0ab9547a7d158c69a3ebdac4fbfa641beb&domain=metrobank.com&uid=MTcxMjQxOTk3OC44MTU2OjNkYzM0MTQ3MWEwOTYyYzZkY2JhMjEyZDIxZjFlYTNkNWQ4NWQ3ZjViMDA4NTJkOGM5YWRlYjA3NjhmM2NiNjk6NjYxMTc0OGFjNzFkMw%3D%3D&ts=fE1vYmlsZUNsZWFuQmxhY2t8fDQ3OWMwfGJ1Y2tldDA3N3x8fHx8fDY2MTE3NDhhYzcxYTN8fHwxNzEyNDE5OTc5LjEyMTh8YmU1ZDMzZTNhOTRlMTlhYmMwMzE0YjEzMGU5MjhhNDA4MjExYzg2ZHx8fHx8MXx8MHwwfHx8fDF8fHx8fDB8MHx8fHx8fHx8fHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGM3ZjVjMWJlNTlkYmUyOTZjMmFjOGMzMTUwMzM5ZDU5Y2Q2MDg1NmN8MHx8MHwwfHw%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.52 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

device-memory
8
rtt
100
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
viewport-width
1600
Referer
https://redq.metrobank.com/
dpr
1
downlink
10
ect
4g

Response headers

Date
Sat, 06 Apr 2024 16:12:59 GMT
Content-Encoding
gzip
Accept-Ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server
nginx
X-Custom-Track
none
Vary
Accept-Encoding
Accept-Ch-Lifetime
30
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
X-View-Match
true
Content-Length
20
85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d
sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/
Redirect Chain
  • http://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=8916bb81-f430-11ee-a5b0-0afff6116d99
  • https://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=8916bb81-f430-11ee-a5b0-0afff6116d99
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=8916bb81-f430-11ee-a5b0-0afff6116d99
Requested by
Host: redq.metrobank.com
URL: https://redq.metrobank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.202.197.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-197-6.compute-1.amazonaws.com
Software
/
Resource Hash
1f5935d9af5bf9d511e4b12b3075d7bf2a201ed5d86099b98bd1ea25bfa2653e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://redq.metrobank.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Sat, 06 Apr 2024 16:13:00 GMT
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'

Redirect headers

Location
https://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=8916bb81-f430-11ee-a5b0-0afff6116d99
Non-Authoritative-Reason
HttpsUpgrades
zclkredirect
iuven-ojr.com/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://iuven-ojr.com/zclkredirect?visitid=890a3860-f430-11ee-a5b0-0afff6116d99&type=js&browserWidth=1600&browserHeight=1113&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B01%3A00&timezoneName=Europe%2FLondon
Requested by
Host: sadbh-kye.com
URL: https://sadbh-kye.com/zclkvisitor/890a3860-f430-11ee-a5b0-0afff6116d99/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=8916bb81-f430-11ee-a5b0-0afff6116d99
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.202.197.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-197-6.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://sadbh-kye.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
1252
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Sat, 06 Apr 2024 16:13:00 GMT
redirected
JS
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'
/
673752.takemybackup.co/ 		42 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://673752.takemybackup.co/?ownid=l9f1328a0-dvm-nilurmf&enparms2=1997%2C2068639%2C3341206%2C1948%2C1951%2C5947%2C2156%2C0%2C0%2C1952%2C0%2C2073426%2C673752%2C163205%2C132596839469%2C116470254%2Cnlx.pmzyligvn&u_agnt=34e31726fbc7d351f736b6911f8960c6&skter=wizx%20grwvix%20pmzyligvn%2Cmlrmf%20grwvix%20ligvn%2Cvmroml%20pmzyligvn%2Cvmroml%20ligvn%2Cpmzy%20ligvn%2Cpmzyligvn&czero=-1&cstate=wmzotmv&skwdb=MLI&ccntry=PF&cctid=109&chsh=64b904356aa0dd29818a02bbcda5f31c&rn=304048868202&cf=24&dlt=0&da=873265&pbi=0&cq=77&exids=&frdto=673752
Requested by
Host: iuven-ojr.com
URL: https://iuven-ojr.com/zclkredirect?visitid=890a3860-f430-11ee-a5b0-0afff6116d99&type=js&browserWidth=1600&browserHeight=1113&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B01%3A00&timezoneName=Europe%2FLondon
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:22c7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cdde0552a169b85b06c53b15ca0c4308ea9d475c9420e656c9d4a2604acf25b

Request headers

Referer
https://iuven-ojr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
en-GB,en;q=0.9

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version, Device-Memory, Downlink, Sec-CH-DPR
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8703100fbf70951d-LHR
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 06 Apr 2024 16:13:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pogKgSe%2BgjrgRd8cAmifejOZFTcI5zJnXLbMookWYAx7OBagQMB5VOnQ1UvyA9WjRdC8twoZILiSHyuPKrU0ojVzBkFUncMOdoHqn6oneonhnxed3QBPi46TclPpJ40f3OKZ0CzR5MkNbbnfqmqfQr0K2J4L"}],"group":"cf-nel","max_age":604800}
server
cloudflare
schec.js
673752.takemybackup.co/ 		41 B
510 B 		Script
General
Check archive.org
Download Go to
Full URL
https://673752.takemybackup.co/schec.js
Requested by
Host: 673752.takemybackup.co
URL: https://673752.takemybackup.co/?ownid=l9f1328a0-dvm-nilurmf&enparms2=1997%2C2068639%2C3341206%2C1948%2C1951%2C5947%2C2156%2C0%2C0%2C1952%2C0%2C2073426%2C673752%2C163205%2C132596839469%2C116470254%2Cnlx.pmzyligvn&u_agnt=34e31726fbc7d351f736b6911f8960c6&skter=wizx%20grwvix%20pmzyligvn%2Cmlrmf%20grwvix%20ligvn%2Cvmroml%20pmzyligvn%2Cvmroml%20ligvn%2Cpmzy%20ligvn%2Cpmzyligvn&czero=-1&cstate=wmzotmv&skwdb=MLI&ccntry=PF&cctid=109&chsh=64b904356aa0dd29818a02bbcda5f31c&rn=304048868202&cf=24&dlt=0&da=873265&pbi=0&cq=77&exids=&frdto=673752
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:22c7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64cd1487a7a97d37fa3c627e2b40acfcf2b30501bf0761b9f3e5392c27e12fcf

Request headers

device-memory
8
Referer
downlink
10
sec-ch-dpr
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
en-GB,en;q=0.9

Response headers

date
Sat, 06 Apr 2024 16:13:00 GMT
cf-cache-status
HIT
last-modified
Wed, 04 Oct 2023 09:18:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2429
etag
"cc495fbda3f6d91:0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HsckrhUgpOGkm00yjRWRgfKhGnfHwjyIyhYLPtv9GGgmCRqpVuohzINw1oCbt41jEHH6%2Be6026vCet%2FKuNxqjScDW3Jy6lfr4y3yHCDqNSOiJmCwbNG3RIATSkmzFa43UaRfB9qRAjnL9e6IvwLAltbEgguk"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
870310106899951d-LHR
alt-svc
h3=":443"; ma=86400
content-length
41
/
673752.takemybackup.co/ 		550 B
945 B 		Document
General
Check archive.org
Download Go to
Full URL
https://673752.takemybackup.co/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:22c7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0f947561d197a70a4548552ce2f8e5c4e6b28e8ccff775f508afb4c63dca736

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
en-GB,en;q=0.9
device-memory
8
downlink
10
sec-ch-dpr
1

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87031011da2f951d-LHR
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 06 Apr 2024 16:13:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LAjj4pREt0NywiKQIUACDWm1rb%2B%2FR2cVSTCKXaAt6Z%2BHs5HtuoDs4bgbUPdqq6k2HGqVOf1DzY%2FSS3muvLQ8nsadBeI%2Bg44vy3HrHzaWVgGFuVTbZC95iAj0NO%2B47H2ZKeMR%2Fw9%2BTEKqf%2F3exd50aMFpkMLK"}],"group":"cf-nel","max_age":604800}
server
cloudflare
/
mtpp.bidrdtrck.com/ 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mtpp.bidrdtrck.com/?utm_medium=c2764d62b24ee7b0e5aab79b5fa18e0d35acd60a&utm_campaign=0click&cid=cid217129c7a16a64e763de5231262ce7f45553&1=64b904356aa0dd29818a02bbcda5f31c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.104.36.156 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
01e1b5ba09002a70771e17535ec268ef0b8463d0c14b395a2639a9599f637546
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
en-GB,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
alt-svc
h3=":443"; ma=604800; persist=1
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sat, 06 Apr 2024 16:13:01 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
favicon.ico
mtpp.bidrdtrck.com/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://mtpp.bidrdtrck.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.104.36.156 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://mtpp.bidrdtrck.com/proc.php?423dc2cf298b0fe9563df83f8f749524026f77b5
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Sat, 06 Apr 2024 16:13:01 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Fri, 11 Aug 2023 10:37:02 GMT
server
nginx
etag
"64d60f4e-47e"
content-type
image/x-icon
cache-control
max-age=86400
accept-ranges
bytes
alt-svc
h3=":443"; ma=604800; persist=1
content-length
1150
expires
Sun, 07 Apr 2024 16:13:01 GMT
favicon.ico
mtpp.bidrdtrck.com/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://mtpp.bidrdtrck.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.104.36.156 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://mtpp.bidrdtrck.com/proc.php?423dc2cf298b0fe9563df83f8f749524026f77b5
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Sat, 06 Apr 2024 16:13:01 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Fri, 11 Aug 2023 10:37:02 GMT
server
nginx
etag
"64d60f4e-47e"
content-type
image/x-icon
cache-control
max-age=86400
accept-ranges
bytes
alt-svc
h3=":443"; ma=604800; persist=1
content-length
1150
expires
Sun, 07 Apr 2024 16:13:01 GMT
Primary Request /
malwaredefensive.com/player/
Redirect Chain
  • https://thisclicker.com/click?key=69dbafd8a350020adbd2&subid=M7354787815428718657&pid=2018-4b71208c&partner_id=2018&v4
  • https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung%20SM-A205U&model=SM-A205U&country=GB&city=London&language=en-GB&cid=co8n93r4f74c73bk8h00
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung%20SM-A205U&model=SM-A205U&country=GB&city=London&language=en-GB&cid=co8n93r4f74c73bk8h00
Requested by
Host: mtpp.bidrdtrck.com
URL: https://mtpp.bidrdtrck.com/proc.php?423dc2cf298b0fe9563df83f8f749524026f77b5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.38.81 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4a069896e2e1ca77a6ce3505ebb972ccd1d68e192bb9197010de9bafec3ae53d

Request headers

Referer
https://mtpp.bidrdtrck.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
en-GB,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 06 Apr 2024 16:13:04 GMT
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked

Redirect headers

content-length
0
date
Sat, 06 Apr 2024 16:13:03 GMT
location
https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung SM-A205U&model=SM-A205U&country=GB&city=London&language=en-GB&cid=co8n93r4f74c73bk8h00
server
Caddy
x-request-id
b8046e9b-1583-4842-afa7-3836bcdc288b
gift.png
malwaredefensive.com/player/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://malwaredefensive.com/player/gift.png
Requested by
Host: malwaredefensive.com
URL: https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung%20SM-A205U&model=SM-A205U&country=GB&city=London&language=en-GB&cid=co8n93r4f74c73bk8h00
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.38.81 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b9d8f03d4064cd127779902f0b76a51772ff5dbd9edd905d2e16fa18a113338d

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Date
Sat, 06 Apr 2024 16:13:04 GMT
Last-Modified
Sat, 27 Jan 2024 01:03:23 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"65b4565b-1dfc"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7676
ODelI1aHBYDBqgeIAH2zlNV_2ngZ8dMf8fLgjYEouxg.woff2
malwaredefensive.com/player/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://malwaredefensive.com/player/ODelI1aHBYDBqgeIAH2zlNV_2ngZ8dMf8fLgjYEouxg.woff2
Requested by
Host: malwaredefensive.com
URL: https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung%20SM-A205U&model=SM-A205U&country=GB&city=London&language=en-GB&cid=co8n93r4f74c73bk8h00
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.38.81 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
cb992eae898417162c48b37712991d9ad8053c4a64fce51aff195edc69dc35f2

Request headers

Referer
https://malwaredefensive.com/player/?camperid=player19&campaign=player19&device=Samsung%20SM-A205U&model=SM-A205U&country=GB&city=London&language=en-GB&cid=co8n93r4f74c73bk8h00
Origin
https://malwaredefensive.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Date
Sat, 06 Apr 2024 16:13:04 GMT
Last-Modified
Sat, 27 Jan 2024 01:03:23 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"65b4565b-3e24"
Content-Type
application/octet-stream
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15908
favicon.ico
malwaredefensive.com/ 		564 B
392 B 		Other
General
Check archive.org
Download Go to
Full URL
https://malwaredefensive.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.38.81 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3c8cc37a98346bd0123b35e5ccd87bd07d69914dae04f8b49f61c150d96e9d1f

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

Date
Sat, 06 Apr 2024 16:13:04 GMT
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Domain/Path Name / Value
673752.takemybackup.co/ Name: cid217129c7a16a64e763de5231262ce7f45553
Value: 1712420040
673752.takemybackup.co/ Name: cid217129c7a16a64e763de5231262ce7f45553_js
Value: 1712420040844
673752.takemybackup.co/ Name: CF24-11eec90994fa16a5f14eb3023f7fe7d01
Value: 304048868202
thisclicker.com/ Name: uclick
Value: y76MnVhYPNI11eP3aGCY5wyGX4ppJDVJJN9QHNAF81GufmuwdvnfnCaD/rDVcd5XTpSyRA==
thisclicker.com/ Name: bcid
Value: co8n93r4f74c73bk8h00
thisclicker.com/ Name: cid
Value: co8n93r4f74c73bk8h00

1 Console Messages

Source Level URL
Text
network error URL: https://malwaredefensive.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)