balance.vanlliagfitportals.net Open in urlscan Pro
2606:4700:3035::6815:12d0 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://wickes.us/
Effective URL:
https://balance.vanlliagfitportals.net/bad.php
Submission Tags: phishingrod
Submission: On September 04 via api (September 4th 2023, 3:25:45 pm UTC) from DE — Scanned from US

Summary HTTP 35 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 35 HTTP transactions. The main IP is 2606:4700:3035::6815:12d0, located in United States and belongs to CLOUDFLARENET, US. The main domain is balance.vanlliagfitportals.net.
TLS certificate: Issued by GTS CA 1P5 on July 25th 2023. Valid for: 3 months.

This is the only time balance.vanlliagfitportals.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	204.152.214.28 204.152.214.28	8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
1 2	192.99.158.241 192.99.158.241	16276 (OVH) (OVH)
1 2	52.117.247.211 52.117.247.211	36351 (SOFTLAYER) (SOFTLAYER)
1	52.116.53.146 52.116.53.146	36351 (SOFTLAYER) (SOFTLAYER)
1 1	2606:4700:303... 2606:4700:3032::ac43:cfe6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 15	2606:4700:303... 2606:4700:3035::6815:12d0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
35	6

1 204.152.214.28 (Los Angeles, United States) 1 redirects

ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 204.152.214.28.static.rivalserver.com

wickes.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.99.158.241 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ip241.ip-192-99-158.net

dnavexch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.117.247.211 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: d3.f7.7534.ip4.static.sl-reverse.com

myckdom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p274639.myckdom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.116.53.146 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 92.35.7434.ip4.static.sl-reverse.com

clkdeals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:cfe6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

myimaginarymgmtcenter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:3035::6815:12d0 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

balance.vanlliagfitportals.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	vanlliagfitportals.net 2 redirects balance.vanlliagfitportals.net	211 KB
3	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1033	48 KB
2	myckdom.com 1 redirects myckdom.com — Cisco Umbrella Rank: 126935 p274639.myckdom.com	2 KB
2	dnavexch.com 1 redirects dnavexch.com — Cisco Umbrella Rank: 516389	8 KB
1	myimaginarymgmtcenter.com 1 redirects myimaginarymgmtcenter.com	475 B
1	clkdeals.com clkdeals.com — Cisco Umbrella Rank: 227803	197 B
1	wickes.us 1 redirects wickes.us	601 B
35	7

	Domain	Requested by
15	balance.vanlliagfitportals.net	2 redirects p274639.myckdom.com balance.vanlliagfitportals.net
3	maxcdn.bootstrapcdn.com	balance.vanlliagfitportals.net maxcdn.bootstrapcdn.com
2	dnavexch.com	1 redirects
1	myimaginarymgmtcenter.com	1 redirects
1	clkdeals.com	p274639.myckdom.com
1	p274639.myckdom.com
1	myckdom.com	1 redirects
1	wickes.us	1 redirects
35	8

This site contains no links.

Subject Issuer	Validity	Valid
*.myckdom.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-03-20`	a year	crt.sh
www.clkdeals.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-07` - `2023-12-29`	a year	crt.sh
vanlliagfitportals.net GTS CA 1P5	`2023-07-25` - `2023-10-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://balance.vanlliagfitportals.net/bad.php
Frame ID: 1E933BAEEA53365995DE9C4D842BC2AC
Requests: 33 HTTP requests in this frame

Frame: https://balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/3e377faf/main.js
Frame ID: 07C67F3748E24F0E2DAF99BF891F1E0B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MyGift Visa Gift Card

Page URL History Show full URLs

http://wickes.us/ HTTP 302
http://dnavexch.com/click?data=d2tPQm1DaGxzSTVNeHRzbHJYOHlwTGxOZzJKdXdDaWtLS3hla0d6N251T05ET0hCa... Page URL
http://dnavexch.com/Redirect/ HTTP 302
https://myckdom.com/aS/feedclick?s=R40UBoveGXfR8bvtrRSPgbYUp7aBBDBgXQaiCg3BLRuzbOwltOcHjH5XPU-DA... HTTP 302
https://p274639.myckdom.com/adServe/domainClick?ai=8t_YSst-khR5fJD9dE4XGpD1bEyEOireHMBkS1RnhihgdcxMTC_77... Page URL
https://myimaginarymgmtcenter.com/?click=90664220718&source=446919085&sub=SAPF&v=0.11 HTTP 302
https://balance.vanlliagfitportals.net/?c=90664220718 HTTP 302
https://balance.vanlliagfitportals.net/bad.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

35
Requests

49 %
HTTPS

43 %
IPv6

7
Domains

8
Subdomains

6
IPs

2
Countries

264 kB
Transfer

1394 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://wickes.us/ HTTP 302
http://dnavexch.com/click?data=d2tPQm1DaGxzSTVNeHRzbHJYOHlwTGxOZzJKdXdDaWtLS3hla0d6N251T05ET0hCalFBWE1Gd0x5b2FUMU5aY3RJVzlQcm85YV9CaVZGU20xbGRTY25mbUJTR3hxQmgtNG9mOFNBOWsyVUpxNEZRdEtMZm02RzVPRnYzQ2s1cGFSdkVUeW0wR2FKcWlqRFdIUjFqVTN3Mg2&id=e36c7416-4d0e-42ad-b573-084bec5cc2f7 Page URL
http://dnavexch.com/Redirect/ HTTP 302
https://myckdom.com/aS/feedclick?s=R40UBoveGXfR8bvtrRSPgbYUp7aBBDBgXQaiCg3BLRuzbOwltOcHjH5XPU-DAmA9J-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZg570qmhSob9iTdYYEA44WYlJzChtcb99a-hz6nOf0-V35hDWF21szTZekRk7AUpJuEGLaVG8NJmXLnDLd-tFcTIqHaxObetc1oLHZ067gnxnYZCHtpBYsO9hbL7uLV8VifrnAUOX9vHUDnqOdlPSYYfx8qhHZNizFyjAY-SFzjWVJJrKhmG1AHkWeoweiN2I86mw93xwXGOxmnhCizDL4v75zb8pgHrGBVeJV_vVmQQ1VWLs-U1gUz2FnK9PqGSLi9SpgzgKkQTsef7fzHHdRa5UUp4xCf6N2NNwXXZwCrb2LQ9-9GMjKz9MiubikoGNvdKsnciD6ByxnxVvRgqnjJGidsvEf3NvUANtXWSmRDyHAEx6sAEIz_eGeJzRg8_DKJZKWOK5M2qGIcYZm3_Aj5kS1F1KH_mjJoDE0_Xwxubk96i1vmPVUu-uspMrEVJHq8Vsov6rfyackSgIn8kUJdQ3dJFgpOYNj1DLRvnqoJ4tN5gZQJWABvBRDlLnp4NADzCVPC8ASYnB5u8P53Brb9Bkm0dhI6peuOzWN-841DnhUPMMocDS0kfEgkbz625qQqeUAmDpg_94Rv-zrh8cBadWFBDk69nksVTw98xuUdVHOR9B7SxwSa6lfE691OBOvQ1LvBRnAbmG-z0HkKRMQ2PguehXBajeftIwLVTbcZQ7Jx0kiDBvZHVKP2XhSKvWPnWIbrAcGchKZnHCtlJqexDXqil5PlK-r488hILamtbJsKtuzMSWJCPyY4Dtb-qyTGNukGC32LBQcz4bFZki7Gr9A_2HcQiK9QgdCLp-dCNZDJnZtZiwvizTNCCi_1inEnXUALW7Bu6r_9Te8R0Ipw17I52regNsmERACmm9d1B5Zomt-_Cawpnl25oY5s9TgZH83wiszWH2fC7GrymtpLMLAgpVlA41L5lEoV7o-CaaQmxkqefc5gHd45zDgWjFeXinuDGa9GMyMNyo0Qi1fI1cU0aoJtZiZ6ZXaN8_B_rzdnHRAtpz56VpL3A1bp2all5L4XEv68ibNLUmC5GizgEZftNtarDOG5o1sPzZ5CspaVYc0hePltGWALpgIhy1p23oJKWJ2mxq6_Sa2eHiCA3T4aQC37hUuM14wm_OVfH07D0TqYmm2uA4uH5wie2wSIn7Sx5SfBZNebTgl_nuUUmCynmJfDT4j3B2CnVlgN9L4uXRkHWjRLFgoSIa4AEJbBcf1Iky73F1IKHiIA6NVtNIEgSmqr7IIQVSeP-wCxKsS890-YpJf08vjycbdhdKexv6YmKosVuimajhTIF7jxLuSjDtFy53-r3-7l8aOrPMKHdLshith1hHAVjOAvS2ICvd8mUcDxrEA2dpousmnSPUJ1nd8-AsLLSbfLg0klK1Q_k6X5lt03_8QzcMGvKRdHQNg9wAKTDWz_pI3_0G3iZJ7oUoyrlfmWpQ72bc4t3Hx47DhhZ146qPnfQWoodQ1iSnaG39La6iVkSlR8KVKDWV5tso2d63P3kquTyvbhVMU9I7aPk7NKCeAD1IvhNaP8sUppB90IhXvMYORdOEXp_FHNfEhKooIbr4ScI-uON36n1-VC-CuKifHwHvWXoIxb8tkShtl8myBJmW7EcHPTumAeTpY7x42mqi9EcDwDmFCjhA5kocz4dfzLroTowgOMWmM7434rpt1MTjmFH9Mw6FZBAh1-_Fi2L-4COsWdTlIP5ptT_pYkIAHi3_wSjrANX07v6saMijraNl66F-PxBHxjgTQUmKm1rBRjCyVvHMx_iV2-5clvq7x72QO64a5kdt2EOL0F1v6JB5VBpGExjPW1rx_nl-4bZU0iX4d_Vu20hZyueZ5BSzW6_A32gDSxA4FRjTqs0h6-yE-Gt6zcanF5juWxD4Xp46MNtPa4gZnk547BHwUzDffQpdJWdEh6Bm0-9Ux9pTjhgCC-_JLEamKPgsGH2jHE-E6NGOzsIOmP-fh2ZBo6zvEEyVHBW-IATk8IyXyLE7MRCw2iDeXmDoxRofkCVe3fluPd58CgwrURPy62_68L9E1DM5lwEqZds_BpipfYzzQ-16HIWXc8Fp9h11G3M0L_uTceS_ATcfo_kX-PMVITMauPDHliX8w6DFJBp_EKSjBEUucKa0S9bXXemDInDdxQpf-ylliHaNdMbkp-P1ahUaICvJ4cZdOKy-FrD9-eGhfFV3lnxMm2k5oVXiKpQrqlcKdp-BdTjTrAProoQ5FyRZ2zw3EgLEc_1EkUPyLI8krhGTSdWRmZ9FiCq7N2wkxcencAHLgQklO7oBdjPsrhSzW6_A32gDpaj6eHjFT3_PY5rWQaP2ByU9tkJ9s1OqqESm6G7jU0jgcm6cqkr2ITFlPcloJWyWtc4suTXsk7llkkLEB146pQ HTTP 302
https://p274639.myckdom.com/adServe/domainClick?ai=8t_YSst-khR5fJD9dE4XGpD1bEyEOireHMBkS1RnhihgdcxMTC_77YmBbjdrRV8lOWw1ExPQwoclHrl1k_0_ol-rUMhnE8BfZzT_XXk8zbLYMpRzwgJ_XWz-_QgCIH-e_Um1DHULjs9jJf14907DhcFc2MPW0O-qAwwDRrpWZMOxj0PwWlfnFfLvVmpjHpNcaqAbIFDsUJSMKYfHg7Y2fA9d8LOfDfIwUsHcUmOeTOTs_YQqk8IZrcsVDOsvpryM68VsiSX-FhPIDSzUszxAi0kmadw6N4EQBmn-NR6QZt5Yzq10NtvSy_-ksmVOdTqFIy_4NaNO0OKUYALmW9khi-LPl4YV0sb4Q7Ge21nDntFO5YROiW87Xk642Q_uDWBGsfLS3eez5-DPr7BVFqfg_i4pba7jOYHnDseHgR2yYasiz84u93LAtTp1T_f4NC24GNhkGX0W1WEDgwDsRKusVoS7Ocyk9FII2O0y16yCsseHK8tEBM7hr-Qxm3fyDPT0AqM8rzIb-PiTtjegZs_yEsPZEguvhzLXntvpDL1rWYdOIs3E02P7faY0kMzWSjRebmcEoQHKaiRiVnQIGgxQDiU7ugF2M-yuFLNbr8DfaAPfU1FdfCYQtWc6G2VcJWi50Vd72cJKvyLWYi6Bm_o1F9347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kBTRhJTr31T6sz6E4fJKdEtrKCtj0Ed3D281oaJh9pZt1A3LQQeWyuAM6cRdns6hCaZd0oS6zOUCFtGHlaE3QDF6P_CYCJRt6hYEa7djHvbY5DMMj415PjPoDw9UllciYkHZ0-1ZdaXKlNKykvgARudlkkLEB146pQ&ui=R40UBoveGXfR8bvtrRSPgfbWwvziNp_1xLgNeF8Zj-j7U8uzwd12NuQLGruOHx0gzSu0wktae1pjh56uRgGDk6-sib-i6XhYUNEjqCD4pU1EhzHRqYPq3g&si=1&oref=849f468308e2fd2ca5be96d7a870fa70&optunit=FLNbr8DfaAM1ksAx6i4xhw&rb=lklr6Bsrz6o&rr=1&abtg=0 Page URL
https://myimaginarymgmtcenter.com/?click=90664220718&source=446919085&sub=SAPF&v=0.11 HTTP 302
https://balance.vanlliagfitportals.net/?c=90664220718 HTTP 302
https://balance.vanlliagfitportals.net/bad.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://wickes.us/ HTTP 302
http://dnavexch.com/click?data=d2tPQm1DaGxzSTVNeHRzbHJYOHlwTGxOZzJKdXdDaWtLS3hla0d6N251T05ET0hCalFBWE1Gd0x5b2FUMU5aY3RJVzlQcm85YV9CaVZGU20xbGRTY25mbUJTR3hxQmgtNG9mOFNBOWsyVUpxNEZRdEtMZm02RzVPRnYzQ2s1cGFSdkVUeW0wR2FKcWlqRFdIUjFqVTN3Mg2&id=e36c7416-4d0e-42ad-b573-084bec5cc2f7

Request Chain 1

http://dnavexch.com/Redirect/ HTTP 302
https://myckdom.com/aS/feedclick?s=R40UBoveGXfR8bvtrRSPgbYUp7aBBDBgXQaiCg3BLRuzbOwltOcHjH5XPU-DAmA9J-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZg570qmhSob9iTdYYEA44WYlJzChtcb99a-hz6nOf0-V35hDWF21szTZekRk7AUpJuEGLaVG8NJmXLnDLd-tFcTIqHaxObetc1oLHZ067gnxnYZCHtpBYsO9hbL7uLV8VifrnAUOX9vHUDnqOdlPSYYfx8qhHZNizFyjAY-SFzjWVJJrKhmG1AHkWeoweiN2I86mw93xwXGOxmnhCizDL4v75zb8pgHrGBVeJV_vVmQQ1VWLs-U1gUz2FnK9PqGSLi9SpgzgKkQTsef7fzHHdRa5UUp4xCf6N2NNwXXZwCrb2LQ9-9GMjKz9MiubikoGNvdKsnciD6ByxnxVvRgqnjJGidsvEf3NvUANtXWSmRDyHAEx6sAEIz_eGeJzRg8_DKJZKWOK5M2qGIcYZm3_Aj5kS1F1KH_mjJoDE0_Xwxubk96i1vmPVUu-uspMrEVJHq8Vsov6rfyackSgIn8kUJdQ3dJFgpOYNj1DLRvnqoJ4tN5gZQJWABvBRDlLnp4NADzCVPC8ASYnB5u8P53Brb9Bkm0dhI6peuOzWN-841DnhUPMMocDS0kfEgkbz625qQqeUAmDpg_94Rv-zrh8cBadWFBDk69nksVTw98xuUdVHOR9B7SxwSa6lfE691OBOvQ1LvBRnAbmG-z0HkKRMQ2PguehXBajeftIwLVTbcZQ7Jx0kiDBvZHVKP2XhSKvWPnWIbrAcGchKZnHCtlJqexDXqil5PlK-r488hILamtbJsKtuzMSWJCPyY4Dtb-qyTGNukGC32LBQcz4bFZki7Gr9A_2HcQiK9QgdCLp-dCNZDJnZtZiwvizTNCCi_1inEnXUALW7Bu6r_9Te8R0Ipw17I52regNsmERACmm9d1B5Zomt-_Cawpnl25oY5s9TgZH83wiszWH2fC7GrymtpLMLAgpVlA41L5lEoV7o-CaaQmxkqefc5gHd45zDgWjFeXinuDGa9GMyMNyo0Qi1fI1cU0aoJtZiZ6ZXaN8_B_rzdnHRAtpz56VpL3A1bp2all5L4XEv68ibNLUmC5GizgEZftNtarDOG5o1sPzZ5CspaVYc0hePltGWALpgIhy1p23oJKWJ2mxq6_Sa2eHiCA3T4aQC37hUuM14wm_OVfH07D0TqYmm2uA4uH5wie2wSIn7Sx5SfBZNebTgl_nuUUmCynmJfDT4j3B2CnVlgN9L4uXRkHWjRLFgoSIa4AEJbBcf1Iky73F1IKHiIA6NVtNIEgSmqr7IIQVSeP-wCxKsS890-YpJf08vjycbdhdKexv6YmKosVuimajhTIF7jxLuSjDtFy53-r3-7l8aOrPMKHdLshith1hHAVjOAvS2ICvd8mUcDxrEA2dpousmnSPUJ1nd8-AsLLSbfLg0klK1Q_k6X5lt03_8QzcMGvKRdHQNg9wAKTDWz_pI3_0G3iZJ7oUoyrlfmWpQ72bc4t3Hx47DhhZ146qPnfQWoodQ1iSnaG39La6iVkSlR8KVKDWV5tso2d63P3kquTyvbhVMU9I7aPk7NKCeAD1IvhNaP8sUppB90IhXvMYORdOEXp_FHNfEhKooIbr4ScI-uON36n1-VC-CuKifHwHvWXoIxb8tkShtl8myBJmW7EcHPTumAeTpY7x42mqi9EcDwDmFCjhA5kocz4dfzLroTowgOMWmM7434rpt1MTjmFH9Mw6FZBAh1-_Fi2L-4COsWdTlIP5ptT_pYkIAHi3_wSjrANX07v6saMijraNl66F-PxBHxjgTQUmKm1rBRjCyVvHMx_iV2-5clvq7x72QO64a5kdt2EOL0F1v6JB5VBpGExjPW1rx_nl-4bZU0iX4d_Vu20hZyueZ5BSzW6_A32gDSxA4FRjTqs0h6-yE-Gt6zcanF5juWxD4Xp46MNtPa4gZnk547BHwUzDffQpdJWdEh6Bm0-9Ux9pTjhgCC-_JLEamKPgsGH2jHE-E6NGOzsIOmP-fh2ZBo6zvEEyVHBW-IATk8IyXyLE7MRCw2iDeXmDoxRofkCVe3fluPd58CgwrURPy62_68L9E1DM5lwEqZds_BpipfYzzQ-16HIWXc8Fp9h11G3M0L_uTceS_ATcfo_kX-PMVITMauPDHliX8w6DFJBp_EKSjBEUucKa0S9bXXemDInDdxQpf-ylliHaNdMbkp-P1ahUaICvJ4cZdOKy-FrD9-eGhfFV3lnxMm2k5oVXiKpQrqlcKdp-BdTjTrAProoQ5FyRZ2zw3EgLEc_1EkUPyLI8krhGTSdWRmZ9FiCq7N2wkxcencAHLgQklO7oBdjPsrhSzW6_A32gDpaj6eHjFT3_PY5rWQaP2ByU9tkJ9s1OqqESm6G7jU0jgcm6cqkr2ITFlPcloJWyWtc4suTXsk7llkkLEB146pQ HTTP 302
https://p274639.myckdom.com/adServe/domainClick?ai=8t_YSst-khR5fJD9dE4XGpD1bEyEOireHMBkS1RnhihgdcxMTC_77YmBbjdrRV8lOWw1ExPQwoclHrl1k_0_ol-rUMhnE8BfZzT_XXk8zbLYMpRzwgJ_XWz-_QgCIH-e_Um1DHULjs9jJf14907DhcFc2MPW0O-qAwwDRrpWZMOxj0PwWlfnFfLvVmpjHpNcaqAbIFDsUJSMKYfHg7Y2fA9d8LOfDfIwUsHcUmOeTOTs_YQqk8IZrcsVDOsvpryM68VsiSX-FhPIDSzUszxAi0kmadw6N4EQBmn-NR6QZt5Yzq10NtvSy_-ksmVOdTqFIy_4NaNO0OKUYALmW9khi-LPl4YV0sb4Q7Ge21nDntFO5YROiW87Xk642Q_uDWBGsfLS3eez5-DPr7BVFqfg_i4pba7jOYHnDseHgR2yYasiz84u93LAtTp1T_f4NC24GNhkGX0W1WEDgwDsRKusVoS7Ocyk9FII2O0y16yCsseHK8tEBM7hr-Qxm3fyDPT0AqM8rzIb-PiTtjegZs_yEsPZEguvhzLXntvpDL1rWYdOIs3E02P7faY0kMzWSjRebmcEoQHKaiRiVnQIGgxQDiU7ugF2M-yuFLNbr8DfaAPfU1FdfCYQtWc6G2VcJWi50Vd72cJKvyLWYi6Bm_o1F9347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kBTRhJTr31T6sz6E4fJKdEtrKCtj0Ed3D281oaJh9pZt1A3LQQeWyuAM6cRdns6hCaZd0oS6zOUCFtGHlaE3QDF6P_CYCJRt6hYEa7djHvbY5DMMj415PjPoDw9UllciYkHZ0-1ZdaXKlNKykvgARudlkkLEB146pQ&ui=R40UBoveGXfR8bvtrRSPgfbWwvziNp_1xLgNeF8Zj-j7U8uzwd12NuQLGruOHx0gzSu0wktae1pjh56uRgGDk6-sib-i6XhYUNEjqCD4pU1EhzHRqYPq3g&si=1&oref=849f468308e2fd2ca5be96d7a870fa70&optunit=FLNbr8DfaAM1ksAx6i4xhw&rb=lklr6Bsrz6o&rr=1&abtg=0

Request Chain 32

https://balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/3e377faf/main.js

35 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

click Show response
dnavexch.com/
Redirect Chain

http://wickes.us/
http://dnavexch.com/click?data=d2tPQm1DaGxzSTVNeHRzbHJYOHlwTGxOZzJKdXdDaWtLS3hla0d6N251T05ET0hCalFBWE1Gd0x5b2FUMU5aY3RJVzlQcm85YV9CaVZGU20xbGRTY25mbUJTR3hxQmgtNG9mOFNBOWsyVUpxNEZRdEtMZm02RzVPRnYzQ2...

5 KB
6 KB

159ms
73ms

Document
text/html

192.99.158.241
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://dnavexch.com/click?data=d2tPQm1DaGxzSTVNeHRzbHJYOHlwTGxOZzJKdXdDaWtLS3hla0d6N251T05ET0hCalFBWE1Gd0x5b2FUMU5aY3RJVzlQcm85YV9CaVZGU20xbGRTY25mbUJTR3hxQmgtNG9mOFNBOWsyVUpxNEZRdEtMZm02RzVPRnYzQ2s1cGFSdkVUeW0wR2FKcWlqRFdIUjFqVTN3Mg2&id=e36c7416-4d0e-42ad-b573-084bec5cc2f7
Protocol: HTTP/1.1
Server: 192.99.158.241 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip241.ip-192-99-158.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f0e76eba5bdfcfc4c0f075522653131ee129ad809db6b7f69d064fb119c5f98e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Length: 5412
Content-Type: text/html; charset=utf-8
Date: Mon, 04 Sep 2023 15:24:02 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.2
X-Powered-By: ASP.NET

Redirect headers

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 04 Sep 2023 15:27:38 GMT
location: http://dnavexch.com/click?data=d2tPQm1DaGxzSTVNeHRzbHJYOHlwTGxOZzJKdXdDaWtLS3hla0d6N251T05ET0hCalFBWE1Gd0x5b2FUMU5aY3RJVzlQcm85YV9CaVZGU20xbGRTY25mbUJTR3hxQmgtNG9mOFNBOWsyVUpxNEZRdEtMZm02RzVPRnYzQ2s1cGFSdkVUeW0wR2FKcWlqRFdIUjFqVTN3Mg2&id=e36c7416-4d0e-42ad-b573-084bec5cc2f7
server: nginx

GET
H2

200

domainClick Show response
p274639.myckdom.com/adServe/
Redirect Chain

http://dnavexch.com/Redirect/
https://myckdom.com/aS/feedclick?s=R40UBoveGXfR8bvtrRSPgbYUp7aBBDBgXQaiCg3BLRuzbOwltOcHjH5XPU-DAmA9J-J_MlxHbnZPYJMKbc_lPFsLtTfRMmnZg570qmhSob9iTdYYEA44WYlJzChtcb99a-hz6nOf0-V35hDWF21szTZekRk7AUpJuE...
https://p274639.myckdom.com/adServe/domainClick?ai=8t_YSst-khR5fJD9dE4XGpD1bEyEOireHMBkS1RnhihgdcxMTC_77YmBbjdrRV8lOWw1ExPQwoclHrl1k_0_ol-rUMhnE8BfZzT_XXk8zbLYMpRzwgJ_XWz-_QgCIH-e_Um1DHULjs9jJf1490...

627 B
722 B

70ms
64ms

Document
text/html

52.117.247.211
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://p274639.myckdom.com/adServe/domainClick?ai=8t_YSst-khR5fJD9dE4XGpD1bEyEOireHMBkS1RnhihgdcxMTC_77YmBbjdrRV8lOWw1ExPQwoclHrl1k_0_ol-rUMhnE8BfZzT_XXk8zbLYMpRzwgJ_XWz-_QgCIH-e_Um1DHULjs9jJf14907DhcFc2MPW0O-qAwwDRrpWZMOxj0PwWlfnFfLvVmpjHpNcaqAbIFDsUJSMKYfHg7Y2fA9d8LOfDfIwUsHcUmOeTOTs_YQqk8IZrcsVDOsvpryM68VsiSX-FhPIDSzUszxAi0kmadw6N4EQBmn-NR6QZt5Yzq10NtvSy_-ksmVOdTqFIy_4NaNO0OKUYALmW9khi-LPl4YV0sb4Q7Ge21nDntFO5YROiW87Xk642Q_uDWBGsfLS3eez5-DPr7BVFqfg_i4pba7jOYHnDseHgR2yYasiz84u93LAtTp1T_f4NC24GNhkGX0W1WEDgwDsRKusVoS7Ocyk9FII2O0y16yCsseHK8tEBM7hr-Qxm3fyDPT0AqM8rzIb-PiTtjegZs_yEsPZEguvhzLXntvpDL1rWYdOIs3E02P7faY0kMzWSjRebmcEoQHKaiRiVnQIGgxQDiU7ugF2M-yuFLNbr8DfaAPfU1FdfCYQtWc6G2VcJWi50Vd72cJKvyLWYi6Bm_o1F9347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kBTRhJTr31T6sz6E4fJKdEtrKCtj0Ed3D281oaJh9pZt1A3LQQeWyuAM6cRdns6hCaZd0oS6zOUCFtGHlaE3QDF6P_CYCJRt6hYEa7djHvbY5DMMj415PjPoDw9UllciYkHZ0-1ZdaXKlNKykvgARudlkkLEB146pQ&ui=R40UBoveGXfR8bvtrRSPgfbWwvziNp_1xLgNeF8Zj-j7U8uzwd12NuQLGruOHx0gzSu0wktae1pjh56uRgGDk6-sib-i6XhYUNEjqCD4pU1EhzHRqYPq3g&si=1&oref=849f468308e2fd2ca5be96d7a870fa70&optunit=FLNbr8DfaAM1ksAx6i4xhw&rb=lklr6Bsrz6o&rr=1&abtg=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.117.247.211 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: d3.f7.7534.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash: 16c73a1f12600dc5f8c58626e12033db545d78fd0c7c1ec351cff1c24050b552

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: http://dnavexch.com
Referer: http://dnavexch.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=ISO-8859-1
date: Mon, 04 Sep 2023 15:25:39 GMT
server: nginx
vary: Accept-Encoding

Redirect headers

content-length: 0
date: Mon, 04 Sep 2023 15:25:39 GMT
location: https://p274639.myckdom.com/adServe/domainClick?ai=8t_YSst-khR5fJD9dE4XGpD1bEyEOireHMBkS1RnhihgdcxMTC_77YmBbjdrRV8lOWw1ExPQwoclHrl1k_0_ol-rUMhnE8BfZzT_XXk8zbLYMpRzwgJ_XWz-_QgCIH-e_Um1DHULjs9jJf14907DhcFc2MPW0O-qAwwDRrpWZMOxj0PwWlfnFfLvVmpjHpNcaqAbIFDsUJSMKYfHg7Y2fA9d8LOfDfIwUsHcUmOeTOTs_YQqk8IZrcsVDOsvpryM68VsiSX-FhPIDSzUszxAi0kmadw6N4EQBmn-NR6QZt5Yzq10NtvSy_-ksmVOdTqFIy_4NaNO0OKUYALmW9khi-LPl4YV0sb4Q7Ge21nDntFO5YROiW87Xk642Q_uDWBGsfLS3eez5-DPr7BVFqfg_i4pba7jOYHnDseHgR2yYasiz84u93LAtTp1T_f4NC24GNhkGX0W1WEDgwDsRKusVoS7Ocyk9FII2O0y16yCsseHK8tEBM7hr-Qxm3fyDPT0AqM8rzIb-PiTtjegZs_yEsPZEguvhzLXntvpDL1rWYdOIs3E02P7faY0kMzWSjRebmcEoQHKaiRiVnQIGgxQDiU7ugF2M-yuFLNbr8DfaAPfU1FdfCYQtWc6G2VcJWi50Vd72cJKvyLWYi6Bm_o1F9347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kBTRhJTr31T6sz6E4fJKdEtrKCtj0Ed3D281oaJh9pZt1A3LQQeWyuAM6cRdns6hCaZd0oS6zOUCFtGHlaE3QDF6P_CYCJRt6hYEa7djHvbY5DMMj415PjPoDw9UllciYkHZ0-1ZdaXKlNKykvgARudlkkLEB146pQ&ui=R40UBoveGXfR8bvtrRSPgfbWwvziNp_1xLgNeF8Zj-j7U8uzwd12NuQLGruOHx0gzSu0wktae1pjh56uRgGDk6-sib-i6XhYUNEjqCD4pU1EhzHRqYPq3g&si=1&oref=849f468308e2fd2ca5be96d7a870fa70&optunit=FLNbr8DfaAM1ksAx6i4xhw&rb=lklr6Bsrz6o&rr=1&abtg=0
server: nginx

GET
H2 200 track
clkdeals.com/adServe/ 49 B
197 B 196ms
63ms Image
image/gif 52.116.53.146
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clkdeals.com/adServe/track?subid=90664220718&prdid=2750&price=0
Requested by: Host: p274639.myckdom.com
URL: https://p274639.myckdom.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.116.53.146 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 92.35.7434.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash: 8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 15:25:39 GMT
server: nginx
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
content-length: 49
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Primary Request bad.php Show response
balance.vanlliagfitportals.net/
Redirect Chain

https://myimaginarymgmtcenter.com/?click=90664220718&source=446919085&sub=SAPF&v=0.11
https://balance.vanlliagfitportals.net/?c=90664220718
https://balance.vanlliagfitportals.net/bad.php

39 KB
6 KB

197ms
196ms

Document
text/html

2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://balance.vanlliagfitportals.net/bad.php
Requested by: Host: p274639.myckdom.com
URL: https://p274639.myckdom.com/adServe/domainClick?ai=8t_YSst-khR5fJD9dE4XGpD1bEyEOireHMBkS1RnhihgdcxMTC_77YmBbjdrRV8lOWw1ExPQwoclHrl1k_0_ol-rUMhnE8BfZzT_XXk8zbLYMpRzwgJ_XWz-_QgCIH-e_Um1DHULjs9jJf14907DhcFc2MPW0O-qAwwDRrpWZMOxj0PwWlfnFfLvVmpjHpNcaqAbIFDsUJSMKYfHg7Y2fA9d8LOfDfIwUsHcUmOeTOTs_YQqk8IZrcsVDOsvpryM68VsiSX-FhPIDSzUszxAi0kmadw6N4EQBmn-NR6QZt5Yzq10NtvSy_-ksmVOdTqFIy_4NaNO0OKUYALmW9khi-LPl4YV0sb4Q7Ge21nDntFO5YROiW87Xk642Q_uDWBGsfLS3eez5-DPr7BVFqfg_i4pba7jOYHnDseHgR2yYasiz84u93LAtTp1T_f4NC24GNhkGX0W1WEDgwDsRKusVoS7Ocyk9FII2O0y16yCsseHK8tEBM7hr-Qxm3fyDPT0AqM8rzIb-PiTtjegZs_yEsPZEguvhzLXntvpDL1rWYdOIs3E02P7faY0kMzWSjRebmcEoQHKaiRiVnQIGgxQDiU7ugF2M-yuFLNbr8DfaAPfU1FdfCYQtWc6G2VcJWi50Vd72cJKvyLWYi6Bm_o1F9347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kBTRhJTr31T6sz6E4fJKdEtrKCtj0Ed3D281oaJh9pZt1A3LQQeWyuAM6cRdns6hCaZd0oS6zOUCFtGHlaE3QDF6P_CYCJRt6hYEa7djHvbY5DMMj415PjPoDw9UllciYkHZ0-1ZdaXKlNKykvgARudlkkLEB146pQ&ui=R40UBoveGXfR8bvtrRSPgfbWwvziNp_1xLgNeF8Zj-j7U8uzwd12NuQLGruOHx0gzSu0wktae1pjh56uRgGDk6-sib-i6XhYUNEjqCD4pU1EhzHRqYPq3g&si=1&oref=849f468308e2fd2ca5be96d7a870fa70&optunit=FLNbr8DfaAM1ksAx6i4xhw&rb=lklr6Bsrz6o&rr=1&abtg=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcfe919f185f76aa42c8ed04814fc90de257fd7a54241a46bcdf8a881c32df6e

Request headers

Referer: https://p274639.myckdom.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 80173f208d243717-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 04 Sep 2023 15:25:42 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HEtpGaKyzoes5jOTo9LSf3g%2B3TVdphf4phJb3StvmR5bBqAr71lCimK3anj2ZFz7H3t09vEsJMWmWLMZU2YcfppCkMYRuqISbN8IB0KeqCTKI%2B0Zjdxyo3tQO9BMW1fI%2B%2FDQ8xbl%2Bwh2qpl9nw0DqcAtj2jgu9prcgZ3ezQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 80173f16697b3717-MIA
content-type: text/html; charset=UTF-8
date: Mon, 04 Sep 2023 15:25:41 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./bad.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxU%2BBAUXLWSeMDN%2FBzNSX4VYK1Kge3B38P97oFVPBJojP8xqF%2FC%2F2ehnzlgIPe1SE4YLGx9sw64%2BXAylEpbF7lApfi2nN90b3y20XDz9OPMC%2FB1Mnj%2Bwb8rC8dAVAjeNylEr1EkRQaLLjcCOZUcy4Ok0FnUPGxdXCWxPOoc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 css.css
balance.vanlliagfitportals.net/index_files/ 8 KB
1 KB 333ms
332ms Stylesheet
text/css 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://balance.vanlliagfitportals.net/index_files/css.css
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4de47a4053bf4a3fb03f3d687306a5dbc0b980ca9fe4acf9dac72c0b5b15ce0b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"21e3-5f6cf47decc00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=slqGuM%2FHFyq8vh1i7SjwV0A4oIDyhEykqWEZdienolwFKoTUNf02BL2lLnB%2BSPSNVXI4fg4hygdFBDHXYXPCjgywd2SQsvUlsHn21qWR0lR8xJNSjuAoaRsmT8Nn6e3h82EMN%2B5IRx5CM%2FIhWJT762RHWjbm1VtzuN5OI6Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 80173f21deb60975-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 stylesheet.css
balance.vanlliagfitportals.net/index_files/ 72 KB
13 KB 335ms
334ms Stylesheet
text/css 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://balance.vanlliagfitportals.net/index_files/stylesheet.css
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9d7a680f678fb75f952ff9487ffa0c4110cfb2a01731099cca23fb4fe9211bb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"11e16-5f6cf47decc00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WvxIjFbViMe9if4%2FbvD68VXEJbCgXXAuHsL9KCkcGsTN89OxZY5SDFXCX0I7S6JZa1TPi3J0kBP5JQ7cFLqI49ZXnI%2B05m%2BQ0DN8pPVKi%2FUhKOR4v9Mfcq402uzuVk%2BGME0%2FBOCTeeNhU30hAgza56%2FRhY9cAd224LKL4ng%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 80173f21deb80975-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/ 115 KB
19 KB 108ms
44ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css

Requested by

Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 876
age: 6477437
cdn-cachedat: 09/04/2022 09:22:42
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:58 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"eedf9ee80c2faa4e1b9ab9017cdfcb88"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 1618e898199956ea0e72e576db88d8aa
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 80173f2239d0961a-MIA
cdn-requestpullsuccess: True

GET
H3 200 jquery.js Show response
balance.vanlliagfitportals.net/index_files/ 130 KB
46 KB 626ms
626ms Script
text/javascript 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://balance.vanlliagfitportals.net/index_files/jquery.js
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4e0e4bafdba979ed97fde06c409478becd96dde7a53023aae7858a19f15a67b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"20801-5f6cf47fd5080-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2FFQK93Z6nZJQsT337zslXIHQqk7IMslj6Dxxgh1wp%2FiXvzWDvsQB2EZYoofLFQGTmj535%2B99Afen05abZOiGwdRVUHp31QnVCcOr62CimwLMdygupk6oCtXECIwy6YUKuSPve6i7Nj%2BnN8oWvZjqPhBFnuSF7HkmY8JrtA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 80173f21deb90975-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/ 36 KB
10 KB 106ms
44ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js

Requested by

Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 974
age: 6477446
cdn-cachedat: 11/16/2022 00:31:21
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"4becdc9104623e891fbb9d38bba01be4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: d847237c3c9036a1743e0259308f8595
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 80173f2239d4961a-MIA
cdn-requestpullsuccess: True

GET
H3 200 logo-visa.png
balance.vanlliagfitportals.net/index_files/ 1 KB
2 KB 324ms
323ms Image
image/png 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://balance.vanlliagfitportals.net/index_files/logo-visa.png
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60209d124b9e7598b70c79bb9d79d2ed1f610f49bbb2a840216d93b5fc951154

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:42 GMT
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "4f4-5f6cf47c04780"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bskw%2FUZxvb6%2FQjLjC5TMTjulSjjXORyKctN%2BRoL1pTfyXdZc8siyhSteJkMr1tZnDQeDD4CcYV%2BnYfW9wk6jpLKXLUcxS%2FaFhwrqSAvPxgkbl2AuTivqVC1A1F0MqFBi2LQaDvT2p1zUYQ4LldXVvejPVQWhWud1pKTgAPo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 80173f2419b60975-MIA
alt-svc: h3=":443"; ma=86400
content-length: 1268

GET
H3 200 other-gcm-cards-vertical.png
balance.vanlliagfitportals.net/index_files/ 286 KB
0 663ms
662ms Image
image/png 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://balance.vanlliagfitportals.net/index_files/other-gcm-cards-vertical.png
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:43 GMT
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "bb935-5f6cf47833e80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYurZ6S7beWOkuPuFAXD9N5PqMoyu3yS2J%2Fi3BXr6B0PgvthXwLihX%2FiDTJzlRBktjzT2YuV9PxaHS1ZDrbL1cx3kteBJRfeGCZEZ3WS74GrYIqV30%2BStWxw2674JuLN2GvIJ1Uy1g0ydC7K1sJ8ngtxFVL%2B9TERsN0t2tc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 80173f260c510975-MIA
alt-svc: h3=":443"; ma=86400
content-length: 768309

GET
H3 200 other-gcm-cards-horizontal.png
balance.vanlliagfitportals.net/index_files/ 542 KB
0 651ms
651ms Image
image/png 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://balance.vanlliagfitportals.net/index_files/other-gcm-cards-horizontal.png
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:43 GMT
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "a9c41-5f6cf47a1c300"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9xIW7GYvuOPtFNoJisgxbl2KtWLA%2FEffx91Rm1NTLS2V%2BkuD4RI%2F8puvFvATZGQa7dspuACX9rXTONxYwsBL%2B3Et4qj9l5PZva48V2RWSWTGkT1ztbIGqZs%2BzULPhY754467SmqaD5BHlQtmrPtitv1Mpf2V6g3XyYtPXg0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 80173f264c8f0975-MIA
alt-svc: h3=":443"; ma=86400
content-length: 695361

GET
H3 200 main-card-visa-sparkle.png
balance.vanlliagfitportals.net/index_files/ 67 KB
68 KB 663ms
661ms Image
image/png 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://balance.vanlliagfitportals.net/index_files/main-card-visa-sparkle.png
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a1cf6512abc9d8f1e59907c9e9449061bcdd2b9897da041fe0f8f0ef13107b6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:43 GMT
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "10c52-5f6cf47a1c300"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rz7I4irYnGN%2BiSHv3zg%2BbbFs3p%2F5QTZO32WJI90QJJoPhPJesumgJWRjagYVs23PaPFMexrCVlZqoM6Xl8MIw7m%2BH3vgqeBJxkMZDS30eQA2irSEomw6kdKdLZQyXvedYOMb%2F1UogaztMM4FO8G15rh2eWH9X%2Fo2bEXZlxk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 80173f264c970975-MIA
alt-svc: h3=":443"; ma=86400
content-length: 68690

GET
H3 200 visa-egift.png
balance.vanlliagfitportals.net/index_files/ 18 KB
18 KB 499ms
494ms Image
image/png 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://balance.vanlliagfitportals.net/index_files/visa-egift.png
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8abd1446ca408e1bde5c9f14abe51e820cf753b81a8593c64771a3d9b3e9b090

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:43 GMT
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "46e7-5f6cf47fd5080"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66vvkc9X4bu4XYebr4IiXKV3SdCart1HJxkghx0Mwuq6%2BBhrHpDhVGa1v1FzQzfFQa5RGef1yJJN4K4EV8hUDENmFUyskTUM54Z1rkVtFjZDb%2BCE8uiBaStWNlUVWLsXJ3JfLY7L%2BRnEOpLGsgARaobfv2VOGF7e9fiEv1U%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 80173f264ca00975-MIA
alt-svc: h3=":443"; ma=86400
content-length: 18151

GET main-card-visa-everwhere.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET main-card-visa-fiveback.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET
H3 200 main-card-visa-bestbuy.png
balance.vanlliagfitportals.net/index_files/ 12 KB
12 KB 437ms
432ms Image
image/png 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://balance.vanlliagfitportals.net/index_files/main-card-visa-bestbuy.png
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c259e78005905b6b36fa4fa51bf81770739ce701699743e613d1c902e3c3761

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:43 GMT
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "2ec1-5f6cf47c04780"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bp2k41Uk8XrKLbak3vyJtmtA04gC4EjDsUvClU8qbgnPVbSOjqmsPgz13kEA21yn4OLwM1kXdYGeuaQh7eZcVXlEbYJ62YI1AkLUHeTYECuryG3Oyq3nja1QzfLinpTHQ6gBopskmW4GdU3WKNSoBKrjijMFAEuklAcsev0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 80173f264ca90975-MIA
alt-svc: h3=":443"; ma=86400
content-length: 11969

GET close-icon.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET visa-silver-403446-2x.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET visa-silver-435880-2x.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET visa-silver-451129-2x.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET visa-silver-454316-2x.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET visa-silver-491277-2x.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET Dining-Everywhere.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET Fuel-Everywhere.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET Style-Everywhere.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET
H3 200 Movies-Everywhere.png
balance.vanlliagfitportals.net/index_files/ 38 KB
38 KB 497ms
493ms Image
image/png 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://balance.vanlliagfitportals.net/index_files/Movies-Everywhere.png
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b75900f5f6485c09d0192766ed53a6bd3dc99309409d93bd9c2adeb36d84c973

Request headers

accept-language: en-US,en;q=0.9
Referer: https://balance.vanlliagfitportals.net/bad.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:43 GMT
cf-cache-status: MISS
last-modified: Mon, 13 Mar 2023 22:03:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "973a-5f6cf47a1c300"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OIjJJZ%2FcGAlVHLgEcy27pDIrQpWpARhGEAixb2JIMmvIey0jqI3IUXYGUEtuSnH%2FFfCH6zG%2B2Z%2FzV%2Bg20GozaycPvkMlkfpNXVW0EvXyGm9qTaHLVbEmuieda1wnraRus4iZV07pc1lTaGM5if9dgEbdYRs6sf9L8KRMJnc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 80173f264cb70975-MIA
alt-svc: h3=":443"; ma=86400
content-length: 38714

GET Grocery-Everywhere.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET Home-Everywhere.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET Explore-Everywhere.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET close-icon.png
balance.vanlliagfitportals.net/index_files/ 0
0

GET help-icon.png
balance.vanlliagfitportals.net/index_files/content/images/ 0
0

GET
H3 200 glyphicons-halflings-regular.woff2
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/fonts/ 18 KB
18 KB 88ms
49ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css
Origin: https://balance.vanlliagfitportals.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 975
cdn-cachedat: 09/03/2022 05:40:45
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 18028
last-modified: Mon, 25 Jan 2021 22:03:58 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: "448c34a56d699c29117adc64c43affeb"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 49fa097935ed58e31eec08a7f68d9d7c
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 80173f268c0e21c7-MIA
cdn-requestpullsuccess: True

GET
H3

200

main.js Show response
balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/3e377faf/ Frame 07C6
Redirect Chain

https://balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/3e377faf/main.js

7 KB
4 KB

34ms
34ms

Script
application/javascript

2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/3e377faf/main.js

Requested by

Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/bad.php

Protocol

Server

2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a3dc04f83b206c069b7d26b2857cf2214edff4a7270268041f7c63c010ab85e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 15:25:42 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e0vLgXNFh7LFf2f0NUQbUmb2FEogKT%2BDJhIiPdtjplc1yM4WOmL4OQsVq9HwCTN0SfvyvGhmYQvCDOl9w%2Bpp3jS5BDOurhr2ZkpC%2FnA5GElXCAFxVCohjgy73Q9Cb0yZz%2BTO5rnFFRLEpa9ieBz3sheP0P4UxTsDCqEUauE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 80173f26cd2b0975-MIA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 04 Sep 2023 15:25:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mNWj16J44o9ykOaMXT9M8GmZly%2FMMFFEmS4P20kxgxCQ%2FXNDG96hvrF5%2Bf%2Fl0KXSle%2BqEkeAW92TGaoBCpV0BCoq0%2Fhg4u%2BddKjaxfA0ypDQdwWoywALl1COJ64KTs%2BF6JC%2BroU4BBFRQKCL8F%2BG90tucgebGkiJQQtfMr4%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/3e377faf/main.js
cache-control: max-age=300, public
cf-ray: 80173f268cf90975-MIA
alt-svc: h3=":443"; ma=86400

POST
H3 200 80173f208d243717 Show response
balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 07C6 0
587 B 47ms
46ms XHR
text/plain 2606:4700:3035::6815:12d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/h/g/jsd/r/80173f208d243717
Requested by: Host: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:12d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 04 Sep 2023 15:25:43 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oPg3Op1%2BxlkyurFoA1XDwWMmuboLp%2BqTboyiENNmxCBmezXFvOILsEmFfxWysI5lw%2F3bjKlA2fi1sKw5EHXzlkO4s3PwxbKw%2FFM%2BPXQbtyCJXVPKqSK2nbfdU%2Fgmo%2BG3M4wClgQp%2BqCE2NH5xwC7YtiNezY8DVfHTJKoOds%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 80173f27be580975-MIA
alt-svc: h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/main-card-visa-everwhere.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/main-card-visa-fiveback.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/close-icon.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/visa-silver-403446-2x.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/visa-silver-435880-2x.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/visa-silver-451129-2x.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/visa-silver-454316-2x.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/visa-silver-491277-2x.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/Dining-Everywhere.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/Fuel-Everywhere.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/Style-Everywhere.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/Grocery-Everywhere.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/Home-Everywhere.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/Explore-Everywhere.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/close-icon.png

Domain: balance.vanlliagfitportals.net
URL: https://balance.vanlliagfitportals.net/index_files/content/images/help-icon.png

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.wickes.us/	1970-01-21 00:06:41	Name: sid Value: 946c0dd4-4b37-11ee-bc73-232531fd39a9
dnavexch.com/	1969-12-31 23:59:59	Name: apnEZasDxlGCVhv Value: apnEZasDxlGCVhv
.myckdom.com/	1970-01-20 18:49:53	Name: rhid Value: 83604932364
.myckdom.com/	1970-01-20 14:30:44	Name: loi Value: ad_1427683_off_870620_aff_90840_cid_274639-584136950-WICKES.US_ts_1693841139
balance.vanlliagfitportals.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4lcnnugbuke9ubplfsd4p94n34
.vanlliagfitportals.net/	1970-01-20 23:16:17	Name: cf_clearance Value: kAGPltrIXFRQM6UnZtDIrYHrg9islXEwukV1BQny2Do-1693841143-0-1-5c03727d.35e6c1f8.14d1c8f2-0.2.1693841143

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

balance.vanlliagfitportals.net
clkdeals.com
dnavexch.com
maxcdn.bootstrapcdn.com
myckdom.com
myimaginarymgmtcenter.com
p274639.myckdom.com
wickes.us
balance.vanlliagfitportals.net
192.99.158.241
204.152.214.28
2606:4700:3032::ac43:cfe6
2606:4700:3035::6815:12d0
2606:4700::6812:acf
52.116.53.146
52.117.247.211
0c259e78005905b6b36fa4fa51bf81770739ce701699743e613d1c902e3c3761
16c73a1f12600dc5f8c58626e12033db545d78fd0c7c1ec351cff1c24050b552
1a1cf6512abc9d8f1e59907c9e9449061bcdd2b9897da041fe0f8f0ef13107b6
1a3dc04f83b206c069b7d26b2857cf2214edff4a7270268041f7c63c010ab85e
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
4de47a4053bf4a3fb03f3d687306a5dbc0b980ca9fe4acf9dac72c0b5b15ce0b
60209d124b9e7598b70c79bb9d79d2ed1f610f49bbb2a840216d93b5fc951154
8abd1446ca408e1bde5c9f14abe51e820cf753b81a8593c64771a3d9b3e9b090
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
a9d7a680f678fb75f952ff9487ffa0c4110cfb2a01731099cca23fb4fe9211bb
b4e0e4bafdba979ed97fde06c409478becd96dde7a53023aae7858a19f15a67b
b75900f5f6485c09d0192766ed53a6bd3dc99309409d93bd9c2adeb36d84c973
dcfe919f185f76aa42c8ed04814fc90de257fd7a54241a46bcdf8a881c32df6e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f0e76eba5bdfcfc4c0f075522653131ee129ad809db6b7f69d064fb119c5f98e
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

balance.vanlliagfitportals.net Open in urlscan Pro 2606:4700:3035::6815:12d0 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

35 Requests

49 %HTTPS

43 %IPv6

7 Domains

8 Subdomains

6 IPs

2 Countries

264 kBTransfer

1394 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

6 Cookies

Indicators

balance.vanlliagfitportals.net Open in urlscan Pro
2606:4700:3035::6815:12d0 Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

49 %
HTTPS

43 %
IPv6

7
Domains

8
Subdomains

6
IPs

2
Countries

264 kB
Transfer

1394 kB
Size

6
Cookies

35 HTTP transactions
0 data transactions