Submitted URL: http://aymayma.diskstation.org/rd/c2539HWkgo2489177hiSB59MQY4420jUfs607
Effective URL: https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=197023267&c3=1188
Submission: On April 28 via manual from SE

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 2 HTTP transactions. The main IP is 2606:4700:3031::6815:1c79, located in United States and belongs to CLOUDFLARENET, US. The main domain is click.trlxcf02.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 21st 2020. Valid for: a year.
This is the only time click.trlxcf02.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 158.101.160.202 31898 (ORACLE-BM...)
1 1 34.91.44.202 15169 (GOOGLE)
1 1 35.204.14.125 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2
Apex Domain
Subdomains
Transfer
2 diskstation.org
aymayma.diskstation.org
566 B
1 trlxcf02.com
click.trlxcf02.com
2 KB
1 plaqexit.com
plaqexit.com
738 B
1 versaliet.com
versaliet.com
286 B
2 4
Domain Requested by
2 aymayma.diskstation.org 1 redirects
1 click.trlxcf02.com aymayma.diskstation.org
1 plaqexit.com 1 redirects
1 versaliet.com 1 redirects
2 4

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-07-21 -
2021-07-21
a year crt.sh

This page contains 1 frames:

Primary Page: https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=197023267&c3=1188
Frame ID: 451F12063BDA47B16C23838209D02E9F
Requests: 2 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://aymayma.diskstation.org/rd/c2539HWkgo2489177hiSB59MQY4420jUfs607 Page URL
  2. http://aymayma.diskstation.org/track/c2539HWkgo2489177hiSB59MQY4420jUfs607 HTTP 302
    https://versaliet.com/?a=1188&oc=13108&c=37542&m=3&s1=7&s2=607-2539&s3=2489177-59-4420 HTTP 302
    https://plaqexit.com/?a=1188&oc=13108&c=37542&m=3&s1=7&s2=607-2539&s3=2489177-59-4420&ckmguid=a26... HTTP 302
    https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=197023267&c3=1188 Page URL

Page Statistics

2
Requests

50 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

3 kB
Transfer

0 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://aymayma.diskstation.org/rd/c2539HWkgo2489177hiSB59MQY4420jUfs607 Page URL
  2. http://aymayma.diskstation.org/track/c2539HWkgo2489177hiSB59MQY4420jUfs607 HTTP 302
    https://versaliet.com/?a=1188&oc=13108&c=37542&m=3&s1=7&s2=607-2539&s3=2489177-59-4420 HTTP 302
    https://plaqexit.com/?a=1188&oc=13108&c=37542&m=3&s1=7&s2=607-2539&s3=2489177-59-4420&ckmguid=a26f9089-6b7f-4b4b-879f-53186521e3e6 HTTP 302
    https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=197023267&c3=1188 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
c2539HWkgo2489177hiSB59MQY4420jUfs607
aymayma.diskstation.org/rd/
231 B
348 B
Document
General
Full URL
http://aymayma.diskstation.org/rd/c2539HWkgo2489177hiSB59MQY4420jUfs607
Protocol
HTTP/1.1
Server
158.101.160.202 Frankfurt am Main, Germany, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
/
Resource Hash
713940c0f79d2d462a7848fde8ddd58d39be328f17d2b342ed5f0118a9e21420

Request headers

Host
aymayma.diskstation.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
text/html; charset=utf-8
Date
Wed, 28 Apr 2021 11:28:45 GMT
Content-Length
231
Primary Request yX3CWb8iyJQi8Bznu2
click.trlxcf02.com/click/
Redirect Chain
  • http://aymayma.diskstation.org/track/c2539HWkgo2489177hiSB59MQY4420jUfs607
  • https://versaliet.com/?a=1188&oc=13108&c=37542&m=3&s1=7&s2=607-2539&s3=2489177-59-4420
  • https://plaqexit.com/?a=1188&oc=13108&c=37542&m=3&s1=7&s2=607-2539&s3=2489177-59-4420&ckmguid=a26f9089-6b7f-4b4b-879f-53186521e3e6
  • https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=197023267&c3=1188
24 B
2 KB
Document
General
Full URL
https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=197023267&c3=1188
Requested by
Host: aymayma.diskstation.org
URL: http://aymayma.diskstation.org/rd/c2539HWkgo2489177hiSB59MQY4420jUfs607
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:1c79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e37b6f5753f324cba2796bfa3efdb1b0b0f20d97596abb201e281af57858235f

Request headers

:method
GET
:authority
click.trlxcf02.com
:scheme
https
:path
/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=197023267&c3=1188
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://aymayma.diskstation.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://aymayma.diskstation.org/rd/c2539HWkgo2489177hiSB59MQY4420jUfs607

Response headers

date
Wed, 28 Apr 2021 11:28:46 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=db0f04ba7d12b42fd091153b86e4f004e1619609326; expires=Fri, 28-May-21 11:28:46 GMT; path=/; domain=.trlxcf02.com; HttpOnly; SameSite=Lax AWSALB=j5IKurW8fMkBJ9zxGD4fgDHSKDTsdHOIv+5hoL2iQgKb73ZswDvNGEz2v8asmdI2LA3gM+FGo7KjNjCARNTxiYRgEPlEvOFhfKqAfFVA5iLDZ3DBUJWZi9IUaqEO; Expires=Wed, 05 May 2021 11:28:46 GMT; Path=/ AWSALBCORS=j5IKurW8fMkBJ9zxGD4fgDHSKDTsdHOIv+5hoL2iQgKb73ZswDvNGEz2v8asmdI2LA3gM+FGo7KjNjCARNTxiYRgEPlEvOFhfKqAfFVA5iLDZ3DBUJWZi9IUaqEO; Expires=Wed, 05 May 2021 11:28:46 GMT; Path=/; SameSite=None XSRF-TOKEN=eyJpdiI6InRlNDZMWlhCaFZkeFI4QThxS2FnbFE9PSIsInZhbHVlIjoicTNuYXN3UDhQQ3g4a2VPUGlcL0o4RDJBSWZKZzNnWEVcLzg4b282aWE4djFmU244c2YxZ0t5TjB1bU92ZUlha21NVEVVcWpaUFR5YTR3dWxhcHdobFNidz09IiwibWFjIjoiNmUxYWFmZjllMjI4YzU5YTBhZmU2NGQ1NmIyNjkzMWVlODIzNGVjNjc4NWM5MGI4OTk5OTg2MjI3ZDk0MTY5MSJ9; expires=Wed, 28-Apr-2021 13:28:46 GMT; Max-Age=7200; path=/ session=eyJpdiI6ImI1Ym1iQklyZmZSemtaVjVyeXl4MFE9PSIsInZhbHVlIjoiRUt2Uk9QaHN1V2x3d3NQNkxSMDZicHhOMDg3NHRhYzNSV1YwaWZ2SFNIZ0poRTlvYXZhR1BpbE9BTWoxbVdCVTYxQ1hYM3lsNEVDclM1Q2pyWDFFa0E9PSIsIm1hYyI6ImU0NDBjZTY5NTQ0NjNiNDk2M2MyMzdmNDI2YTM1MTVkMDZmYmIwOWNmN2JkMTZmYjYyM2Q4YTAzYzUyNDAxZTYifQ%3D%3D; expires=Wed, 28-Apr-2021 13:28:46 GMT; Max-Age=7200; path=/; HttpOnly sbsF6Inx5bMB2RH3TniMvus0kKljDRBUmg1nkHgA=eyJpdiI6IlwvV04rSDlZa3QydDJ2OXNrc0dzRWNBPT0iLCJ2YWx1ZSI6ImhaRjU2U29QMzErcFdvNmRBYUVpRERVMzhVQ2pLazhkQWpLaVo3aXJlbjl6S0NDQ2QrSWVqcVBNUDYwb3VuT2tuWVRoUEJwK3dGQTZXc2xLbTgzaXRYTVNYTXZBYmpnN2VwT1NTQmltZUw3Y1BQa3VhVzlMeW1cL1dCRkJva2s0dXpaYXJwZUhuTnNCMGxcL3NMMGtFemc5N0paODJBamJkOTNkeWRqVW5XQlZpK3MrN0I3VG1EYlVhUzB2XC83Rm5yNU1DRnVtckVGRmc5TXZyNmFGRFZ0eFRBQzVKRFpXZ0RNS0xWUEpuMkVXanJaQVRXM0dnb0Yzc2cra3lrenB2VWxMRkhuUXl0TE1vXC9ReTNhXC9yMjd5cjFySTBEZEk0ZmZFWmxcL0ppd2k0R3JJYlFhYjhqQTh1WDh3UnJ3UURcL25XRTFwMUk4STFDYmtxMFhYenZcL3o0Qzh1cTAzdmpCYkY1NmlDY1J5MjZEZ1VYRWV2MERSRjB2NDlVdzlIN0k0ZUFlZWhNR2thME11eFY4ejBsVVBJTGZ1QT09IiwibWFjIjoiYWE5MGZmYTFjMmQ5ZmQ0OGMxYWIzOTRlNmIyOGZhOThiY2VhODMzM2NlODg2NzJkNzAyOGQ5ZjljN2ZmYTFhOSJ9; expires=Wed, 28-Apr-2021 13:28:46 GMT; Max-Age=7200; path=/; HttpOnly
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-request-id
09b9d629ab0000c2f477a83000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1cD1uF1nhjq8AW116PLbwV4r7pn1qMRAvDX3D3MUzPjvfW8ABcpQJVh69uxQiSzcszDDbQRYL%2BSgPJ%2BhuKOWEpPvPB%2FSu1QvawmV0xgvHA54qtW2HvgH5HSP5wFtzeM%3D"}]}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
646ff2ef7ad7c2f4-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date
Wed, 28 Apr 2021 11:28:45 GMT
Content-Type
text/html; charset=utf-8
Content-Length
210
Cache-Control
private
Location
https://click.trlxcf02.com/click/yX3CWb8iyJQi8Bznu2?affid=100481&c1=197023267&c3=1188
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
st=JrZ4ndoTZQw+ow4rgRmjJ7k24ghXTEgYuvFl413Hg2SGq7lJP5KHfw==; domain=.plaqexit.com; path=/; HttpOnly ti=e+55dtY1ODpmOJxzM1va47k24ghXTEgYuvFl413Hg2SGq7lJP5KHfw==; domain=.plaqexit.com; expires=Tue, 28-Apr-2026 12:28:45 GMT; path=/; HttpOnly c12658=JrZ4ndoTZQzk1rpGxnFFvI7O1OJywrhpSljPgx5qU9C9Qfid3/X4Pw==; domain=.plaqexit.com; expires=Fri, 28-May-2021 11:28:45 GMT; path=/; HttpOnly

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

5 Cookies

Domain/Path Name / Value
click.trlxcf02.com/ Name: session
Value: eyJpdiI6ImI1Ym1iQklyZmZSemtaVjVyeXl4MFE9PSIsInZhbHVlIjoiRUt2Uk9QaHN1V2x3d3NQNkxSMDZicHhOMDg3NHRhYzNSV1YwaWZ2SFNIZ0poRTlvYXZhR1BpbE9BTWoxbVdCVTYxQ1hYM3lsNEVDclM1Q2pyWDFFa0E9PSIsIm1hYyI6ImU0NDBjZTY5NTQ0NjNiNDk2M2MyMzdmNDI2YTM1MTVkMDZmYmIwOWNmN2JkMTZmYjYyM2Q4YTAzYzUyNDAxZTYifQ%3D%3D
click.trlxcf02.com/ Name: XSRF-TOKEN
Value: eyJpdiI6InRlNDZMWlhCaFZkeFI4QThxS2FnbFE9PSIsInZhbHVlIjoicTNuYXN3UDhQQ3g4a2VPUGlcL0o4RDJBSWZKZzNnWEVcLzg4b282aWE4djFmU244c2YxZ0t5TjB1bU92ZUlha21NVEVVcWpaUFR5YTR3dWxhcHdobFNidz09IiwibWFjIjoiNmUxYWFmZjllMjI4YzU5YTBhZmU2NGQ1NmIyNjkzMWVlODIzNGVjNjc4NWM5MGI4OTk5OTg2MjI3ZDk0MTY5MSJ9
click.trlxcf02.com/ Name: sbsF6Inx5bMB2RH3TniMvus0kKljDRBUmg1nkHgA
Value: eyJpdiI6IlwvV04rSDlZa3QydDJ2OXNrc0dzRWNBPT0iLCJ2YWx1ZSI6ImhaRjU2U29QMzErcFdvNmRBYUVpRERVMzhVQ2pLazhkQWpLaVo3aXJlbjl6S0NDQ2QrSWVqcVBNUDYwb3VuT2tuWVRoUEJwK3dGQTZXc2xLbTgzaXRYTVNYTXZBYmpnN2VwT1NTQmltZUw3Y1BQa3VhVzlMeW1cL1dCRkJva2s0dXpaYXJwZUhuTnNCMGxcL3NMMGtFemc5N0paODJBamJkOTNkeWRqVW5XQlZpK3MrN0I3VG1EYlVhUzB2XC83Rm5yNU1DRnVtckVGRmc5TXZyNmFGRFZ0eFRBQzVKRFpXZ0RNS0xWUEpuMkVXanJaQVRXM0dnb0Yzc2cra3lrenB2VWxMRkhuUXl0TE1vXC9ReTNhXC9yMjd5cjFySTBEZEk0ZmZFWmxcL0ppd2k0R3JJYlFhYjhqQTh1WDh3UnJ3UURcL25XRTFwMUk4STFDYmtxMFhYenZcL3o0Qzh1cTAzdmpCYkY1NmlDY1J5MjZEZ1VYRWV2MERSRjB2NDlVdzlIN0k0ZUFlZWhNR2thME11eFY4ejBsVVBJTGZ1QT09IiwibWFjIjoiYWE5MGZmYTFjMmQ5ZmQ0OGMxYWIzOTRlNmIyOGZhOThiY2VhODMzM2NlODg2NzJkNzAyOGQ5ZjljN2ZmYTFhOSJ9
click.trlxcf02.com/ Name: AWSALB
Value: j5IKurW8fMkBJ9zxGD4fgDHSKDTsdHOIv+5hoL2iQgKb73ZswDvNGEz2v8asmdI2LA3gM+FGo7KjNjCARNTxiYRgEPlEvOFhfKqAfFVA5iLDZ3DBUJWZi9IUaqEO
.trlxcf02.com/ Name: __cfduid
Value: db0f04ba7d12b42fd091153b86e4f004e1619609326

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aymayma.diskstation.org
click.trlxcf02.com
plaqexit.com
versaliet.com
158.101.160.202
2606:4700:3031::6815:1c79
34.91.44.202
35.204.14.125
713940c0f79d2d462a7848fde8ddd58d39be328f17d2b342ed5f0118a9e21420
e37b6f5753f324cba2796bfa3efdb1b0b0f20d97596abb201e281af57858235f