Overview

URL www.flyrlk.com/retarget?k=pub1c2f90b706a148ca8df9f288150a9398
IP104.31.68.218
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2017-09-14 09:54:45 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-09-14 2 apwvx.adsbtrack.com/c/245d96912e3e4930 Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.31.68.218

Date UQ / IDS / BL URL IP
2017-10-05 16:51:39 +0200
0 - 0 - 1 www.flyrlk.com/retarget?k=pubecab42a9b9ae4221 (...) 104.31.68.218
2017-10-05 08:36:49 +0200
0 - 1 - 1 www.flyrlk.com/retarget?k=pub22256b50bb414334 (...) 104.31.68.218
2017-10-04 10:28:59 +0200
0 - 0 - 2 www.flyrlk.com/retarget?k=pub6597077ea90847e9 (...) 104.31.68.218
2017-10-03 04:20:31 +0200
0 - 1 - 0 www.flyrlk.com/retarget?k=pub817dea43b60c4666 (...) 104.31.68.218
2017-10-02 23:06:40 +0200
0 - 1 - 1 www.flyrlk.com/retarget?k=pub0be8a537656f4019 (...) 104.31.68.218
2017-10-01 10:13:57 +0200
0 - 0 - 5 www.flyrlk.com/retarget?k=pub535bd19ec7654d64 (...) 104.31.68.218
2017-09-29 10:23:25 +0200
0 - 0 - 5 www.flyrlk.com/retarget?k=pubca006af98d064d92 (...) 104.31.68.218
2017-09-26 23:04:10 +0200
0 - 0 - 5 www.flyrlk.com/retarget?k=pub9887d8a3875c4fb6 (...) 104.31.68.218
2017-09-24 02:12:54 +0200
0 - 0 - 5 www.flyrlk.com/retarget?k=pubaa9593ee83b640d9 (...) 104.31.68.218
2017-09-23 19:44:25 +0200
0 - 0 - 5 www.flyrlk.com/retarget?k=pub4c8f2e56c2584cb1 (...) 104.31.68.218

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2017-11-23 04:44:52 +0100
0 - 0 - 2 www.abeautyclub.com/vvp-confent/Execufives/@* 104.24.99.115
2017-11-23 04:43:22 +0100
0 - 0 - 1 https://lps.istream.link/thankyou/mac/index.h (...) 104.28.19.163
2017-11-23 04:36:18 +0100
0 - 0 - 0 https://waa.ai/zRxK?verify&secured=redirect 104.24.113.128
2017-11-23 04:34:58 +0100
0 - 1 - 0 degreeeaveelectioneagle.tk/8wQPJVBB4xTd50VeVl (...) 104.24.105.54
2017-11-23 04:32:33 +0100
0 - 3 - 0 decryptionassociationzephyrmarriage.tk/dl?n=M (...) 104.27.188.37
2017-11-23 04:27:48 +0100
0 - 0 - 3 factorio.bid/pc/new%20outlook/ 104.31.79.43
2017-11-23 04:21:31 +0100
0 - 0 - 2 www.onread.com/downloadprogramm/Harry-Potter- (...) 104.28.18.36
2017-11-23 04:21:15 +0100
0 - 2 - 0 kamil-chojnicki.pl/ 104.27.165.202
2017-11-23 04:15:53 +0100
0 - 0 - 1 kuaptrk.com/mt/v234x284b4r2u20344r2w244p2/ 104.16.86.74
2017-11-23 04:08:44 +0100
0 - 0 - 0 pastebin.com/raw.php?i=vtdgqQRD 104.20.209.21

No other reports on domain: flyrlk.com



JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (10)


Request Response
                                        
                                            GET /retarget?k=pub1c2f90b706a148ca8df9f288150a9398 HTTP/1.1 
Host: www.flyrlk.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.31.69.218
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 14 Sep 2017 07:54:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd8ad6c9b8bd3a273ceadb7bfb6383b3c1505375652; expires=Fri, 14-Sep-18 07:54:12 GMT; path=/; domain=.flyrlk.com; HttpOnly
Content-Language: en
Vary: Accept-Language,Cookie
X-Frame-Options: SAMEORIGIN
Server: cloudflare-nginx
CF-RAY: 39e1c6e697e142af-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   467
Md5:    87e6f24aa74109ae6f98d684204c4fc1
Sha1:   90d3a88b0877ca4e061fe89efffb35f555b026e8
Sha256: c5878f2c87d2d24978b66b7494f7cb26306e885d09214671a9e06a788f47019b
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.flyrlk.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=dd8ad6c9b8bd3a273ceadb7bfb6383b3c1505375652

                                         
                                         104.31.69.218
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 14 Sep 2017 07:54:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Language: en
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: EXPIRED
Server: cloudflare-nginx
CF-RAY: 39e1c6e7701242af-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   170
Md5:    ea23b8d94368b86676230e89ec26ed9c
Sha1:   397b94b0e29486814bde56a93428e9b4ee9a6515
Sha256: da02c2fc72e6c1e080bf7f26d62f2115a169cb8e13e536a78b0961df9972653c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 14 Sep 2017 07:54:13 GMT
Server: Apache
Last-Modified: Thu, 14 Sep 2017 04:05:54 GMT
Expires: Thu, 21 Sep 2017 04:05:54 GMT
Etag: 6A87581FFE4E5297A7209261402A027BDCE40BA5
Cache-Control: max-age=590500,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp31
Content-Length: 279
Connection: close


--- Additional Info ---
Magic:  data
Size:   279
Md5:    8ab1953252063689fd956834b5071d21
Sha1:   6a87581ffe4e5297a7209261402a027bdce40ba5
Sha256: 6364c44c1d4ac44d680c29d59960fe65a54d409c73d949aa2f3ed670dda97f5b
                                        
                                            GET /?s1=pub1c2f90b706a148ca8df9f288150a9398&pub=5b1fe564_18522_ HTTP/1.1 
Host: 79on.kide.gdn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.flyrlk.com/retarget?k=pub1c2f90b706a148ca8df9f288150a9398

                                         
                                         198.255.32.244
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: openresty/1.11.2.2
Date: Thu, 14 Sep 2017 07:54:13 GMT
Content-Length: 191
Connection: keep-alive
Location: http://apwvx.adsbtrack.com/c/245d96912e3e4930


--- Additional Info ---
Magic:  HTML document text
Size:   191
Md5:    dbcd71d122507bb85f10b7da5f648963
Sha1:   51bf8d3d74a71feef1a13121ccc03549b309bab5
Sha256: 592952642db0bb5fbdffeb1f1481224b91230684ca5c0c044fe1c30a2941753d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 14 Sep 2017 07:54:13 GMT
Server: Apache
Last-Modified: Mon, 11 Sep 2017 21:19:01 GMT
Expires: Mon, 18 Sep 2017 21:19:01 GMT
Etag: C9A884D93E4B996BF11A0272A62C45D7B41EAF15
Cache-Control: max-age=393287,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp31
Content-Length: 312
Connection: close


--- Additional Info ---
Magic:  data
Size:   312
Md5:    f0c2dcca1c41639b6c93d96a7f6e374f
Sha1:   c9a884d93e4b996bf11a0272a62c45d7b41eaf15
Sha256: f67438d81aa4a35aaf2d67ba2956d1a3f4fe3bb74f54be473fef2228358de918
                                        
                                            GET /c/245d96912e3e4930 HTTP/1.1 
Host: apwvx.adsbtrack.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.flyrlk.com/retarget?k=pub1c2f90b706a148ca8df9f288150a9398

                                         
                                         52.211.95.198
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 14 Sep 2017 08:01:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: unique_283722=unique_283722; expires=Fri, 15-Sep-2017 07:54:13 GMT; Max-Age=86400; path=/ unique_id=59ba35a586650100852108; expires=Fri, 15-Sep-2017 07:54:13 GMT; Max-Age=86400; path=/ unique_283722=unique_283722; expires=Fri, 15-Sep-2017 07:54:13 GMT; Max-Age=86400; path=/ unique_id=59ba35a586650100852108; expires=Fri, 15-Sep-2017 07:54:13 GMT; Max-Age=86400; path=/
X-Powered-By: PHP/7.0.18
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1527
Md5:    b8c6ce176694ee3d842854c4efa19d3a
Sha1:   5457edbba786d3ba528a93b898bcc228de7975df
Sha256: 7bd5c66839aefd376265b0cd0e841ee3c8ca7af1c2dc4a9abe789a4fb4dcf442

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.flyrlk.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=dd8ad6c9b8bd3a273ceadb7bfb6383b3c1505375652

                                         
                                         104.31.69.218
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 14 Sep 2017 07:54:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Language: en
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 39e1c6fbb45342af-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   170
Md5:    ea23b8d94368b86676230e89ec26ed9c
Sha1:   397b94b0e29486814bde56a93428e9b4ee9a6515
Sha256: da02c2fc72e6c1e080bf7f26d62f2115a169cb8e13e536a78b0961df9972653c
                                        
                                            POST / HTTP/1.1 
Host: ss.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1609
Content-Transfer-Encoding: binary
Cache-Control: max-age=391214, public, no-transform, must-revalidate
Last-Modified: Mon, 11 Sep 2017 20:32:49 GMT
Expires: Mon, 18 Sep 2017 20:32:49 GMT
Date: Thu, 14 Sep 2017 07:54:16 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1609
Md5:    145dd61bb379b95ee9242d3efaa67687
Sha1:   381e9b7fb920553fa3da17dd7d3a3b84bc7303e6
Sha256: 009c946a69fb5a66ef466df2a1c61e1fe023d205937e56c1cc36b2dbe5434eac
                                        
                                            GET /images/jump-favicon.ico HTTP/1.1 
Host: cdn-def.akamaized.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.159.219.16
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Server: nginx
Content-Length: 1150
Last-Modified: Thu, 04 Dec 2014 12:51:55 GMT
Etag: "47e-509636cd61618"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 21 Sep 2017 07:54:16 GMT
Date: Thu, 14 Sep 2017 07:54:16 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   1150
Md5:    0952b9dfa1e4ebf0058592eee3302a73
Sha1:   097850b34d43b1d9557d1c67e144f86679a84be6
Sha256: dedda483c1ee58da9fb3d6f9f9ba972db18d893554a53673a32221bb3d93a701
                                        
                                            GET /rev.jpg HTTP/1.1 
Host: blank.addlnk.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.18.46.192
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 14 Sep 2017 07:54:16 GMT
Content-Length: 7511
Connection: keep-alive
Set-Cookie: __cfduid=dfede77b846cb7444825c5469365a26d41505375656; expires=Fri, 14-Sep-18 07:54:16 GMT; path=/; domain=.addlnk.com; HttpOnly
x-amz-id-2: frOV6zT3TkT1N6SHdUJKMi+2z5yHmyl9vx89xrciprMALsm4maYftGpBHPmWIfmZi3b/vrVhOH0=
x-amz-request-id: F6509B3013F54107
Last-Modified: Fri, 17 Feb 2017 19:41:55 GMT
Etag: "c4cb57ada641118c959dc4ba26fc2c01"
CF-Cache-Status: HIT
Vary: Accept-Encoding
Expires: Thu, 14 Sep 2017 11:54:16 GMT
Cache-Control: public, max-age=14400
Server: cloudflare-nginx
CF-RAY: 39e1c6fd0be74273-OSL


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   7511
Md5:    c4cb57ada641118c959dc4ba26fc2c01
Sha1:   6a685048b8ac0aeae4efbf65295ed18680815606
Sha256: d90be3dd46276799d59e95e627c0697ca4138220393de3d2e934e644e79711d5