app.didowsjet.tk - urlscan.io

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3032::ac43:c080, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.didowsjet.tk.

This is the only time app.didowsjet.tk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3032::ac43:c080	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81f::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:806::2016	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:78::84 2a04:4e42:78::84	54113 (FASTLY) (FASTLY)
1	2600:141b:13:... 2600:141b:13::172f:91e0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	185.41.71.35 185.41.71.35	50840 (AS-HITME) (AS-HITME)
1	3.216.42.155 3.216.42.155	14618 (AMAZON-AES) (AMAZON-AES)
7	7

1 2606:4700:3032::ac43:c080 (United States)

ASN13335 (CLOUDFLARENET, US)

app.didowsjet.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:806::2016 (Nutley, United States)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:78::84 (United States)

ASN54113 (FASTLY, US)

i.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::172f:91e0 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

img.tatacliq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.41.71.35 (Poland)

ASN50840 (AS-HITME, PL)
PTR: dapro1662.serwervps.pl

forexclub.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.216.42.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-42-155.compute-1.amazonaws.com

brokernotes.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	brokernotes.co brokernotes.co
1	forexclub.pl forexclub.pl	145 KB
1	tatacliq.com img.tatacliq.com	200 KB
1	pinimg.com i.pinimg.com — Cisco Umbrella Rank: 1658	102 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 82	26 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	1 KB
1	didowsjet.tk app.didowsjet.tk	20 KB
7	7

	Domain	Requested by
1	brokernotes.co	app.didowsjet.tk
1	forexclub.pl	app.didowsjet.tk
1	img.tatacliq.com	app.didowsjet.tk
1	i.pinimg.com	app.didowsjet.tk
1	i.ytimg.com	app.didowsjet.tk
1	fonts.googleapis.com	app.didowsjet.tk
1	app.didowsjet.tk
7	7

This site contains no links.

Subject Issuer	Validity	Valid
edgestatic.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-28` - `2023-08-08`	a year	crt.sh
*.tatacliq.com Go Daddy Secure Certificate Authority - G2	`2021-12-06` - `2023-01-04`	a year	crt.sh
*.forexclub.pl R3	`2022-11-17` - `2023-02-15`	3 months	crt.sh
brokernotes.co R3	`2022-10-19` - `2023-01-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://app.didowsjet.tk/
Frame ID: D57AA6537AB1715260D97836DD2EB786
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

JDS UNIPHASE CANADA LTD(NDA)

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

7
Requests

71 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

7
IPs

2
Countries

495 kB
Transfer

547 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
app.didowsjet.tk/ 54 KB
20 KB 866ms
233ms Document
text/html 2606:4700:3032::ac43:c080
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://app.didowsjet.tk/
Protocol: HTTP/1.1
Server: 2606:4700:3032::ac43:c080 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4da4d625a050af67289a8d1fbbf59bc05ba29e7f30b1b645c4fb71dbcc8b3a05

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 779ed92e2e8732d0-EWR
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 15 Dec 2022 11:30:38 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qjin%2Bs%2Fr7DSrOY6Y%2B4yGhd65jKDsoaSY5ss4vO7rwUjr26W%2BIeeAix8Jgndi0AYmYEphfsvU6bYO%2B%2FIaJV0CvHKja763y%2FwABt0bCzwTRR7YCeN356JNJVsqDyV2zL0DBkxMbVhK3IYaXkZ%2FUDcz"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK css
fonts.googleapis.com/ 14 KB
1 KB 29ms
21ms Stylesheet
text/css 2607:f8b0:4006:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Poppins%3A300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i&subset=latin%2Clatin-ext

Requested by

Host: app.didowsjet.tk
URL: http://app.didowsjet.tk/

Protocol

HTTP/1.1

Server

2607:f8b0:4006:81f::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

07c975e952939c40265df65d8c0fade070412c453fde3fe97d4164ef213fbb1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://app.didowsjet.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 15 Dec 2022 11:30:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Thu, 15 Dec 2022 11:30:38 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 15 Dec 2022 11:30:38 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/orT2Jg4K_fM/ 26 KB
26 KB 148ms
123ms Image
image/jpeg 2607:f8b0:4006:806::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/orT2Jg4K_fM/hqdefault.jpg?sqp=-oaymwEXCOADEI4CSFryq4qpAwkIARUAAIhCGAE=&rs=AOn4CLDJ1mujnj6xyShngK8j4-nsLi3inQ

Requested by

Host: app.didowsjet.tk
URL: http://app.didowsjet.tk/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:806::2016 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49a746d80656fc8d74f66a6f74fbc512f029219507b71c92b8c92edb4b4a4e27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://app.didowsjet.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 15 Dec 2022 11:30:38 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26501
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 15 Dec 2022 13:30:38 GMT

GET
H2 200 726e67e3faeb12e8e58685f3b3114e2f.jpg
i.pinimg.com/originals/72/6e/67/ 102 KB
102 KB 48ms
12ms Image
image/jpeg 2a04:4e42:78::84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.pinimg.com/originals/72/6e/67/726e67e3faeb12e8e58685f3b3114e2f.jpg
Requested by: Host: app.didowsjet.tk
URL: http://app.didowsjet.tk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:78::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 70a4f2112ae46b7a306e472ab2045405dc77d1b153cc30d67dc21eb92a31b240

Request headers

accept-language: en-US,en;q=0.9
Referer: http://app.didowsjet.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 15 Dec 2022 11:30:38 GMT
x-cdn: fastly
etag: "624932ad6d1c3e7d5fc0dfcaab0f69c3"
vary: Origin
content-type: image/jpeg
cache-control: max-age=31536000, immutable
accept-ranges: bytes
alt-svc: h3=":443";ma=600,h3-29=":443";ma=600,h3-27=":443";ma=600
content-length: 104080

GET
H2 200 MP000000008020384_1348Wx2000H_202010260633151.jpeg
img.tatacliq.com/images/i7/1348Wx2000H/ 207 KB
200 KB 391ms
280ms Image
image/jpeg 2600:141b:13::172f:91e0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tatacliq.com/images/i7/1348Wx2000H/MP000000008020384_1348Wx2000H_202010260633151.jpeg

Requested by

Host: app.didowsjet.tk
URL: http://app.didowsjet.tk/

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::172f:91e0 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

2002ce5fc3f4bcdf0c7917484fcb19536be531431113849ae45d0be3dd1e6bc1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.tatacliq.com;
X-Frame-Options	ALLOW-FROM https://*.tatacliq.com/

Request headers

accept-language: en-US,en;q=0.9
Referer: http://app.didowsjet.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://*.tatacliq.com;
content-encoding: gzip
date: Thu, 15 Dec 2022 11:30:39 GMT
last-modified: Sun, 25 Oct 2020 01:03:15 GMT
server: Apache
x-frame-options: ALLOW-FROM https://*.tatacliq.com/
access-control-allow-methods: GET, POST
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=2591946
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding
expires: Sat, 14 Jan 2023 11:29:45 GMT

GET
H2 200 vps-forex.jpg
forexclub.pl/wp-content/uploads/2017/03/ 145 KB
145 KB 1006ms
240ms Image
image/jpeg 185.41.71.35
AS-HITME

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://forexclub.pl/wp-content/uploads/2017/03/vps-forex.jpg?v=1595739118
Requested by: Host: app.didowsjet.tk
URL: http://app.didowsjet.tk/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.41.71.35 , Poland, ASN50840 (AS-HITME, PL),
Reverse DNS: dapro1662.serwervps.pl
Software: nginx /
Resource Hash: 3dcf101980f8ca0bf88118c61d2e3afe439757a8236c1c56d2f13e9bca5969cc

Request headers

accept-language: en-US,en;q=0.9
Referer: http://app.didowsjet.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 15 Dec 2022 11:30:39 GMT
last-modified: Sun, 26 Jul 2020 04:51:58 GMT
server: nginx
etag: "5f1d0bee-2423e"
content-type: image/jpeg
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 148030
expires: max-age=A10368000, public

GET
H2 404 rdp-file.jpg
brokernotes.co/wp-content/uploads/2016/09/ 0
0 217ms
10ms Image
text/html 3.216.42.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://brokernotes.co/wp-content/uploads/2016/09/rdp-file.jpg
Requested by: Host: app.didowsjet.tk
URL: http://app.didowsjet.tk/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.216.42.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-216-42-155.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: http://app.didowsjet.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			app.didowsjet.tk/	1969-12-31 23:59:59	Name: ch1c Value: b

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://brokernotes.co/wp-content/uploads/2016/09/rdp-file.jpg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.didowsjet.tk
brokernotes.co
fonts.googleapis.com
forexclub.pl
i.pinimg.com
i.ytimg.com
img.tatacliq.com
185.41.71.35
2600:141b:13::172f:91e0
2606:4700:3032::ac43:c080
2607:f8b0:4006:806::2016
2607:f8b0:4006:81f::200a
2a04:4e42:78::84
3.216.42.155
07c975e952939c40265df65d8c0fade070412c453fde3fe97d4164ef213fbb1a
2002ce5fc3f4bcdf0c7917484fcb19536be531431113849ae45d0be3dd1e6bc1
3dcf101980f8ca0bf88118c61d2e3afe439757a8236c1c56d2f13e9bca5969cc
49a746d80656fc8d74f66a6f74fbc512f029219507b71c92b8c92edb4b4a4e27
4da4d625a050af67289a8d1fbbf59bc05ba29e7f30b1b645c4fb71dbcc8b3a05
70a4f2112ae46b7a306e472ab2045405dc77d1b153cc30d67dc21eb92a31b240
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

app.didowsjet.tk Open in urlscan Pro 2606:4700:3032::ac43:c080 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

71 %HTTPS

71 %IPv6

7 Domains

7 Subdomains

7 IPs

2 Countries

495 kBTransfer

547 kBSize

1 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

app.didowsjet.tk Open in urlscan Pro
2606:4700:3032::ac43:c080 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

7
IPs

2
Countries

495 kB
Transfer

547 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions