urlscan.io logo urlscan.io
SecurityTrails logo

www.win-free.click Open in urlscan Pro
2600:9000:23cb:5800:6:3c57:8b00:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://track.thirdtimer.com/6d95804d-3278-4ac7-9d0e-6ea8e9acc001
Effective URL: https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izzn...
Submission: On February 19 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2600:9000:23cb:5800:6:3c57:8b00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.win-free.click.
TLS certificate: Issued by Amazon RSA 2048 M03 on January 2nd 2024. Valid for: a year.
This is the only time www.win-free.click was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.197.25.83 14618 (AMAZON-AES)
5 2600:9000:23c... 16509 (AMAZON-02)
1 216.104.36.156 32475 (SINGLEHOP...)
6 2
Domain Requested by
5 www.win-free.click www.win-free.click
1 jump.purplemonkey.click www.win-free.click
1 track.thirdtimer.com 1 redirects
6 3

This site contains links to these domains. Also see Links.

Domain
track.thirdtimer.com
Subject Issuer Validity Valid
win-free.click
Amazon RSA 2048 M03		 2024-01-02 -
2025-01-30		 a year crt.sh
jump.purplemonkey.click
R3		 2024-02-01 -
2024-05-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnOcrTQsRn2mR5yrZocM45Ot6teWOCKJvje08XL2rrunyg60fp6dKZjyzlmUEPvHX4qOKmJfaAOvbvO8rZDKWBy4fdKWppd2JPoJyRfhDK6wky8MxJ52UUo-w6SKsojS1EUMTa5IIauL1pvea8aJQ_Niv6Lkfa-TAWn_-T-RA7R9MjbcTRCw3B-mXsUoopdm81B4l6vR2ifgB678xJw_g7DUTq41VaXNRtcX_EAHcZaux12EPBPu44Cy-W7qFk2YsrBowgF-tA&lptoken=17e5084338d255c4653a
Frame ID: 1867B5632F410868BBAFA1EF0EC2BD47
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Win a Samsung S22

Page URL History Show full URLs

  1. http://track.thirdtimer.com/6d95804d-3278-4ac7-9d0e-6ea8e9acc001 HTTP 302
    https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmb... Page URL

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

1452 kB
Transfer

1453 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://track.thirdtimer.com/6d95804d-3278-4ac7-9d0e-6ea8e9acc001 HTTP 302
    https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnOcrTQsRn2mR5yrZocM45Ot6teWOCKJvje08XL2rrunyg60fp6dKZjyzlmUEPvHX4qOKmJfaAOvbvO8rZDKWBy4fdKWppd2JPoJyRfhDK6wky8MxJ52UUo-w6SKsojS1EUMTa5IIauL1pvea8aJQ_Niv6Lkfa-TAWn_-T-RA7R9MjbcTRCw3B-mXsUoopdm81B4l6vR2ifgB678xJw_g7DUTq41VaXNRtcX_EAHcZaux12EPBPu44Cy-W7qFk2YsrBowgF-tA&lptoken=17e5084338d255c4653a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index1.html
www.win-free.click/survey/S22/
Redirect Chain
  • http://track.thirdtimer.com/6d95804d-3278-4ac7-9d0e-6ea8e9acc001
  • https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnO...
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnOcrTQsRn2mR5yrZocM45Ot6teWOCKJvje08XL2rrunyg60fp6dKZjyzlmUEPvHX4qOKmJfaAOvbvO8rZDKWBy4fdKWppd2JPoJyRfhDK6wky8MxJ52UUo-w6SKsojS1EUMTa5IIauL1pvea8aJQ_Niv6Lkfa-TAWn_-T-RA7R9MjbcTRCw3B-mXsUoopdm81B4l6vR2ifgB678xJw_g7DUTq41VaXNRtcX_EAHcZaux12EPBPu44Cy-W7qFk2YsrBowgF-tA&lptoken=17e5084338d255c4653a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:5800:6:3c57:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
694661560314a2aa261dddb11b39c159f01ef049be57e0a5cabb16b4b3a64989

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
content-encoding
br
content-type
text/html
date
Mon, 19 Feb 2024 23:02:46 GMT
etag
W/"81dfff255f29d0c83c09e3b7b1fb427d"
last-modified
Tue, 02 Jan 2024 23:59:10 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
x-amz-cf-id
pyyyNddRF2xL1g9Rr6AAsBDxwK2iC_suVfDSpWEizyvuYUX0J2BNdA==
x-amz-cf-pop
JFK50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront

Redirect headers

Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
keep-alive
Content-Length
0
Date
Mon, 19 Feb 2024 23:02:45 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnOcrTQsRn2mR5yrZocM45Ot6teWOCKJvje08XL2rrunyg60fp6dKZjyzlmUEPvHX4qOKmJfaAOvbvO8rZDKWBy4fdKWppd2JPoJyRfhDK6wky8MxJ52UUo-w6SKsojS1EUMTa5IIauL1pvea8aJQ_Niv6Lkfa-TAWn_-T-RA7R9MjbcTRCw3B-mXsUoopdm81B4l6vR2ifgB678xJw_g7DUTq41VaXNRtcX_EAHcZaux12EPBPu44Cy-W7qFk2YsrBowgF-tA&lptoken=17e5084338d255c4653a
Pragma
no-cache
Server
nginx
style.css
www.win-free.click/survey/S22/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.win-free.click/survey/S22/style.css
Requested by
Host: www.win-free.click
URL: https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnOcrTQsRn2mR5yrZocM45Ot6teWOCKJvje08XL2rrunyg60fp6dKZjyzlmUEPvHX4qOKmJfaAOvbvO8rZDKWBy4fdKWppd2JPoJyRfhDK6wky8MxJ52UUo-w6SKsojS1EUMTa5IIauL1pvea8aJQ_Niv6Lkfa-TAWn_-T-RA7R9MjbcTRCw3B-mXsUoopdm81B4l6vR2ifgB678xJw_g7DUTq41VaXNRtcX_EAHcZaux12EPBPu44Cy-W7qFk2YsrBowgF-tA&lptoken=17e5084338d255c4653a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:5800:6:3c57:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a711d3159f321958c0fce8826b55e7a911435fe6a4baa1cb2ce5849d994f89f8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnOcrTQsRn2mR5yrZocM45Ot6teWOCKJvje08XL2rrunyg60fp6dKZjyzlmUEPvHX4qOKmJfaAOvbvO8rZDKWBy4fdKWppd2JPoJyRfhDK6wky8MxJ52UUo-w6SKsojS1EUMTa5IIauL1pvea8aJQ_Niv6Lkfa-TAWn_-T-RA7R9MjbcTRCw3B-mXsUoopdm81B4l6vR2ifgB678xJw_g7DUTq41VaXNRtcX_EAHcZaux12EPBPu44Cy-W7qFk2YsrBowgF-tA&lptoken=17e5084338d255c4653a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 04:19:43 GMT
content-encoding
br
via
1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
last-modified
Tue, 02 Jan 2024 23:59:11 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P1
age
67382
etag
W/"5e1f5f4c96dc20f233a6ef9d8cc271ff"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
2Y3G36QpcbpWuAmz7dD4mBz4e2rNKgs82_oIERZubCxFtSqJ70henA==
pub.min.js
jump.purplemonkey.click/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jump.purplemonkey.click/js/pub.min.js
Requested by
Host: www.win-free.click
URL: https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnOcrTQsRn2mR5yrZocM45Ot6teWOCKJvje08XL2rrunyg60fp6dKZjyzlmUEPvHX4qOKmJfaAOvbvO8rZDKWBy4fdKWppd2JPoJyRfhDK6wky8MxJ52UUo-w6SKsojS1EUMTa5IIauL1pvea8aJQ_Niv6Lkfa-TAWn_-T-RA7R9MjbcTRCw3B-mXsUoopdm81B4l6vR2ifgB678xJw_g7DUTq41VaXNRtcX_EAHcZaux12EPBPu44Cy-W7qFk2YsrBowgF-tA&lptoken=17e5084338d255c4653a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.104.36.156 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
99f43e50f4179af4ebf4c93668866d5a5607914fa0a5daa087354c3159d3fa03
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.win-free.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 23:02:45 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Fri, 11 Aug 2023 10:37:03 GMT
server
nginx
etag
"64d60f4f-5ca"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
alt-svc
h3=":443"; ma=604800; persist=1
content-length
1482
expires
Tue, 20 Feb 2024 23:02:45 GMT
c02173e7e4e2e6e95265f3f52dba5132a5a6e151.webp
www.win-free.click/survey/S22/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.win-free.click/survey/S22/c02173e7e4e2e6e95265f3f52dba5132a5a6e151.webp
Requested by
Host: www.win-free.click
URL: https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnOcrTQsRn2mR5yrZocM45Ot6teWOCKJvje08XL2rrunyg60fp6dKZjyzlmUEPvHX4qOKmJfaAOvbvO8rZDKWBy4fdKWppd2JPoJyRfhDK6wky8MxJ52UUo-w6SKsojS1EUMTa5IIauL1pvea8aJQ_Niv6Lkfa-TAWn_-T-RA7R9MjbcTRCw3B-mXsUoopdm81B4l6vR2ifgB678xJw_g7DUTq41VaXNRtcX_EAHcZaux12EPBPu44Cy-W7qFk2YsrBowgF-tA&lptoken=17e5084338d255c4653a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:5800:6:3c57:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ede8122e4d21dd9815e41c1b119febc24c747d29beb042fa12002a20ac7c7ac5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.win-free.click/survey/S22/index1.html?cep=xZMVpiHQSkDvUhn6c17pz96EVFm5dqhxKthFp21woNqZLFzmbbToVZJp7NvccdWE8izznxgnyZ9xmfnLY6fjGCkhh8nXNH1B1ykR8DgP0ccf8V6wESImjO_ejsgl2-zoWiOxHpvMm_aLPnOcrTQsRn2mR5yrZocM45Ot6teWOCKJvje08XL2rrunyg60fp6dKZjyzlmUEPvHX4qOKmJfaAOvbvO8rZDKWBy4fdKWppd2JPoJyRfhDK6wky8MxJ52UUo-w6SKsojS1EUMTa5IIauL1pvea8aJQ_Niv6Lkfa-TAWn_-T-RA7R9MjbcTRCw3B-mXsUoopdm81B4l6vR2ifgB678xJw_g7DUTq41VaXNRtcX_EAHcZaux12EPBPu44Cy-W7qFk2YsrBowgF-tA&lptoken=17e5084338d255c4653a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 04:19:43 GMT
via
1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
last-modified
Tue, 02 Jan 2024 23:59:09 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P1
age
67382
etag
"5b891cb7be688582b3dba29f40bee5ab"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/webp
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
1423436
x-amz-cf-id
2twdlgqtNWCMAGREMnUi5cFvSiG6C1uQvcj2oK-_MJQ-CryJSGhoaw==
1d936c9181a86fc7d77dc67ad3a3f2d194557253.png
www.win-free.click/survey/S22/ 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.win-free.click/survey/S22/1d936c9181a86fc7d77dc67ad3a3f2d194557253.png
Requested by
Host: www.win-free.click
URL: https://www.win-free.click/survey/S22/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:23cb:5800:6:3c57:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
52e9e7f992721ed81bdb6146fe578eb67437eeb378d7c87a46928996ff219b1c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.win-free.click/survey/S22/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 16:17:38 GMT
via
1.1 f577ca8c3771798c088df2efc06d2bc4.cloudfront.net (CloudFront)
last-modified
Tue, 02 Jan 2024 23:59:03 GMT
server
AmazonS3
age
24308
x-amz-cf-pop
JFK50-P1
etag
"a66a7278909b71cde6a87ae400e2de8b"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
47495
x-amz-cf-id
onEa8ueyjrPB4vrzhvda2-313Mi8L0KNLQVQn4k67C9leeDSZ0d08w==
2ef289afa287fa1e905a9eb520974fb963c1fe98.png
www.win-free.click/survey/S22/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.win-free.click/survey/S22/2ef289afa287fa1e905a9eb520974fb963c1fe98.png
Requested by
Host: www.win-free.click
URL: https://www.win-free.click/survey/S22/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:23cb:5800:6:3c57:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca9a2744b49c225c39ddd78239e2b4e1703f2f8ee03d6bc22a9f53532ac94046

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.win-free.click/survey/S22/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 04:19:44 GMT
via
1.1 f577ca8c3771798c088df2efc06d2bc4.cloudfront.net (CloudFront)
last-modified
Tue, 02 Jan 2024 23:59:04 GMT
server
AmazonS3
age
67382
x-amz-cf-pop
JFK50-P1
etag
"bec6b8eab9d6e094df42a0e1b8230994"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
8660
x-amz-cf-id
Ezr0e34ZOhShG2vYieqkD7oLUKC_2vi1bdMHA6c_gI_8EwoIM0voiQ==

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| pm_pid

2 Cookies

Domain/Path Name / Value
.track.thirdtimer.com/ Name: 6d95804d-3278-4ac7-9d0e-6ea8e9acc001-v4
Value: 8LMsk1_QDdIN3eQxYDQSzxT11ahXChxgRd9xEqhixko
.track.thirdtimer.com/ Name: cep-v4
Value: ZPVXMupSZJhEEJICU26jXUDeAV0sa1Al_hziJCn2IKrJcWy1ZFjZ_EDsvB5hMCEIOF5NAn-D8wQw6yLQEGpbvSx77ku5IwY89gY9aAVw2jnPE3Mjbp6SzKZY9bFFbLVqYQ7KrWkt2E5QczlHsXCrlJ43EjC669MoLiR9vIUdjqXmpSUHl7l3Rjipcw0e2csUDzn_hTLTLYp7GWOObqE2mHPeYK4OS4TaF6l0HlNI1dVrc6kKvHH_LZmouc0a185qcNXmOsbv34l9NdZAneyx1YtgHhk7adwUmT4jHbfd5uj3Px1woO4quWWZu2M-9xIwBglSbk9KzjhDch5wvP3WQStTeLgJhxVJWskZ0k8lsKWVlZCnMdU7BQsQptOVZSJWjYGGAyRme7h8VB7HJOb6wQ