urlscan.io logo urlscan.io
SecurityTrails logo

pixelpromote.qltrk.com Open in urlscan Pro
167.235.217.27  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://1.pixedome.club/
Effective URL: https://pixelpromote.qltrk.com/qlick/blocked
Submission: On March 27 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 167.235.217.27, located in Bühl, Germany and belongs to HETZNER-AS, DE. The main domain is pixelpromote.qltrk.com.
TLS certificate: Issued by GoGetSSL RSA DV CA on November 7th 2023. Valid for: a year.
This is the only time pixelpromote.qltrk.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 45.76.170.107 20473 (AS-CHOOPA)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:4e42:400... 54113 (FASTLY)
5 167.235.217.27 24940 (HETZNER-AS)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
14 7
4    45.76.170.107 (Los Angeles, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.76.170.107.vultrusercontent.com
1.pixedome.club
1    2607:f8b0:4004:c1f::5e (Washington, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
5    167.235.217.27 (Bühl, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.27.217.235.167.clients.your-server.de
pixelpromote.qltrk.com
1    2607:f8b0:4004:c06::5f (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2607:f8b0:4004:c1b::5e (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
5 qltrk.com
pixelpromote.qltrk.com
120 KB
4 pixedome.club
1.pixedome.club
48 KB
3 gstatic.com
www.gstatic.com
fonts.gstatic.com
241 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
1 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 744
30 KB
14 5
Domain Requested by
5 pixelpromote.qltrk.com 1.pixedome.club
pixelpromote.qltrk.com
4 1.pixedome.club 1.pixedome.club
2 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com pixelpromote.qltrk.com
1 code.jquery.com 1.pixedome.club
1 www.gstatic.com 1.pixedome.club
14 6

This site contains no links.

Subject Issuer Validity Valid
mail.pixedome.club
R3		 2024-03-25 -
2024-06-23		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.qltrk.com
GoGetSSL RSA DV CA		 2023-11-07 -
2024-11-07		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pixelpromote.qltrk.com/qlick/blocked
Frame ID: 8317D286DBF980D7311D39780D0DA11E
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Access BLOCKED

Page URL History Show full URLs

  1. https://1.pixedome.club/ Page URL
  2. http://pixelpromote.qltrk.com/l/afteroptin HTTP 307
    https://pixelpromote.qltrk.com/l/afteroptin Page URL
  3. https://pixelpromote.qltrk.com/qlick/blocked Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /(?:([\d.]+)/)?firebase(?:\.min)?\.js
  • /firebasejs/([\d.]+)/firebase
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

440 kB
Transfer

1098 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://1.pixedome.club/ Page URL
  2. http://pixelpromote.qltrk.com/l/afteroptin HTTP 307
    https://pixelpromote.qltrk.com/l/afteroptin Page URL
  3. https://pixelpromote.qltrk.com/qlick/blocked Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • http://pixelpromote.qltrk.com/l/afteroptin HTTP 307
  • https://pixelpromote.qltrk.com/l/afteroptin

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
1.pixedome.club/ 		9 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1.pixedome.club/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.76.170.107 Los Angeles, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.76.170.107.vultrusercontent.com
Software
Apache /
Resource Hash
639d0fcc1df6f0c9aa794721eb8608f4f57219d3cb2433fd69c30a90a8458413

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Mar 2024 14:20:34 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
firebase.js
www.gstatic.com/firebasejs/5.5.6/ 		780 KB
212 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/5.5.6/firebase.js
Requested by
Host: 1.pixedome.club
URL: https://1.pixedome.club/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a0384dbdbe4efea1fc69b9663094e478152b6578adf86add8eb348719a2e3cef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://1.pixedome.club/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 14:20:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
215928
x-xss-protection
0
last-modified
Thu, 25 Oct 2018 20:51:40 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 27 Mar 2025 14:20:35 GMT
jquery-3.3.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: 1.pixedome.club
URL: https://1.pixedome.club/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://1.pixedome.club/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 14:20:35 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2966139
x-cache
HIT, HIT
content-length
30288
x-served-by
cache-lga13622-LGA, cache-nyc-kteb1890072-NYC
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1711549235.097971,VS0,VE0
etag
W/"28feccc0-1538f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
9, 707
script.js
1.pixedome.club/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1.pixedome.club/script.js
Requested by
Host: 1.pixedome.club
URL: https://1.pixedome.club/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.76.170.107 Los Angeles, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.76.170.107.vultrusercontent.com
Software
Apache /
Resource Hash
422cf7ad921029b608dba5a2ece1442ee5846a10451d928c894e9c3183b69473

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://1.pixedome.club/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 27 Mar 2024 14:20:35 GMT
Last-Modified
Wed, 05 Jul 2023 19:25:08 GMT
Server
Apache
Content-Type
text/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
4251
style.css
1.pixedome.club/ 		34 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1.pixedome.club/style.css
Requested by
Host: 1.pixedome.club
URL: https://1.pixedome.club/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.76.170.107 Los Angeles, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.76.170.107.vultrusercontent.com
Software
Apache /
Resource Hash
a719b2e9ccbc133894d31e09e3b2ff949ada5390fe65999d60eab9aee3d99db8

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://1.pixedome.club/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 27 Mar 2024 14:20:35 GMT
Last-Modified
Tue, 23 Jan 2024 14:29:48 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
35087
truncated
/ 		24 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a72fd7760f623c9fd5fee0bd98df809a347471902fc479bcdae38681c1a071d1

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ca7a07233506b5529a951fd2c4580757f5606d874b8a2b0a153d14a418b201ef

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
favicon.ico
1.pixedome.club/ 		315 B
515 B 		Other
General
Check archive.org
Download Go to
Full URL
https://1.pixedome.club/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.76.170.107 Los Angeles, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.76.170.107.vultrusercontent.com
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://1.pixedome.club/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 27 Mar 2024 14:20:35 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
afteroptin
pixelpromote.qltrk.com/l/
Redirect Chain
  • http://pixelpromote.qltrk.com/l/afteroptin
  • https://pixelpromote.qltrk.com/l/afteroptin
654 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pixelpromote.qltrk.com/l/afteroptin
Requested by
Host: 1.pixedome.club
URL: https://1.pixedome.club/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.235.217.27 Bühl, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.27.217.235.167.clients.your-server.de
Software
nginx / PHP/7.4.33
Resource Hash
db8d4a1f04880a614e2d6365ffee98d5ffc9378b67f7aa7e59eb20de765d25b9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-cache, private no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 27 Mar 2024 14:20:37 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
x-ratelimit-limit
101
x-ratelimit-remaining
100

Redirect headers

Location
https://pixelpromote.qltrk.com/l/afteroptin
Non-Authoritative-Reason
HttpsUpgrades
sales
pixelpromote.qltrk.com/t/pixel/ 		43 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixelpromote.qltrk.com/t/pixel/sales?u=90058&att=2&amt=0.2&visit=raw&ref=funnelclick
Requested by
Host: pixelpromote.qltrk.com
URL: https://pixelpromote.qltrk.com/l/afteroptin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.235.217.27 Bühl, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.27.217.235.167.clients.your-server.de
Software
nginx / PHP/7.4.33
Resource Hash
d69f97510d506fdff62059b955a572bfebc93e9c0a243ec79beaf245e737b59a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pixelpromote.qltrk.com/l/afteroptin
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache, no-cache
date
Wed, 27 Mar 2024 14:20:38 GMT
last-modified
Wed, 27 Mar 2024 14:20:38 GMT
server
nginx
x-powered-by
PHP/7.4.33
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-store, no-cache, must-revalidate, max-age=0
content-length
43
expires
Sat, 26 Jul 1997 05:00:00 GMT
Primary Request blocked
pixelpromote.qltrk.com/qlick/ 		4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pixelpromote.qltrk.com/qlick/blocked
Requested by
Host: pixelpromote.qltrk.com
URL: https://pixelpromote.qltrk.com/l/afteroptin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.235.217.27 Bühl, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.27.217.235.167.clients.your-server.de
Software
nginx / PHP/7.4.33
Resource Hash
85b0938fd47d5719a89053068e8d89dad81a5fcc1aefebb8ef0afa8aa2a48bbb

Request headers

Referer
https://pixelpromote.qltrk.com/l/afteroptin
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, private no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 27 Mar 2024 14:20:38 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
x-ratelimit-limit
200
x-ratelimit-remaining
199
css
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700
Requested by
Host: pixelpromote.qltrk.com
URL: https://pixelpromote.qltrk.com/qlick/blocked
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6195dc420a7c2f60abd30c9bc46985ac75ee25b6119ebc93028ed050926b0f71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pixelpromote.qltrk.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 27 Mar 2024 14:20:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 27 Mar 2024 12:29:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 27 Mar 2024 14:20:38 GMT
404-bg2.jpg
pixelpromote.qltrk.com/img/ 		114 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixelpromote.qltrk.com/img/404-bg2.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.235.217.27 Bühl, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.27.217.235.167.clients.your-server.de
Software
nginx /
Resource Hash
02ef65197316ddb43f835968bedb2a88b94e9ba682245e2d5532aa221739a23b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pixelpromote.qltrk.com/qlick/blocked
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 27 Mar 2024 14:20:38 GMT
last-modified
Tue, 20 Sep 2022 14:51:55 GMT
server
nginx
etag
"6329d38b-1c8fa"
content-type
image/jpeg
cache-control
no-store, no-cache, must-revalidate, max-age=0
accept-ranges
bytes
content-length
116986
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://pixelpromote.qltrk.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 23 Mar 2024 00:57:47 GMT
x-content-type-options
nosniff
age
393771
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14712
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 23 Mar 2025 00:57:47 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://pixelpromote.qltrk.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 15:37:58 GMT
x-content-type-options
nosniff
age
81760
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14892
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Mar 2025 15:37:58 GMT
favicon.ico
pixelpromote.qltrk.com/ 		0
182 B 		Other
General
Check archive.org
Download Go to
Full URL
https://pixelpromote.qltrk.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.235.217.27 Bühl, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.27.217.235.167.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pixelpromote.qltrk.com/qlick/blocked
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 27 Mar 2024 14:20:38 GMT
last-modified
Tue, 20 Sep 2022 14:51:55 GMT
server
nginx
etag
"6329d38b-0"
content-type
image/x-icon
cache-control
no-store, no-cache, must-revalidate, max-age=0
accept-ranges
bytes
content-length
0

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal

4 Cookies

Domain/Path Name / Value
.qltrk.com/ Name: ln
Value: eyJpdiI6InhNbDFvakVXRTBhbnBXcTU2RWx0TkE9PSIsInZhbHVlIjoieWZPVXN0RzA4b1lpbHVoTFlmdnFsL3haZEQ4RjZtQlRvSUlvcEIzeTRyWkRFd2Y3NFIyREFsSGJxa2JYODlWWUxoS2RVZnUxNEkraDQwVFlyTXJKRDd2RFUvRGkrZjBMMG5iYm9TMnJCa3M9IiwibWFjIjoiYjFjMjI1MDhiZDg5ZWZjMzBjMzQ3Mzc1MTdiZTZlY2YwMWEwYTYyMTU1MjBlNTJkMWM5ZjkyNDg1NWZhNDc0OCJ9
pixelpromote.qltrk.com/ Name: QLAPI
Value: f75a68d64f7c9c1831efe1947d7637bc|ZgQrO|ZgQrO
.qltrk.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IkxVbnNtd21YN2QvWU9QNGNvQ05QWXc9PSIsInZhbHVlIjoic2l0Vm5Lb0p5MmJvMit0SDNnWDg4alNTVW0vbktnQzRzS0NxQ3N4VmpFc1MxeVZVM3VrRmlzR3h4VWRkejFaZUdOUUswWE5YVFI3ZGN4MzBtZ2cvNVZjYzV1L0hnSzZ3NGFtRXEvSFo1eFpISm93OEdEYVVRTkxtZ1VKNFh4eGQiLCJtYWMiOiI3YjllNTFlZWQ0NGU4Yzc2ZjEyMmZlMzIyMDcxYjQzODkyMDM0NWM4ZWEwMzVkZThhNmQ0NWNiMTRjODYwN2JmIn0%3D
.qltrk.com/ Name: qlikersession
Value: eyJpdiI6ImIySFhaYkQwWEtHYnNZSW52dFRwUXc9PSIsInZhbHVlIjoieWVhSVpvMjVUMC96bWUyNU1MOEZ2NExlZFpaaFB1QzZ3NEZHZVR4R3FTMFA1MzMxM01Wd044RVFZVTV1SVVmanVwUkVDa1Q1eGhCNlFPcU5EMHpNWmZyMWdJTnVuOExrWGhjUzNlSTdJbHZMNGpjTUowZUxrenZRZE5zZUc5WTQiLCJtYWMiOiIyZGU2MGY3NmMxYjc1MmJhYzViNjk0YjhkYTBjZjExMjZhN2M4NGM2ZWIzYzc0NjE1YmQ4NzczZWNiNzdhZDk4In0%3D

1 Console Messages

Source Level URL
Text
network error URL: https://1.pixedome.club/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.pixedome.club
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
pixelpromote.qltrk.com
www.gstatic.com
167.235.217.27
2607:f8b0:4004:c06::5f
2607:f8b0:4004:c1b::5e
2607:f8b0:4004:c1f::5e
2a04:4e42:400::649
45.76.170.107
02ef65197316ddb43f835968bedb2a88b94e9ba682245e2d5532aa221739a23b
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
422cf7ad921029b608dba5a2ece1442ee5846a10451d928c894e9c3183b69473
6195dc420a7c2f60abd30c9bc46985ac75ee25b6119ebc93028ed050926b0f71
639d0fcc1df6f0c9aa794721eb8608f4f57219d3cb2433fd69c30a90a8458413
6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
85b0938fd47d5719a89053068e8d89dad81a5fcc1aefebb8ef0afa8aa2a48bbb
a0384dbdbe4efea1fc69b9663094e478152b6578adf86add8eb348719a2e3cef
a719b2e9ccbc133894d31e09e3b2ff949ada5390fe65999d60eab9aee3d99db8
a72fd7760f623c9fd5fee0bd98df809a347471902fc479bcdae38681c1a071d1
ca7a07233506b5529a951fd2c4580757f5606d874b8a2b0a153d14a418b201ef
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d69f97510d506fdff62059b955a572bfebc93e9c0a243ec79beaf245e737b59a
db8d4a1f04880a614e2d6365ffee98d5ffc9378b67f7aa7e59eb20de765d25b9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855