urlscan.io logo urlscan.io
SecurityTrails logo

porwaniedziewczynki48.eu Open in urlscan Pro
46.242.232.83  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Submission: On November 07 via api from CZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 20 HTTP transactions. The main IP is 46.242.232.83, located in Poland and belongs to HOMEPL-AS, PL. The main domain is porwaniedziewczynki48.eu.
This is the only time porwaniedziewczynki48.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 4 46.242.232.83 12824 (HOMEPL-AS)
1 4 89.161.254.183 12824 (HOMEPL-AS)
6 136.243.169.30 24940 (HETZNER-AS)
1 4 138.201.227.223 24940 (HETZNER-AS)
4 4 138.201.161.134 24940 (HETZNER-AS)
1 2 138.201.139.207 24940 (HETZNER-AS)
1 138.201.71.157 24940 (HETZNER-AS)
1 37.252.173.62 29990 (ASN-APPNEXUS)
2 138.201.137.155 24940 (HETZNER-AS)
20 8
4    46.242.232.83 (Poland)

ASN12824 (HOMEPL-AS, PL)
PTR: cloudserver178899.home.pl
porwaniedziewczynki48.eu
4    89.161.254.183 (Poland)

ASN12824 (HOMEPL-AS, PL)
PTR: cloudserver2082475.home.pl
www.licznikodwiedzin.pl
www.deszczowce.pl
6    136.243.169.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 3-beer.funcadr.net
adsearch.adkontekst.pl
4    138.201.227.223 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 5-beer.funcadr.net
cm.em.nscontext.eu
prd-header-biding.vda.netsprint.pl
4    138.201.161.134 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 2-beer.funcadr.net
mis.em.nscontext.eu
2    138.201.139.207 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 6-bt-spd-d.funcns.net
api.spoldzielnia.nsaudience.pl
1    138.201.71.157 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 10-bt-cassa.funcns.net
gdpr.api.dmp.nsaudience.pl
1    37.252.173.62 (Ascension Island)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
2    138.201.137.155 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 6-beer.funcadr.net
prd-dib-logger-service.vda.netsprint.pl
Domain Requested by
6 adsearch.adkontekst.pl www.licznikodwiedzin.pl
adsearch.adkontekst.pl
prd-header-biding.vda.netsprint.pl
4 mis.em.nscontext.eu 4 redirects
4 porwaniedziewczynki48.eu 1 redirects porwaniedziewczynki48.eu
2 prd-dib-logger-service.vda.netsprint.pl prd-header-biding.vda.netsprint.pl
2 prd-header-biding.vda.netsprint.pl adsearch.adkontekst.pl
prd-header-biding.vda.netsprint.pl
2 api.spoldzielnia.nsaudience.pl 1 redirects adsearch.adkontekst.pl
2 cm.em.nscontext.eu 1 redirects adsearch.adkontekst.pl
2 www.deszczowce.pl 1 redirects porwaniedziewczynki48.eu
2 www.licznikodwiedzin.pl porwaniedziewczynki48.eu
www.licznikodwiedzin.pl
1 ib.adnxs.com prd-header-biding.vda.netsprint.pl
1 gdpr.api.dmp.nsaudience.pl adsearch.adkontekst.pl
20 11

This site contains no links.

Subject Issuer Validity Valid
*.adsearch.adkontekst.pl
nazwaSSL		 2018-11-24 -
2019-11-24		 a year crt.sh
www.deszczowce.pl
Certyfikat SSL		 2019-01-25 -
2020-01-25		 a year crt.sh
*.em.nscontext.eu
nazwaSSL		 2019-08-20 -
2020-08-19		 a year crt.sh
*.spoldzielnia.nsaudience.pl
nazwaSSL		 2019-09-06 -
2020-09-04		 a year crt.sh
*.api.dmp.nsaudience.pl
nazwaSSL		 2019-09-17 -
2020-09-16		 a year crt.sh
*.vda.netsprint.pl
nazwaSSL		 2019-02-19 -
2020-02-19		 a year crt.sh

This page contains 5 frames:

Primary Page: http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Frame ID: 1C0203B0FBD4DA0E2674AD8F3FBD24D6
Requests: 15 HTTP requests in this frame

Frame: http://www.licznikodwiedzin.pl/cnt/cnt.php?key=157910342&minDigits=7
Frame ID: BA1553B26C3D102165856E72762841FA
Requests: 1 HTTP requests in this frame

Frame: https://cm.em.nscontext.eu/cm/iframe//?uid=mi16e46848e453f9d9037db1f7335
Frame ID: EDADB90A0DD6117378313A38C4370452
Requests: 1 HTTP requests in this frame

Frame: https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16e46848e497bed481996169cc3
Frame ID: 62A4C66BE6DB94BE8A4F2291ABA105A7
Requests: 1 HTTP requests in this frame

Frame: http://prd-header-biding.vda.netsprint.pl/js/tools.js
Frame ID: 71C19217C25948D4DDABABC72BD113A3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://porwaniedziewczynki48.eu/weryfikacja/mobile HTTP 301
    http://porwaniedziewczynki48.eu/weryfikacja/mobile/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

20
Requests

65 %
HTTPS

0 %
IPv6

8
Domains

11
Subdomains

8
IPs

3
Countries

210 kB
Transfer

714 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://porwaniedziewczynki48.eu/weryfikacja/mobile HTTP 301
    http://porwaniedziewczynki48.eu/weryfikacja/mobile/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://www.deszczowce.pl/app/webroot/img/bannery/adkontekst/xx.gif HTTP 301
  • https://www.deszczowce.pl/app/webroot/img/bannery/adkontekst/xx.gif
Request Chain 6
  • https://cm.em.nscontext.eu/cm/iframe/ HTTP 302
  • https://mis.em.nscontext.eu/deimos/cm/?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__ HTTP 302
  • https://mis.em.nscontext.eu/ex/tmp1573141122629Z542642727/mi16e46848e453f9d9037db1f7335/1?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__ HTTP 302
  • https://cm.em.nscontext.eu/cm/iframe//?uid=mi16e46848e453f9d9037db1f7335
Request Chain 7
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/matchSale.api HTTP 302
  • https://mis.em.nscontext.eu/?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__ HTTP 302
  • https://mis.em.nscontext.eu/ex/tmp1573141122633Z501999176/mi16e46848e497bed481996169cc3/1?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__ HTTP 302
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16e46848e497bed481996169cc3

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
porwaniedziewczynki48.eu/weryfikacja/mobile/
Redirect Chain
  • http://porwaniedziewczynki48.eu/weryfikacja/mobile
  • http://porwaniedziewczynki48.eu/weryfikacja/mobile/
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Protocol
HTTP/1.1
Server
46.242.232.83 , Poland, ASN12824 (HOMEPL-AS, PL),
Reverse DNS
cloudserver178899.home.pl
Software
Apache /
Resource Hash
54f102d1d1b4bd8c53e8284c699634f98ff0470723a7053fbb80cff9a8ec0ac5

Request headers

Host
porwaniedziewczynki48.eu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Date
Thu, 07 Nov 2019 15:38:42 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Server
Apache
Last-Modified
Wed, 06 Nov 2019 13:06:28 GMT
ETag
W/"1aab-596ad377cfd00"
Content-Encoding
gzip

Redirect headers

Date
Thu, 07 Nov 2019 15:38:42 GMT
Content-Type
text/html; charset=iso-8859-1
Content-Length
259
Connection
keep-alive
Server
Apache
Location
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
style.css
porwaniedziewczynki48.eu/weryfikacja/mobile/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://porwaniedziewczynki48.eu/weryfikacja/mobile/style.css
Requested by
Host: porwaniedziewczynki48.eu
URL: http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Protocol
HTTP/1.1
Server
46.242.232.83 , Poland, ASN12824 (HOMEPL-AS, PL),
Reverse DNS
cloudserver178899.home.pl
Software
Apache /
Resource Hash
5b795bdf7c24fe02623b68b85c8549449b382c3640bccc878eac24ef85d281e6

Request headers

Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Date
Thu, 07 Nov 2019 15:38:42 GMT
Content-Encoding
gzip
Last-Modified
Wed, 06 Nov 2019 13:06:29 GMT
Server
Apache
ETag
W/"2abb-596ad378c3f40"
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
fb.png
porwaniedziewczynki48.eu/weryfikacja/mobile/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://porwaniedziewczynki48.eu/weryfikacja/mobile/fb.png
Requested by
Host: porwaniedziewczynki48.eu
URL: http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Protocol
HTTP/1.1
Server
46.242.232.83 , Poland, ASN12824 (HOMEPL-AS, PL),
Reverse DNS
cloudserver178899.home.pl
Software
Apache /
Resource Hash
48660be52c0b2dbbabc71f51863a28341d3ca0f1b11bfd131e1aceef6aedbaf9

Request headers

Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Date
Thu, 07 Nov 2019 15:38:42 GMT
Last-Modified
Wed, 06 Nov 2019 13:06:28 GMT
Server
Apache
ETag
"9a8-596ad377cfd00"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2472
start.php
www.licznikodwiedzin.pl/cnt/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.licznikodwiedzin.pl/cnt/start.php?key=157910342
Requested by
Host: porwaniedziewczynki48.eu
URL: http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Protocol
HTTP/1.1
Server
89.161.254.183 , Poland, ASN12824 (HOMEPL-AS, PL),
Reverse DNS
cloudserver2082475.home.pl
Software
IdeaWebServer/0.83.292 /
Resource Hash
c5d15cbcc683069c646ec02c46e679d52e522fb54177e9ad6c2fc218d7983b7e

Request headers

Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Date
Thu, 07 Nov 2019 15:38:42 GMT
Content-Encoding
gzip
Server
IdeaWebServer/0.83.292
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html
Cookie set cnt.php
www.licznikodwiedzin.pl/cnt/ Frame BA15 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://www.licznikodwiedzin.pl/cnt/cnt.php?key=157910342&minDigits=7
Requested by
Host: www.licznikodwiedzin.pl
URL: http://www.licznikodwiedzin.pl/cnt/start.php?key=157910342
Protocol
HTTP/1.1
Server
89.161.254.183 , Poland, ASN12824 (HOMEPL-AS, PL),
Reverse DNS
cloudserver2082475.home.pl
Software
IdeaWebServer/0.83.292 /
Resource Hash

Request headers

Host
www.licznikodwiedzin.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/

Response headers

Date
Thu, 07 Nov 2019 15:38:42 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Server
IdeaWebServer/0.83.292
Set-Cookie
daily_157910342=1; expires=Fri, 08-Nov-2019 15:38:42 GMT; path=/
Content-Encoding
gzip
/
adsearch.adkontekst.pl/_/ads2/ 		27 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adsearch.adkontekst.pl/_/ads2/?QAPS_AKPL=0777479e274c03f3865ef57852a7c607
Requested by
Host: www.licznikodwiedzin.pl
URL: http://www.licznikodwiedzin.pl/cnt/start.php?key=157910342
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
136.243.169.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
3-beer.funcadr.net
Software
nginx /
Resource Hash
178dfd5480684c29dd44f95029bc06346172e439154e8f48eae3104404dcffd8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 07 Nov 2019 15:38:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
DENY
Content-Language
en-US
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript;charset=UTF-8
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Application-Context
dispatcher-service-tao:dispatcher-run:8532
Expires
0
xx.gif
www.deszczowce.pl/app/webroot/img/bannery/adkontekst/
Redirect Chain
  • http://www.deszczowce.pl/app/webroot/img/bannery/adkontekst/xx.gif
  • https://www.deszczowce.pl/app/webroot/img/bannery/adkontekst/xx.gif
836 B
992 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.deszczowce.pl/app/webroot/img/bannery/adkontekst/xx.gif
Requested by
Host: porwaniedziewczynki48.eu
URL: http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.161.254.183 , Poland, ASN12824 (HOMEPL-AS, PL),
Reverse DNS
cloudserver2082475.home.pl
Software
IdeaWebServer/0.83.292 /
Resource Hash
038f95f1b5770bd0f9a3e0b63fd15aefc33f15194ee9aabbea57aea9c48b0010

Request headers

Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

status
200
date
Thu, 07 Nov 2019 15:38:42 GMT
last-modified
Thu, 04 Oct 2018 02:40:25 GMT
server
IdeaWebServer/0.83.292
content-type
image/gif
content-length
836
expires
Thu, 19 Dec 2019 07:38:43 GMT

Redirect headers

Date
Thu, 07 Nov 2019 15:38:42 GMT
Last-Modified
Thu, 04 Oct 2018 02:40:25 GMT
Server
IdeaWebServer/0.83.292
Content-Type
text/html
Location
https://www.deszczowce.pl/app/webroot/img/bannery/adkontekst/xx.gif
Connection
keep-alive
Content-Length
223
Expires
Thu, 19 Dec 2019 07:38:43 GMT
Cookie set /
cm.em.nscontext.eu/cm/iframe// Frame EDAD
Redirect Chain
  • https://cm.em.nscontext.eu/cm/iframe/
  • https://mis.em.nscontext.eu/deimos/cm/?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__
  • https://mis.em.nscontext.eu/ex/tmp1573141122629Z542642727/mi16e46848e453f9d9037db1f7335/1?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__
  • https://cm.em.nscontext.eu/cm/iframe//?uid=mi16e46848e453f9d9037db1f7335
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.em.nscontext.eu/cm/iframe//?uid=mi16e46848e453f9d9037db1f7335
Requested by
Host: adsearch.adkontekst.pl
URL: https://adsearch.adkontekst.pl/_/ads2/?QAPS_AKPL=0777479e274c03f3865ef57852a7c607
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
138.201.227.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
5-beer.funcadr.net
Software
nginx /
Resource Hash

Request headers

Host
cm.em.nscontext.eu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Accept-Encoding
gzip, deflate, br
Cookie
volatileUid=mi16e46848e453f9d9037db1f7335; tmp1573141122629Z542642727=mi16e46848e453f9d9037db1f7335; uid=mi16e46848e453f9d9037db1f7335
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/

Response headers

Server
nginx
Date
Thu, 07 Nov 2019 15:38:42 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
uid=mi16e46848e453f9d9037db1f7335;Path=/;Domain=.em.nscontext.eu;Expires=Sat, 06-Nov-2021 15:38:42 GMT ec=ec;Path=/;Expires=Thu, 07-Nov-2019 16:38:42 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Server
nginx
Date
Thu, 07 Nov 2019 15:38:42 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
uid=mi16e46848e453f9d9037db1f7335;Path=/;Domain=.em.nscontext.eu;Expires=Sat, 06-Nov-2021 15:38:42 GMT;Max-Age=63072000
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://cm.em.nscontext.eu/cm/iframe//?uid=mi16e46848e453f9d9037db1f7335
Cookie set sale.api
api.spoldzielnia.nsaudience.pl/frontend/api/ Frame 62A4
Redirect Chain
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/matchSale.api
  • https://mis.em.nscontext.eu/?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__
  • https://mis.em.nscontext.eu/ex/tmp1573141122633Z501999176/mi16e46848e497bed481996169cc3/1?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16e46848e497bed481996169cc3
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16e46848e497bed481996169cc3
Requested by
Host: adsearch.adkontekst.pl
URL: https://adsearch.adkontekst.pl/_/ads2/?QAPS_AKPL=0777479e274c03f3865ef57852a7c607
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.139.207 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
6-bt-spd-d.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash

Request headers

Host
api.spoldzielnia.nsaudience.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/

Response headers

Server
Microsoft-IIS/7.5
Date
Thu, 07 Nov 2019 15:38:42 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
P3P
CP="CAO COR COR CON TEL IVD SAM IND BUS"
Set-Cookie
ut=1573141122640;Path=/;Expires=Fri, 06-Nov-2020 15:38:42 GMT uid=mi16e46848e497bed481996169cc3;Path=/;Expires=Fri, 06-Nov-2020 15:38:42 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Thu, 07 Nov 2019 15:38:42 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
uid=mi16e46848e497bed481996169cc3;Path=/;Domain=.em.nscontext.eu;Expires=Sat, 06-Nov-2021 15:38:42 GMT;Max-Age=63072000
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16e46848e497bed481996169cc3
status
adsearch.adkontekst.pl/_/cmp/ 		2 B
519 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adsearch.adkontekst.pl/_/cmp/status?own=false
Requested by
Host: adsearch.adkontekst.pl
URL: https://adsearch.adkontekst.pl/_/ads2/?QAPS_AKPL=0777479e274c03f3865ef57852a7c607
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
136.243.169.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
3-beer.funcadr.net
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Pragma
no-cache
Date
Thu, 07 Nov 2019 15:38:42 GMT
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
DENY
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
http://porwaniedziewczynki48.eu
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
Content-Length
2
X-XSS-Protection
1; mode=block
X-Application-Context
dispatcher-service-tao:dispatcher-run:8532
Expires
0
get.js
gdpr.api.dmp.nsaudience.pl/frontend/agreement/ 		84 B
431 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gdpr.api.dmp.nsaudience.pl/frontend/agreement/get.js?source_id=ns&callback=ns_vda.dispatcher.rodos.callAllCallbacks
Requested by
Host: adsearch.adkontekst.pl
URL: https://adsearch.adkontekst.pl/_/ads2/?QAPS_AKPL=0777479e274c03f3865ef57852a7c607
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.71.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
10-bt-cassa.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
86d37d15e6fec711dec2cc55422fed6acea9cbe128df584c76442b25699e6ddb

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 07 Nov 2019 15:38:42 GMT
Server
Microsoft-IIS/7.5
P3P
CP="CAO COR COR CON TEL IVD SAM IND BUS"
Cache-Control
private, no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
application/x-javascript;charset=UTF-8
Content-Length
84
Expires
Thu, 01 Jan 1970 00:00:00 GMT
0777479e274c03f3865ef57852a7c607
prd-header-biding.vda.netsprint.pl/units/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://prd-header-biding.vda.netsprint.pl/units/0777479e274c03f3865ef57852a7c607?mobile=false&cpmValue=0.17&adTagId=QAPS_AKPL_0777479e274c03f3865ef57852a7c607&cpmCurrency=PLN&nsEmiterSource=AK&nsEmiterPlacementEmissionUrl=https%3A%2F%2Fadsearch.adkontekst.pl%2F_%2Fads2%2F%3Fstrict%3Dtrue%26QAPS_AKPL%3D0777479e274c03f3865ef57852a7c607%26dispatched%3Dtrue%26useBehavioralTargeting%3Dtrue&gdprEnable=false
Requested by
Host: adsearch.adkontekst.pl
URL: https://adsearch.adkontekst.pl/_/ads2/?QAPS_AKPL=0777479e274c03f3865ef57852a7c607
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.227.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
5-beer.funcadr.net
Software
nginx /
Resource Hash
06c320a96c77c16024d7962ab108ea51c5ef54f69047238979ec5bab73c96069
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 07 Nov 2019 15:38:44 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
X-Xss-Protection
1; mode=block
X-Application-Context
header-bidding-service
Expires
0
tools.js
prd-header-biding.vda.netsprint.pl/js/ Frame 71C1 		186 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://prd-header-biding.vda.netsprint.pl/js/tools.js
Requested by
Host: prd-header-biding.vda.netsprint.pl
URL: https://prd-header-biding.vda.netsprint.pl/units/0777479e274c03f3865ef57852a7c607?mobile=false&cpmValue=0.17&adTagId=QAPS_AKPL_0777479e274c03f3865ef57852a7c607&cpmCurrency=PLN&nsEmiterSource=AK&nsEmiterPlacementEmissionUrl=https%3A%2F%2Fadsearch.adkontekst.pl%2F_%2Fads2%2F%3Fstrict%3Dtrue%26QAPS_AKPL%3D0777479e274c03f3865ef57852a7c607%26dispatched%3Dtrue%26useBehavioralTargeting%3Dtrue&gdprEnable=false
Protocol
HTTP/1.1
Server
138.201.227.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
5-beer.funcadr.net
Software
nginx /
Resource Hash
fb1bddda0518b2b9969441cdbdae6404ad3916fa51999581b0099645c35b5758

Request headers

Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Date
Thu, 07 Nov 2019 15:38:44 GMT
Content-Encoding
gzip
Last-Modified
Sat, 26 Oct 2019 15:29:27 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=300
Transfer-Encoding
chunked
Connection
keep-alive
Accept-Ranges
bytes
X-Application-Context
header-bidding-service
prebid
ib.adnxs.com/ut/v3/ Frame 71C1 		144 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
http://ib.adnxs.com/ut/v3/prebid
Requested by
Host: prd-header-biding.vda.netsprint.pl
URL: http://prd-header-biding.vda.netsprint.pl/js/tools.js
Protocol
HTTP/1.1
Server
37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 07 Nov 2019 15:38:46 GMT
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.23:80
AN-X-Request-Uuid
8bf2a52b-2506-4d79-9501-c115e9cc76f5
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
http://porwaniedziewczynki48.eu
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
adsearch.adkontekst.pl/_/ads2/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adsearch.adkontekst.pl/_/ads2/?strict=true&QAPS_AKPL=0777479e274c03f3865ef57852a7c607&dispatched=true&useBehavioralTargeting=true
Requested by
Host: prd-header-biding.vda.netsprint.pl
URL: https://prd-header-biding.vda.netsprint.pl/units/0777479e274c03f3865ef57852a7c607?mobile=false&cpmValue=0.17&adTagId=QAPS_AKPL_0777479e274c03f3865ef57852a7c607&cpmCurrency=PLN&nsEmiterSource=AK&nsEmiterPlacementEmissionUrl=https%3A%2F%2Fadsearch.adkontekst.pl%2F_%2Fads2%2F%3Fstrict%3Dtrue%26QAPS_AKPL%3D0777479e274c03f3865ef57852a7c607%26dispatched%3Dtrue%26useBehavioralTargeting%3Dtrue&gdprEnable=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
136.243.169.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
3-beer.funcadr.net
Software
nginx /
Resource Hash
fdb2a37bb58c93c40b76b372766fb3bea6c78e1141fc92afc886e99459c6d15d

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Date
Thu, 07 Nov 2019 15:38:44 GMT
Content-Encoding
gzip
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=UTF-8
dibs
prd-dib-logger-service.vda.netsprint.pl/loggers/ 		2 B
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prd-dib-logger-service.vda.netsprint.pl/loggers/dibs
Requested by
Host: prd-header-biding.vda.netsprint.pl
URL: https://prd-header-biding.vda.netsprint.pl/units/0777479e274c03f3865ef57852a7c607?mobile=false&cpmValue=0.17&adTagId=QAPS_AKPL_0777479e274c03f3865ef57852a7c607&cpmCurrency=PLN&nsEmiterSource=AK&nsEmiterPlacementEmissionUrl=https%3A%2F%2Fadsearch.adkontekst.pl%2F_%2Fads2%2F%3Fstrict%3Dtrue%26QAPS_AKPL%3D0777479e274c03f3865ef57852a7c607%26dispatched%3Dtrue%26useBehavioralTargeting%3Dtrue&gdprEnable=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.137.155 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
6-beer.funcadr.net
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Sec-Fetch-Mode
cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Thu, 07 Nov 2019 15:38:44 GMT
Server
nginx
Vary
Origin
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
http://porwaniedziewczynki48.eu
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2
X-Application-Context
dib-logger-service
times
prd-dib-logger-service.vda.netsprint.pl/loggers/ 		2 B
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prd-dib-logger-service.vda.netsprint.pl/loggers/times
Requested by
Host: prd-header-biding.vda.netsprint.pl
URL: https://prd-header-biding.vda.netsprint.pl/units/0777479e274c03f3865ef57852a7c607?mobile=false&cpmValue=0.17&adTagId=QAPS_AKPL_0777479e274c03f3865ef57852a7c607&cpmCurrency=PLN&nsEmiterSource=AK&nsEmiterPlacementEmissionUrl=https%3A%2F%2Fadsearch.adkontekst.pl%2F_%2Fads2%2F%3Fstrict%3Dtrue%26QAPS_AKPL%3D0777479e274c03f3865ef57852a7c607%26dispatched%3Dtrue%26useBehavioralTargeting%3Dtrue&gdprEnable=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.137.155 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
6-beer.funcadr.net
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Sec-Fetch-Mode
cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Thu, 07 Nov 2019 15:38:44 GMT
Server
nginx
Vary
Origin
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
http://porwaniedziewczynki48.eu
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2
X-Application-Context
dib-logger-service
/
adsearch.adkontekst.pl/quad/spliter/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adsearch.adkontekst.pl/quad/spliter/?prefix=akon&prid=0&caid=0&plh=0777479e274c03f3865ef57852a7c607&plid=0&namespace=qa_akon&nc=1573141124842&qss=true&nc2=806447387&dispatched=false&adblock=false&useBehavioralTargeting=true&type=K1&ref=http%3A%2F%2Fporwaniedziewczynki48.eu%2Fweryfikacja%2Fmobile%2F
Requested by
Host: adsearch.adkontekst.pl
URL: https://adsearch.adkontekst.pl/_/ads2/?strict=true&QAPS_AKPL=0777479e274c03f3865ef57852a7c607&dispatched=true&useBehavioralTargeting=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
136.243.169.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
3-beer.funcadr.net
Software
nginx /
Resource Hash
2d008cbfa0ae1eb4c9c4a6de0dce9286b020385079470a0033c10608b42e7902

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 07 Nov 2019 15:38:44 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR NID CUR OUR NOR"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript; charset=UTF-8
/
adsearch.adkontekst.pl/_/both/ 		456 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adsearch.adkontekst.pl/_/both/?prefix=akon&namespace=qa_akon&nc=0&browser=safari&dispatched=false&adblock=false
Requested by
Host: adsearch.adkontekst.pl
URL: https://adsearch.adkontekst.pl/_/ads2/?strict=true&QAPS_AKPL=0777479e274c03f3865ef57852a7c607&dispatched=true&useBehavioralTargeting=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
136.243.169.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
3-beer.funcadr.net
Software
nginx /
Resource Hash
2d371f1faf0fef76cd65baed6638a15805d5c5fad56a807f35acfe117ca43f77

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Date
Thu, 07 Nov 2019 15:38:44 GMT
Content-Encoding
gzip
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=UTF-8
/
adsearch.adkontekst.pl/quad/spliter/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adsearch.adkontekst.pl/quad/spliter/?prid=944&caid=103713&nc=1573141124920&cc=3&form=507626:3:Q1:R1:G1:S1:V1:A3;&content=_512+facebooka+_256+znasz+znajomymi+zaloguj+zaczac+witamy+udostepniac+rzeczy+rozne+rodzina+ludzmi+laczyc&qnr=0&without=&extra=&w=160&h=600&qss=true&flash=false&iid=-97067353507560&prefix=akon&namespace=qa_akon&type=2&dispatched=true&useBehavioralTargeting=true&ref=http%3A%2F%2Fporwaniedziewczynki48.eu%2Fweryfikacja%2Fmobile%2F
Requested by
Host: adsearch.adkontekst.pl
URL: https://adsearch.adkontekst.pl/_/ads2/?strict=true&QAPS_AKPL=0777479e274c03f3865ef57852a7c607&dispatched=true&useBehavioralTargeting=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
136.243.169.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
3-beer.funcadr.net
Software
nginx /
Resource Hash
44aeac4a58cc5b7ac15fe952035b5b820b7bf0ce3d3947999dc5213281353bfa

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://porwaniedziewczynki48.eu/weryfikacja/mobile/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 07 Nov 2019 15:38:44 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR NID CUR OUR NOR"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| __updateOrientation function| getInternetExplorerVersion number| ver number| deszczowcepl_rand boolean| deszczowcepl_ad boolean| deszczowcepl_attempt function| addBehavioralParam function| onAfterAgreements object| requiredAgreements function| executeEmiter object| ns_vda object| adElement string| objectName object| 0777479e274c03f3865ef57852a7c607O2842b201 boolean| 0777479e274c03f3865ef57852a7c607 object| ns_global_vars object| qa_akon object| __gwt_activeModules object| gummiTarget

12 Cookies

Domain/Path Name / Value
api.spoldzielnia.nsaudience.pl/ Name: google_capping
Value: 1573141122707
api.spoldzielnia.nsaudience.pl/ Name: uid
Value: mi16e46848e497bed481996169cc3
.em.nscontext.eu/ Name: uid
Value: mi16e46848e497bed481996169cc3
.licznikodwiedzin.pl/ Name: _ga
Value: GA1.2.1991521829.1573141123
cm.em.nscontext.eu/ Name: ec
Value: ec
.em.nscontext.eu/ Name: tmp1573141122633Z501999176
Value: mi16e46848e497bed481996169cc3
www.licznikodwiedzin.pl/ Name: daily_157910342
Value: 1
api.spoldzielnia.nsaudience.pl/ Name: ut
Value: 1573141122640
.em.nscontext.eu/ Name: volatileUid
Value: mi16e46848e497bed481996169cc3
.licznikodwiedzin.pl/ Name: _gid
Value: GA1.2.1485947682.1573141123
.em.nscontext.eu/ Name: tmp1573141122629Z542642727
Value: mi16e46848e453f9d9037db1f7335
.licznikodwiedzin.pl/ Name: _gat_gtag_UA_603609_35
Value: 1

4 Console Messages

Source Level URL
Text
console-api log URL: https://prd-header-biding.vda.netsprint.pl/units/0777479e274c03f3865ef57852a7c607?mobile=false&cpmValue=0.17&adTagId=QAPS_AKPL_0777479e274c03f3865ef57852a7c607&cpmCurrency=PLN&nsEmiterSource=AK&nsEmiterPlacementEmissionUrl=https%3A%2F%2Fadsearch.adkontekst.pl%2F_%2Fads2%2F%3Fstrict%3Dtrue%26QAPS_AKPL%3D0777479e274c03f3865ef57852a7c607%26dispatched%3Dtrue%26useBehavioralTargeting%3Dtrue&gdprEnable=false(Line 1)
Message:
emCpm: 0.17
console-api log URL: https://prd-header-biding.vda.netsprint.pl/units/0777479e274c03f3865ef57852a7c607?mobile=false&cpmValue=0.17&adTagId=QAPS_AKPL_0777479e274c03f3865ef57852a7c607&cpmCurrency=PLN&nsEmiterSource=AK&nsEmiterPlacementEmissionUrl=https%3A%2F%2Fadsearch.adkontekst.pl%2F_%2Fads2%2F%3Fstrict%3Dtrue%26QAPS_AKPL%3D0777479e274c03f3865ef57852a7c607%26dispatched%3Dtrue%26useBehavioralTargeting%3Dtrue&gdprEnable=false(Line 1)
Message:
currency: PLN
console-api log URL: https://prd-header-biding.vda.netsprint.pl/units/0777479e274c03f3865ef57852a7c607?mobile=false&cpmValue=0.17&adTagId=QAPS_AKPL_0777479e274c03f3865ef57852a7c607&cpmCurrency=PLN&nsEmiterSource=AK&nsEmiterPlacementEmissionUrl=https%3A%2F%2Fadsearch.adkontekst.pl%2F_%2Fads2%2F%3Fstrict%3Dtrue%26QAPS_AKPL%3D0777479e274c03f3865ef57852a7c607%26dispatched%3Dtrue%26useBehavioralTargeting%3Dtrue&gdprEnable=false(Line 1)
Message:
executing emiter
console-api log URL: https://prd-header-biding.vda.netsprint.pl/units/0777479e274c03f3865ef57852a7c607?mobile=false&cpmValue=0.17&adTagId=QAPS_AKPL_0777479e274c03f3865ef57852a7c607&cpmCurrency=PLN&nsEmiterSource=AK&nsEmiterPlacementEmissionUrl=https%3A%2F%2Fadsearch.adkontekst.pl%2F_%2Fads2%2F%3Fstrict%3Dtrue%26QAPS_AKPL%3D0777479e274c03f3865ef57852a7c607%26dispatched%3Dtrue%26useBehavioralTargeting%3Dtrue&gdprEnable=false(Line 1)
Message:
[object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adsearch.adkontekst.pl
api.spoldzielnia.nsaudience.pl
cm.em.nscontext.eu
gdpr.api.dmp.nsaudience.pl
ib.adnxs.com
mis.em.nscontext.eu
porwaniedziewczynki48.eu
prd-dib-logger-service.vda.netsprint.pl
prd-header-biding.vda.netsprint.pl
www.deszczowce.pl
www.licznikodwiedzin.pl
136.243.169.30
138.201.137.155
138.201.139.207
138.201.161.134
138.201.227.223
138.201.71.157
37.252.173.62
46.242.232.83
89.161.254.183
038f95f1b5770bd0f9a3e0b63fd15aefc33f15194ee9aabbea57aea9c48b0010
06c320a96c77c16024d7962ab108ea51c5ef54f69047238979ec5bab73c96069
178dfd5480684c29dd44f95029bc06346172e439154e8f48eae3104404dcffd8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2d008cbfa0ae1eb4c9c4a6de0dce9286b020385079470a0033c10608b42e7902
2d371f1faf0fef76cd65baed6638a15805d5c5fad56a807f35acfe117ca43f77
44aeac4a58cc5b7ac15fe952035b5b820b7bf0ce3d3947999dc5213281353bfa
48660be52c0b2dbbabc71f51863a28341d3ca0f1b11bfd131e1aceef6aedbaf9
54f102d1d1b4bd8c53e8284c699634f98ff0470723a7053fbb80cff9a8ec0ac5
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5b795bdf7c24fe02623b68b85c8549449b382c3640bccc878eac24ef85d281e6
86d37d15e6fec711dec2cc55422fed6acea9cbe128df584c76442b25699e6ddb
c5d15cbcc683069c646ec02c46e679d52e522fb54177e9ad6c2fc218d7983b7e
fb1bddda0518b2b9969441cdbdae6404ad3916fa51999581b0099645c35b5758
fdb2a37bb58c93c40b76b372766fb3bea6c78e1141fc92afc886e99459c6d15d