1.groovinews.com Open in urlscan Pro
45.133.44.21 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://janeweberevergreenarboretum.com/
Effective URL:
https://1.groovinews.com/common-player-arrow/index.html?var=&ymid=w2i587n77lp4kf8qikjsj53u&rc=0&mrc=6&fsc=0&zoneid=196458...
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On July 19 via api (July 19th 2023, 7:31:29 am UTC) from AU — Scanned from AU

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 11 HTTP transactions. The main IP is 45.133.44.21, located in Philadelphia, United States and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is 1.groovinews.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on June 30th 2023. Valid for: 3 months.

This is the only time 1.groovinews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.172.228.26 167.172.228.26	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 2	52.117.247.211 52.117.247.211	36351 (SOFTLAYER) (SOFTLAYER)
1	52.116.53.146 52.116.53.146	36351 (SOFTLAYER) (SOFTLAYER)
1 1	18.141.253.42 18.141.253.42	16509 (AMAZON-02) (AMAZON-02)
2	45.133.44.21 45.133.44.21	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
11	4

1 167.172.228.26 (Clifton, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

janeweberevergreenarboretum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.117.247.211 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: d3.f7.7534.ip4.static.sl-reverse.com

myckdom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p374591.myckdom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.116.53.146 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 92.35.7434.ip4.static.sl-reverse.com

clkdeals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.141.253.42 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-141-253-42.ap-southeast-1.compute.amazonaws.com

tectlymealed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.21 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

1.groovinews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
7.groovinews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	groovinews.com 1.groovinews.com 7.groovinews.com — Cisco Umbrella Rank: 570699	14 KB
2	myckdom.com 1 redirects myckdom.com — Cisco Umbrella Rank: 88128 p374591.myckdom.com — Cisco Umbrella Rank: 621180	2 KB
1	tectlymealed.com 1 redirects tectlymealed.com	646 B
1	clkdeals.com clkdeals.com — Cisco Umbrella Rank: 277038	197 B
1	janeweberevergreenarboretum.com 1 redirects janeweberevergreenarboretum.com	2 KB
11	5

	Domain	Requested by
1	7.groovinews.com	1.groovinews.com
1	1.groovinews.com	p374591.myckdom.com
1	tectlymealed.com	1 redirects
1	clkdeals.com	p374591.myckdom.com
1	p374591.myckdom.com
1	myckdom.com	1 redirects
1	janeweberevergreenarboretum.com	1 redirects
11	7

This site contains no links.

Subject Issuer	Validity	Valid
*.myckdom.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-03-20`	a year	crt.sh
www.clkdeals.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-07` - `2023-12-29`	a year	crt.sh
*.groovinews.com ZeroSSL RSA Domain Secure Site CA	`2023-06-30` - `2023-09-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://1.groovinews.com/common-player-arrow/index.html?var=&ymid=w2i587n77lp4kf8qikjsj53u&rc=0&mrc=6&fsc=0&zoneid=1964585&tbz=1964587
Frame ID: 42D7D3DB8ABF3F39D788778503F00431
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://janeweberevergreenarboretum.com/ HTTP 302
https://myckdom.com/aS/feedclick?s=yzphimlcv1XGkOSnr5TccpfSv0CZDKCXsrJDU8ee0jGbVkzpZ8gEizZTiQMvA... HTTP 302
https://p374591.myckdom.com/adServe/domainClick?ai=hOD6Xl45qmlUtVP300OpqonVqIjTk0VLfPXYwRMzy-feXnoqJn36A... Page URL
https://tectlymealed.com/b657e763-84c9-4a71-911e-6158eab76b8e?keyword=janeweberevergreenarboretum.com... HTTP 302
https://1.groovinews.com/common-player-arrow/index.html?var=&ymid=w2i587n77lp4kf8qikjsj53u&rc=0&mrc=6... Page URL

Page Statistics

11
Requests

36 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

4
IPs

2
Countries

15 kB
Transfer

14 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://janeweberevergreenarboretum.com/ HTTP 302
https://myckdom.com/aS/feedclick?s=yzphimlcv1XGkOSnr5TccpfSv0CZDKCXsrJDU8ee0jGbVkzpZ8gEizZTiQMvAXg5dnQ3qd4H7z-pbTnNK1c9Rxz0pbUsp-ySs4_k_wpXh0MakMa_tKTK9AWv6tOH8lSlHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy9TLrKggI6g8CDzg8wuiGQhLSp1G65f_pRgvCuCGlh3sPKxVT-HAlgr3KmJml8YvJb0D0v53UypAzYr2WGYPk1To605nLJBhV_lFyHevFaS6Gv0R_d6UOm2rHqM6Jd3c0v-QKFk7__89FFGOybE8LzzGS30Ke4BCV275-55yaaKhnlUB-eqPSGk6Q65XciV5M04dcXHqGSZQzeSAjcMt-BvblmfXGbR9yW3KK84cJPScCOoPq3NkdVzmUYrPSsFfDJY0Dture9cxT3vzqLhK02xr3dIqwUbb4l8L31VVcGnSbIR3AR3qbMjdIGIYosZZMlqVyzvWsyKUuUOKNRawxvGXCQByHgynTYO1T3pnOY7fmd5CxbHtMljxD1eI2e1TlcAhqzo-velUoKX3ZegiVLDPlGxAGlvW6Imc-G_G5J70zGT9bQLiBLsaa8DbiCpzZFF-lp7bBfWixpViOfBkiUHVm6g3uwwq5iCcFJt3V-p6BCxLjWGiQbAJaJa4og5uNGUWOE7YsRxT-8NKSJ3nMGRyGgiYD7p4ljktUOtr-QRFm_7tM975ADPsTwFA85k2Oo5xhgggykFWRD-NNNmHAkZbGAg5Gjo1nGEBiX5t03yjYv75Gc4TcA8Ybfeg7aRu_WyR-hARo8eS9i9_wczPBJnAdc92lOBPhFUF580L-fP7iQOYDwi8nUuqWuIb9ThuSXUgVpNG69QY2AyB3-_rMaBwoYbHUooFxUCaFnN0lmatEkcIJYOJTLfhN8ETyDQkkwsKmLJcL8Q1fBG8GDAA1pmxSOxjn62GHv-AucwHA_ptn-YgaaV32gC6oAqSC1F95NGxbOcU6GoiQLDdve8ibG2g-XpOeXT-_ADT6dwUOEjgzJr2wPm4O4Sw1eSU2dNNRhVyOq7mlreeAVOEg9PlJRuFEzNeabyYVw6jRphXSyvIf1ZOTlnjJZOnIcT1_em9XckD7V3CU3nEIF9NIoDhXFZJZpSbldabFQU1tpYnVQZLhaz7jHmCnQWjXrsUseGxUpKzh2TE552ZovF-N0uca-PW-SujKqsjRwLxIWWIgbf4bn7GUZ7QQ6lTzQvziWiq67jTVQvVL4ScJYwqEcqLlqNRa8Vv1y9IfWC3Q8nwKZuEQFQaB8NztRqaKcnnOVCa1gtVodyh16Nu-Zngk2rC-1_E2NNxA6ib-IVMIyQQKPBQEVP-nMKsyLvQxB4bcvC7B6xJ7iVYW2SJ42RIOaVprx1hhRgl11k0YQUeZBwbSQFOloaEyNyDAWEZmbVhBXJmO3hgWtoExzCV9_RMLneBLVhqqMTpiSOZigz0gzuLajH8KAYniJb7O4RYCrU45ZuM8-SWV59E2f07CZqladxWJfmTolQOHdjIrID-RtqD0DhJ38vF_3TkvkTtbj4L-b6G_M-WUMALzVxbAZ7diiQYBl1cMUGcYDJPeAZHp_lMBEaL5vkby9axpxVFRFcAXRZAumwIFVjWg_Njm3Rv0OqabYZ4PyekC-tMHtMmCO6EmYqLEpy3_mQv3jmTloWol-qnYSe-OH8GqIjE1SMUkbGpieHEWDMWQ8tbfQp1dfE8ER2Fp1zonQSOYnUnvjh_BqiIxNUjFJGxqYnhxFgzFkPLW305qX83IOo14J_S8WIFj7izgXB51tqT9-yhCcIiriXVPncb6LJRO0SMt0Azp-j8QGh HTTP 302
https://p374591.myckdom.com/adServe/domainClick?ai=hOD6Xl45qmlUtVP300OpqonVqIjTk0VLfPXYwRMzy-feXnoqJn36A4YFOLcM58DWLj58wwMVDl2hOOxVHTWRXEFZSqpAeW7njLQpTbQuAY-uo0dfw76PwVEzTrwqsCMq5G5dpv3H8lwtpYupqQq_qkt-TBPwxLfRWMCwkfS5SAA5elaFd_tidQK8sczUyG_FAz4mvdD0n7T5PQC-Ns7H0UP4ihGJaOYXu_nVZS66_Rw2IaP5PrOi_krJc1GxPiCE6pWnPG-pkM1j3I-qDK2QsWJWdAgaDFAOJTu6AXYz7K5gO-Yz2uT6CaFfoEM4DjNLWsKIqOMeo2RuorUv5kV-PA70sCjuHHHR6ghym9oFsiWUxfqcBxeQI-QYn90FXXp0t6ZcGxQYNoWh8HfcFb6b2kMb4Do7y-b-De0rL-F5kimWV6YBZNo-eHvK0TihL_ekkvgqc45ggkUpG405w9CXKFq5LhImb3BCguu2D-tqLGlSrIfnXI3KxAvZaY3AaL1KSAlEMfER0v1BbsozkC8-D-BybpyqSvYhMWU9yWglbJb4DwGaxzdGBahEpuhu41NIkEpwcG3g30I&ui=yzphimlcv1XGkOSnr5TcclJYVZbN5_3WIaIc3yOo5HIKeTHv4fIbNW_eXbLh9oo4oBieIlvs7hFgKtTjlm4zz5JZXn0TZ_TsJmqVp3FYl-aP7lzeQD0zVg&si=1&oref=2b5d6448c2845793acb9fa6edf291ead&optunit=YDvmM9rk-gmhX6BDOA4zS1rCiKjjHqNke2HMJNFmZz0&rb=OZGG-tuiaBk&rr=1&isco=t&abtg=0 Page URL
https://tectlymealed.com/b657e763-84c9-4a71-911e-6158eab76b8e?keyword=janeweberevergreenarboretum.com+RO+Travel+botanical+garden+Destinations+Tourist&geo=US&campaignname=US+A+Collector+Domain+CPA+windows+chrome&device=Desktop&os=Windows+10&browser=Chrome+114&carrier=UNKNOWN&source=446872094&bid=0.0024&clickid=90530985361 HTTP 302
https://1.groovinews.com/common-player-arrow/index.html?var=&ymid=w2i587n77lp4kf8qikjsj53u&rc=0&mrc=6&fsc=0&zoneid=1964585&tbz=1964587 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://janeweberevergreenarboretum.com/ HTTP 302
https://myckdom.com/aS/feedclick?s=yzphimlcv1XGkOSnr5TccpfSv0CZDKCXsrJDU8ee0jGbVkzpZ8gEizZTiQMvAXg5dnQ3qd4H7z-pbTnNK1c9Rxz0pbUsp-ySs4_k_wpXh0MakMa_tKTK9AWv6tOH8lSlHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy9TLrKggI6g8CDzg8wuiGQhLSp1G65f_pRgvCuCGlh3sPKxVT-HAlgr3KmJml8YvJb0D0v53UypAzYr2WGYPk1To605nLJBhV_lFyHevFaS6Gv0R_d6UOm2rHqM6Jd3c0v-QKFk7__89FFGOybE8LzzGS30Ke4BCV275-55yaaKhnlUB-eqPSGk6Q65XciV5M04dcXHqGSZQzeSAjcMt-BvblmfXGbR9yW3KK84cJPScCOoPq3NkdVzmUYrPSsFfDJY0Dture9cxT3vzqLhK02xr3dIqwUbb4l8L31VVcGnSbIR3AR3qbMjdIGIYosZZMlqVyzvWsyKUuUOKNRawxvGXCQByHgynTYO1T3pnOY7fmd5CxbHtMljxD1eI2e1TlcAhqzo-velUoKX3ZegiVLDPlGxAGlvW6Imc-G_G5J70zGT9bQLiBLsaa8DbiCpzZFF-lp7bBfWixpViOfBkiUHVm6g3uwwq5iCcFJt3V-p6BCxLjWGiQbAJaJa4og5uNGUWOE7YsRxT-8NKSJ3nMGRyGgiYD7p4ljktUOtr-QRFm_7tM975ADPsTwFA85k2Oo5xhgggykFWRD-NNNmHAkZbGAg5Gjo1nGEBiX5t03yjYv75Gc4TcA8Ybfeg7aRu_WyR-hARo8eS9i9_wczPBJnAdc92lOBPhFUF580L-fP7iQOYDwi8nUuqWuIb9ThuSXUgVpNG69QY2AyB3-_rMaBwoYbHUooFxUCaFnN0lmatEkcIJYOJTLfhN8ETyDQkkwsKmLJcL8Q1fBG8GDAA1pmxSOxjn62GHv-AucwHA_ptn-YgaaV32gC6oAqSC1F95NGxbOcU6GoiQLDdve8ibG2g-XpOeXT-_ADT6dwUOEjgzJr2wPm4O4Sw1eSU2dNNRhVyOq7mlreeAVOEg9PlJRuFEzNeabyYVw6jRphXSyvIf1ZOTlnjJZOnIcT1_em9XckD7V3CU3nEIF9NIoDhXFZJZpSbldabFQU1tpYnVQZLhaz7jHmCnQWjXrsUseGxUpKzh2TE552ZovF-N0uca-PW-SujKqsjRwLxIWWIgbf4bn7GUZ7QQ6lTzQvziWiq67jTVQvVL4ScJYwqEcqLlqNRa8Vv1y9IfWC3Q8nwKZuEQFQaB8NztRqaKcnnOVCa1gtVodyh16Nu-Zngk2rC-1_E2NNxA6ib-IVMIyQQKPBQEVP-nMKsyLvQxB4bcvC7B6xJ7iVYW2SJ42RIOaVprx1hhRgl11k0YQUeZBwbSQFOloaEyNyDAWEZmbVhBXJmO3hgWtoExzCV9_RMLneBLVhqqMTpiSOZigz0gzuLajH8KAYniJb7O4RYCrU45ZuM8-SWV59E2f07CZqladxWJfmTolQOHdjIrID-RtqD0DhJ38vF_3TkvkTtbj4L-b6G_M-WUMALzVxbAZ7diiQYBl1cMUGcYDJPeAZHp_lMBEaL5vkby9axpxVFRFcAXRZAumwIFVjWg_Njm3Rv0OqabYZ4PyekC-tMHtMmCO6EmYqLEpy3_mQv3jmTloWol-qnYSe-OH8GqIjE1SMUkbGpieHEWDMWQ8tbfQp1dfE8ER2Fp1zonQSOYnUnvjh_BqiIxNUjFJGxqYnhxFgzFkPLW305qX83IOo14J_S8WIFj7izgXB51tqT9-yhCcIiriXVPncb6LJRO0SMt0Azp-j8QGh HTTP 302
https://p374591.myckdom.com/adServe/domainClick?ai=hOD6Xl45qmlUtVP300OpqonVqIjTk0VLfPXYwRMzy-feXnoqJn36A4YFOLcM58DWLj58wwMVDl2hOOxVHTWRXEFZSqpAeW7njLQpTbQuAY-uo0dfw76PwVEzTrwqsCMq5G5dpv3H8lwtpYupqQq_qkt-TBPwxLfRWMCwkfS5SAA5elaFd_tidQK8sczUyG_FAz4mvdD0n7T5PQC-Ns7H0UP4ihGJaOYXu_nVZS66_Rw2IaP5PrOi_krJc1GxPiCE6pWnPG-pkM1j3I-qDK2QsWJWdAgaDFAOJTu6AXYz7K5gO-Yz2uT6CaFfoEM4DjNLWsKIqOMeo2RuorUv5kV-PA70sCjuHHHR6ghym9oFsiWUxfqcBxeQI-QYn90FXXp0t6ZcGxQYNoWh8HfcFb6b2kMb4Do7y-b-De0rL-F5kimWV6YBZNo-eHvK0TihL_ekkvgqc45ggkUpG405w9CXKFq5LhImb3BCguu2D-tqLGlSrIfnXI3KxAvZaY3AaL1KSAlEMfER0v1BbsozkC8-D-BybpyqSvYhMWU9yWglbJb4DwGaxzdGBahEpuhu41NIkEpwcG3g30I&ui=yzphimlcv1XGkOSnr5TcclJYVZbN5_3WIaIc3yOo5HIKeTHv4fIbNW_eXbLh9oo4oBieIlvs7hFgKtTjlm4zz5JZXn0TZ_TsJmqVp3FYl-aP7lzeQD0zVg&si=1&oref=2b5d6448c2845793acb9fa6edf291ead&optunit=YDvmM9rk-gmhX6BDOA4zS1rCiKjjHqNke2HMJNFmZz0&rb=OZGG-tuiaBk&rr=1&isco=t&abtg=0

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	domainClick Show response p374591.myckdom.com/adServe/ Redirect Chain http://janeweberevergreenarboretum.com/ https://myckdom.com/aS/feedclick?s=yzphimlcv1XGkOSnr5TccpfSv0CZDKCXsrJDU8ee0jGbVkzpZ8gEizZTiQMvAXg5dnQ3qd4H7z-pbTnNK1c9Rxz0pbUsp-ySs4_k_wpXh0MakMa_tKTK9AWv6tOH8lSlHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyy... https://p374591.myckdom.com/adServe/domainClick?ai=hOD6Xl45qmlUtVP300OpqonVqIjTk0VLfPXYwRMzy-feXnoqJn36A4YFOLcM58DWLj58wwMVDl2hOOxVHTWRXEFZSqpAeW7njLQpTbQuAY-uo0dfw76PwVEzTrwqsCMq5G5dpv3H8lwtpYupqQ...	1 KB 908 B	306ms 301ms	Document text/html	52.117.247.211 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://p374591.myckdom.com/adServe/domainClick?ai=hOD6Xl45qmlUtVP300OpqonVqIjTk0VLfPXYwRMzy-feXnoqJn36A4YFOLcM58DWLj58wwMVDl2hOOxVHTWRXEFZSqpAeW7njLQpTbQuAY-uo0dfw76PwVEzTrwqsCMq5G5dpv3H8lwtpYupqQq_qkt-TBPwxLfRWMCwkfS5SAA5elaFd_tidQK8sczUyG_FAz4mvdD0n7T5PQC-Ns7H0UP4ihGJaOYXu_nVZS66_Rw2IaP5PrOi_krJc1GxPiCE6pWnPG-pkM1j3I-qDK2QsWJWdAgaDFAOJTu6AXYz7K5gO-Yz2uT6CaFfoEM4DjNLWsKIqOMeo2RuorUv5kV-PA70sCjuHHHR6ghym9oFsiWUxfqcBxeQI-QYn90FXXp0t6ZcGxQYNoWh8HfcFb6b2kMb4Do7y-b-De0rL-F5kimWV6YBZNo-eHvK0TihL_ekkvgqc45ggkUpG405w9CXKFq5LhImb3BCguu2D-tqLGlSrIfnXI3KxAvZaY3AaL1KSAlEMfER0v1BbsozkC8-D-BybpyqSvYhMWU9yWglbJb4DwGaxzdGBahEpuhu41NIkEpwcG3g30I&ui=yzphimlcv1XGkOSnr5TcclJYVZbN5_3WIaIc3yOo5HIKeTHv4fIbNW_eXbLh9oo4oBieIlvs7hFgKtTjlm4zz5JZXn0TZ_TsJmqVp3FYl-aP7lzeQD0zVg&si=1&oref=2b5d6448c2845793acb9fa6edf291ead&optunit=YDvmM9rk-gmhX6BDOA4zS1rCiKjjHqNke2HMJNFmZz0&rb=OZGG-tuiaBk&rr=1&isco=t&abtg=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.117.247.211 , United States, ASN36351 (SOFTLAYER, US), Reverse DNS d3.f7.7534.ip4.static.sl-reverse.com Software nginx / Resource Hash `2e6c7a5818160fa7db7adb5c5cba9324acd5fa11ed0ebb9b453d1728dd04122f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers content-encoding gzip content-type text/html;charset=ISO-8859-1 date Wed, 19 Jul 2023 07:31:24 GMT server nginx vary Accept-Encoding Redirect headers content-length 0 date Wed, 19 Jul 2023 07:31:24 GMT location https://p374591.myckdom.com/adServe/domainClick?ai=hOD6Xl45qmlUtVP300OpqonVqIjTk0VLfPXYwRMzy-feXnoqJn36A4YFOLcM58DWLj58wwMVDl2hOOxVHTWRXEFZSqpAeW7njLQpTbQuAY-uo0dfw76PwVEzTrwqsCMq5G5dpv3H8lwtpYupqQq_qkt-TBPwxLfRWMCwkfS5SAA5elaFd_tidQK8sczUyG_FAz4mvdD0n7T5PQC-Ns7H0UP4ihGJaOYXu_nVZS66_Rw2IaP5PrOi_krJc1GxPiCE6pWnPG-pkM1j3I-qDK2QsWJWdAgaDFAOJTu6AXYz7K5gO-Yz2uT6CaFfoEM4DjNLWsKIqOMeo2RuorUv5kV-PA70sCjuHHHR6ghym9oFsiWUxfqcBxeQI-QYn90FXXp0t6ZcGxQYNoWh8HfcFb6b2kMb4Do7y-b-De0rL-F5kimWV6YBZNo-eHvK0TihL_ekkvgqc45ggkUpG405w9CXKFq5LhImb3BCguu2D-tqLGlSrIfnXI3KxAvZaY3AaL1KSAlEMfER0v1BbsozkC8-D-BybpyqSvYhMWU9yWglbJb4DwGaxzdGBahEpuhu41NIkEpwcG3g30I&ui=yzphimlcv1XGkOSnr5TcclJYVZbN5_3WIaIc3yOo5HIKeTHv4fIbNW_eXbLh9oo4oBieIlvs7hFgKtTjlm4zz5JZXn0TZ_TsJmqVp3FYl-aP7lzeQD0zVg&si=1&oref=2b5d6448c2845793acb9fa6edf291ead&optunit=YDvmM9rk-gmhX6BDOA4zS1rCiKjjHqNke2HMJNFmZz0&rb=OZGG-tuiaBk&rr=1&isco=t&abtg=0 server nginx
GET H2	200	track clkdeals.com/adServe/	49 B 197 B	834ms 274ms	Image image/gif	52.116.53.146 SOFTLAYER
General Check archive.org Show headers Download Go to Show image Full URL https://clkdeals.com/adServe/track?subid=90530985361&prdid=2750&price=0 Requested by Host: p374591.myckdom.com URL: https://p374591.myckdom.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.116.53.146 , United States, ASN36351 (SOFTLAYER, US), Reverse DNS 92.35.7434.ip4.static.sl-reverse.com Software nginx / Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Wed, 19 Jul 2023 07:31:25 GMT server nginx content-type image/gif access-control-allow-origin * cache-control no-cache content-length 49 expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	Primary Request index.html Show response 1.groovinews.com/common-player-arrow/ Redirect Chain https://tectlymealed.com/b657e763-84c9-4a71-911e-6158eab76b8e?keyword=janeweberevergreenarboretum.com+RO+Travel+botanical+garden+Destinations+Tourist&geo=US&campaignname=US+A+Collector+Domain+CPA+w... https://1.groovinews.com/common-player-arrow/index.html?var=&ymid=w2i587n77lp4kf8qikjsj53u&rc=0&mrc=6&fsc=0&zoneid=1964585&tbz=1964587	6 KB 7 KB	614ms 219ms	Document text/html	45.133.44.21 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://1.groovinews.com/common-player-arrow/index.html?var=&ymid=w2i587n77lp4kf8qikjsj53u&rc=0&mrc=6&fsc=0&zoneid=1964585&tbz=1964587 Requested by Host: p374591.myckdom.com URL: https://p374591.myckdom.com/adServe/domainClick?ai=hOD6Xl45qmlUtVP300OpqonVqIjTk0VLfPXYwRMzy-feXnoqJn36A4YFOLcM58DWLj58wwMVDl2hOOxVHTWRXEFZSqpAeW7njLQpTbQuAY-uo0dfw76PwVEzTrwqsCMq5G5dpv3H8lwtpYupqQq_qkt-TBPwxLfRWMCwkfS5SAA5elaFd_tidQK8sczUyG_FAz4mvdD0n7T5PQC-Ns7H0UP4ihGJaOYXu_nVZS66_Rw2IaP5PrOi_krJc1GxPiCE6pWnPG-pkM1j3I-qDK2QsWJWdAgaDFAOJTu6AXYz7K5gO-Yz2uT6CaFfoEM4DjNLWsKIqOMeo2RuorUv5kV-PA70sCjuHHHR6ghym9oFsiWUxfqcBxeQI-QYn90FXXp0t6ZcGxQYNoWh8HfcFb6b2kMb4Do7y-b-De0rL-F5kimWV6YBZNo-eHvK0TihL_ekkvgqc45ggkUpG405w9CXKFq5LhImb3BCguu2D-tqLGlSrIfnXI3KxAvZaY3AaL1KSAlEMfER0v1BbsozkC8-D-BybpyqSvYhMWU9yWglbJb4DwGaxzdGBahEpuhu41NIkEpwcG3g30I&ui=yzphimlcv1XGkOSnr5TcclJYVZbN5_3WIaIc3yOo5HIKeTHv4fIbNW_eXbLh9oo4oBieIlvs7hFgKtTjlm4zz5JZXn0TZ_TsJmqVp3FYl-aP7lzeQD0zVg&si=1&oref=2b5d6448c2845793acb9fa6edf291ead&optunit=YDvmM9rk-gmhX6BDOA4zS1rCiKjjHqNke2HMJNFmZz0&rb=OZGG-tuiaBk&rr=1&isco=t&abtg=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 45.133.44.21 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.22.0 / Resource Hash `278036e70b87a8718a79e43b7e3b187be57065702861536af09ae7bcd2bd5d75` Request headers Referer https://p374591.myckdom.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers accept-ranges bytes access-control-allow-headers Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization access-control-allow-methods HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS access-control-allow-origin * access-control-expose-headers X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp cache-control max-age=172800 content-length 6539 content-type text/html; charset=utf-8 date Wed, 19 Jul 2023 07:31:26 GMT etag aa80206977d81ce0976ce168ca8b8328 expires Fri, 21 Jul 2023 07:31:26 GMT last-modified Thu, 22 Dec 2022 13:10:43 GMT server nginx/1.22.0 vary Accept-Encoding x-openstack-request-id txbed7b647777c484ebaed2-0064b017c3 x-proxy-cache HIT x-timestamp 1671714642.24009 x-trans-id txbed7b647777c484ebaed2-0064b017c3 Redirect headers cache-control no-store, no-cache, pre-check=0, post-check=0 content-length 0 date Wed, 19 Jul 2023 07:31:25 GMT expires Thu, 01 Jan 1970 00:00:00 GMT location https://1.groovinews.com/common-player-arrow/index.html?var=&ymid=w2i587n77lp4kf8qikjsj53u&rc=0&mrc=6&fsc=0&zoneid=1964585&tbz=1964587 pragma no-cache server nginx
GET H2	200	script.js Show response 7.groovinews.com/	6 KB 7 KB	223ms 220ms	Script application/javascript	45.133.44.21 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://7.groovinews.com/script.js?slug=common-player-arrow Requested by Host: 1.groovinews.com URL: https://1.groovinews.com/common-player-arrow/index.html?var=&ymid=w2i587n77lp4kf8qikjsj53u&rc=0&mrc=6&fsc=0&zoneid=1964585&tbz=1964587 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 45.133.44.21 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.22.1 / Resource Hash `4f58b524e7febc482c9d333400ba9fb4751f5f401bd269b3c7e57b0130e7a4ba` Request headers accept-language en-AU,en;q=0.9 Referer https://1.groovinews.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers expires Fri, 21 Jul 2023 07:31:26 GMT date Wed, 19 Jul 2023 07:31:26 GMT x-openstack-request-id tx6ed65b88fb01421c8b9b6-0064b017c8 content-length 6420 x-trans-id tx6ed65b88fb01421c8b9b6-0064b017c8 last-modified Wed, 05 Apr 2023 09:28:38 GMT server nginx/1.22.1 etag 9b1e8ad539f1d569d131f1efda9549c1 vary Accept-Encoding access-control-allow-methods HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * x-timestamp 1680686917.96248 cache-control max-age=172800 access-control-expose-headers X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp accept-ranges bytes access-control-allow-headers Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization x-proxy-cache HIT
GET		icon1.png 7.groovinews.com/common-player-arrow/img/	0 0

GET		icon2.png 7.groovinews.com/common-player-arrow/img/	0 0

GET		icon3.png 7.groovinews.com/common-player-arrow/img/	0 0

GET		icon4.png 7.groovinews.com/common-player-arrow/img/	0 0

GET		icon5.png 7.groovinews.com/common-player-arrow/img/	0 0

GET		icon7.png 7.groovinews.com/common-player-arrow/img/	0 0

GET		icon8.png 7.groovinews.com/common-player-arrow/img/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 7.groovinews.com
URL: https://7.groovinews.com/common-player-arrow/img/icon1.png

Domain: 7.groovinews.com
URL: https://7.groovinews.com/common-player-arrow/img/icon2.png

Domain: 7.groovinews.com
URL: https://7.groovinews.com/common-player-arrow/img/icon3.png

Domain: 7.groovinews.com
URL: https://7.groovinews.com/common-player-arrow/img/icon4.png

Domain: 7.groovinews.com
URL: https://7.groovinews.com/common-player-arrow/img/icon5.png

Domain: 7.groovinews.com
URL: https://7.groovinews.com/common-player-arrow/img/icon7.png

Domain: 7.groovinews.com
URL: https://7.groovinews.com/common-player-arrow/img/icon8.png

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.myckdom.com/	1970-01-20 17:41:43	Name: rhid Value: 83455961589
.myckdom.com/	1970-01-20 13:22:35	Name: loi Value: ad_1641867_off_1084531_aff_87436_cid_374591-JANEWEBEREVERGREENARBORETUM.COM_ts_1689751884
.tectlymealed.com/	1970-01-20 13:23:58	Name: b657e763-84c9-4a71-911e-6158eab76b8e-v4 Value: e1e0CaStgP9uKzOtDTnskT3Qc5PfEtwGZCdwEWOE_PY
.tectlymealed.com/	1970-01-20 22:08:07	Name: cc-v4 Value: y5NZ3gwVwBuSU%2FFPex38hOKtDpRu4vRinybbtbrhcdTvRQkLyaRZpWrfclG4W4%2Bc99FPo3HLJZAyiOglePdp4%2BUVMfem5MXg00o2eCYJk85RDY%2BtqtuILgupJD%2BEspIhcpFY5KxiNhq8TtTU7fCLHA%3D%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.groovinews.com
7.groovinews.com
clkdeals.com
janeweberevergreenarboretum.com
myckdom.com
p374591.myckdom.com
tectlymealed.com
7.groovinews.com
167.172.228.26
18.141.253.42
45.133.44.21
52.116.53.146
52.117.247.211
278036e70b87a8718a79e43b7e3b187be57065702861536af09ae7bcd2bd5d75
2e6c7a5818160fa7db7adb5c5cba9324acd5fa11ed0ebb9b453d1728dd04122f
4f58b524e7febc482c9d333400ba9fb4751f5f401bd269b3c7e57b0130e7a4ba

1.groovinews.com Open in urlscan Pro 45.133.44.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

11 Requests

36 %HTTPS

0 %IPv6

5 Domains

7 Subdomains

4 IPs

2 Countries

15 kBTransfer

14 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

4 Cookies

Indicators

1.groovinews.com Open in urlscan Pro
45.133.44.21 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

36 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

4
IPs

2
Countries

15 kB
Transfer

14 kB
Size

4
Cookies

11 HTTP transactions
0 data transactions