play.google.com - urlscan.io

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 7 HTTP transactions. The main IP is 2a00:1450:4001:812::200e, located in and belongs to . The main domain is play.google.com.
TLS certificate: Issued by GTS CA 1C3 on January 2nd 2023. Valid for: 3 months.

This is the only time play.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	109.234.161.105 109.234.161.105	50474 (O2SWITCH) (O2SWITCH)
1 1	2606:4700:303... 2606:4700:3037::6815:5398	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	176.123.1.44 176.123.1.44	200019 (ALEXHOST) (ALEXHOST)
1 2	141.94.19.38 141.94.19.38	16276 (OVH) (OVH)
1 2	45.77.230.212 45.77.230.212	() ()
1	2a00:1450:400... 2a00:1450:4001:812::200e	() ()
7	6

1 109.234.161.105 (France)

ASN50474 (O2SWITCH, FR)
PTR: 109-234-161-105.reverse.odns.fr

www.es.gwafikera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:5398 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

adtrafico.atkr2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.123.1.44 (Chisinau, Moldova)

ASN200019 (ALEXHOST, MD)
PTR: tds-proxy43-prod-alex.holacode.tech

gift-fortune.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.94.19.38 (France) 1 redirects

ASN16276 (OVH, FR)

2021.sagahaclub.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.77.230.212 (None, ) 1 redirects

ASN- ()

tecappcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200e (None, )

ASN- ()

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	tecappcloud.com 1 redirects tecappcloud.com	756 B
2	sagahaclub.live 1 redirects 2021.sagahaclub.live	2 KB
2	gift-fortune.life gift-fortune.life	88 KB
1	google.com play.google.com
1	atkr2.com 1 redirects adtrafico.atkr2.com	658 B
1	gwafikera.com www.es.gwafikera.com	2 KB
7	6

	Domain	Requested by
2	tecappcloud.com	1 redirects 2021.sagahaclub.live
2	2021.sagahaclub.live	1 redirects gift-fortune.life
2	gift-fortune.life	www.es.gwafikera.com gift-fortune.life
1	play.google.com	tecappcloud.com www.es.gwafikera.com
1	adtrafico.atkr2.com	1 redirects
1	www.es.gwafikera.com
7	6

This site contains no links.

Subject Issuer	Validity	Valid
gift-fortune.life R3	`2023-01-12` - `2023-04-12`	3 months	crt.sh
*.sagahaclub.live R3	`2023-01-17` - `2023-04-17`	3 months	crt.sh
tecappcloud.com R3	`2022-12-30` - `2023-03-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US
Frame ID: EDD6C1E6878D5AB8FEF79A02A8DA737F
Requests: 6 HTTP requests in this frame

Frame: https://gift-fortune.life/media/mainstream/frame.html
Frame ID: C49C8938E72360FC6A5C83C34DDB186B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.es.gwafikera.com/revolvedpx.php?utm_source=google&utm_campaign=gingerly/ Page URL
https://adtrafico.atkr2.com/click?pid=46&offer_id=2&utm_campaign=2101 HTTP 302
https://gift-fortune.life/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99 Page URL
https://2021.sagahaclub.live/tqsrwedk/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99&f=1&sid=t1~r... Page URL
https://2021.sagahaclub.live/web/?sid=t3~r0buinpvx5ufhik0crd1k42q HTTP 302
https://tecappcloud.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBlt... HTTP 302
https://tecappcloud.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJm... Page URL
https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

7
Requests

71 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

92 kB
Transfer

396 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.es.gwafikera.com/revolvedpx.php?utm_source=google&utm_campaign=gingerly/ Page URL
https://adtrafico.atkr2.com/click?pid=46&offer_id=2&utm_campaign=2101 HTTP 302
https://gift-fortune.life/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99 Page URL
https://2021.sagahaclub.live/tqsrwedk/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99&f=1&sid=t1~r0buinpvx5ufhik0crd1k42q&fp=K41uPQohlgKs2mWXQ4Fg8aLn%2BE6TgRbRFyIl06KrTHcMTc0Eyk9MJIR0knCtUCmHKM21WZLZUi0IJAtNq1XBYlNRcIE3tXX5x9DcoxyO%2BuwyjTFkfn4qxG1Sd935EcVxigyhRaubRAQZt%2FghI%2FN%2B3GaYlZGL1nwioNFOU8hydVMaLJGt6CEA7eUwmVGJ8Ln2HqvIytiorjq0ZxVzin%2FAFd5UYNCng7dpJvMB%2FDkQbhl2bIIijDXXRDaM3CUAjY9%2BhpHlwZgC2aZ0OOZDfKrM%2FQMOebF%2BjH5MPAXlhmOo4dh4Gtwih%2Fnfnjo9AcNLzaLTLfJFGbEIHSteulyYPO4u68LUTkdCd0GSgMAAPoQ%2FW4h5hfaRL8MzCS4dN%2Bj5zRw0sqieJbte%2BMI8Ghes4R1921TsEkOu3MqimF7hXaKMRa7qyNqanmMSx3YPDRVIgo0PvQpD0MLmVl7i7w6fP5mj2%2BgViH7G7TINTpI8qpsOwMPWUSgbPr5dH4dHBZ866yjwg3X1TfJB3Xnp4oRP1hIo2JUCAjf2g7RDSdy3%2BSGb87QCC08UpfJlo36sIXoeJLuz5dOZ6lwtdmDv68oh%2Bdx8%2FqMB1B3oxMHhTMwMVpcw8AWSJ78YjeHxXJgSjvGSMwD07AdQWudNAvYt5Jj5mWc7PDPZ8kUucRV95Rj5VV0TCUko291Adhv%2FbR6galFDUcueCSDC2%2FUELklbJ88r6lSQmoEftPmvn1KchJLpevR2q2TUpQpZVXgX7eBg4efFjkb5CBNBXE%2F5hWkth9rnaJKg2sFfODBwMte7rjSm4g36NVK5ZxmsTUuQMq3hc%2BB7XzS%2FAdE2EM42fu%2BHPbFI0GMXPXHrF61pGahW82CTN%2B%2FWdODnPCl6k%2Bqd2i8qX6DyYOdsOCupC5N6KpmB6q8dBoiaOsj0ex0GnL1L9M70mPjXe%2FNjDe%2BZuiKf1202AIHbZ1ilzQ2xxpCxb0JM7MEEOYL6JB2ytcBaOgvos5ASyMTs2rczzZzw%2BusALLZPrS9T93N7Od6OYq5kr2VWv8KTxsuhdBf2A7aky4oeewm6dxks4cNgDABpUQ375SXCUubhehwU49nT6lHoqJ6MPFdLFs0p1jlFdquFUi%2FqxqUFakfKmtkxXyLRi%2BHUwMR61eYmhxLm9tqsKQ5R%2By%2F88yUwZqAI5lw4szsjPUe4VY9xnGk5TIXGpW%2BpLcGQEzecffICs0lJV%2FBSxhkY2kn4eirrtelSqr%2BK4LWSAnYAp7Zxc2%2F9L8vMw6TlbwmiqhctYhVhtIzfAVTl%2BC9sdF44UaZW3vcBGj%2B1fAG8t05Kkcb%2FQtwaB5qub17%2FDAeYxzvQSaw1h9zASyOf2jT4i1CgB3X9RkHtop%2BIto3JMNeW3qzY8ocnDmQX2Nm8G%2FZtJRoo4ROWDo61CRDIXCjzI6fJbcBByV51VEhnJjYrqjfNIFsnvdhb8Rpx%2BjCFXLbQfp3Lh3el2j3cW8krVXeFg6lE21MTKbdXl%2FbW%2BWyku6WJ1%2Fj0PnHX7fjH9ttj2Z%2FDD7yIo%2BonDYDOilJ%2FT%2BdsJ5utyFefFZeDYJ%2FAujw7aN3RBsa3MD1ieCQWUyWiAxK1Zs6waj9QC6NbbxvkUAYWxD3R5w9aV5ELBJjdcL6RXgDETxgEiM%2BFskV3uVE%2FzUJ5SOa0SKqWGj7yHX%2BNFNMM%2Bh6w%2FlMnlXIrPtAudbjs4mwuC7JsRW%2Fw%2BVSWS1PfE%2BO%2BQQJ2xXcNXpLyhISPfRpFNC9T%2BnRwFnkUa41LYpJaHEbPCZr9a%2BmAF8kudoBmZo1DlmwjCbYmKn7EA66TwAytsUzEW8b6wfk2jBZQHngUn8Qo8UsE1j8cAAgEQESXdzclHogJ7CWeD8Ue81ndNKCdIASoxRD2EaNAE24VKUKhkzEUXzVtD4MFX8afKD3d7uktHIARxDI0R%2BjCEuTBQ7iXoYK0qbk46Ob9iAtOfTHX5xOilNHj6oOHL9IkVUOvoWF8fDQGdH%2B1kqgq8vgkKpCUpK%2FxNHCc6PMqA6ZOngvnp%2Fl06QuU7HLz1G0%3D Page URL
https://2021.sagahaclub.live/web/?sid=t3~r0buinpvx5ufhik0crd1k42q HTTP 302
https://tecappcloud.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D HTTP 302
https://tecappcloud.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D Page URL
https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://adtrafico.atkr2.com/click?pid=46&offer_id=2&utm_campaign=2101 HTTP 302
https://gift-fortune.life/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99

Request Chain 4

https://2021.sagahaclub.live/web/?sid=t3~r0buinpvx5ufhik0crd1k42q HTTP 302
https://tecappcloud.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D HTTP 302
https://tecappcloud.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK revolvedpx.php Show response
www.es.gwafikera.com/ 4 KB
2 KB 350ms
242ms Document
text/html 109.234.161.105
O2SWITCH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.es.gwafikera.com/revolvedpx.php?utm_source=google&utm_campaign=gingerly/
Protocol: HTTP/1.1
Server: 109.234.161.105 , France, ASN50474 (O2SWITCH, FR),
Reverse DNS: 109-234-161-105.reverse.odns.fr
Software: o2switch-PowerBoost-v3 /
Resource Hash: d1463096f73ed95f8fa41f7439955b61966c4d5e55436d75975d732a9800c2ba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 20 Jan 2023 21:03:23 GMT
Expires: Fri, 20 Jan 2023 20:33:23 GMT
Last-Modified: Fri, 20 Jan 2023 20:03:23 GMT
Pragma: no-cache
Server: o2switch-PowerBoost-v3
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H/1.1

200
OK

/ Show response
gift-fortune.life/
Redirect Chain

https://adtrafico.atkr2.com/click?pid=46&offer_id=2&utm_campaign=2101
https://gift-fortune.life/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99

87 KB
88 KB

448ms
205ms

Document
text/html

176.123.1.44
ALEXHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://gift-fortune.life/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99
Requested by: Host: www.es.gwafikera.com
URL: http://www.es.gwafikera.com/revolvedpx.php?utm_source=google&utm_campaign=gingerly/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 176.123.1.44 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS: tds-proxy43-prod-alex.holacode.tech
Software: nginx /
Resource Hash: 74a8c58fd31287942df32e44ef07ba20b25d44211fc5ecd3377a46f0422a3ded

Request headers

Referer: http://www.es.gwafikera.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 89206
Content-Type: text/html
Date: Fri, 20 Jan 2023 21:03:25 GMT
Server: nginx
cache-control: private

Redirect headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 78cac1b6bcb469cb-MAD
content-length: 0
date: Fri, 20 Jan 2023 21:03:25 GMT
location: https://gift-fortune.life/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hZrAtngIM%2FczYrStA7yDP9ZQPVDKfbssdNIDI6ZEULi%2BLKfbGTBDbiUo6vz8zSaoF%2BOWG2okoaLnU3Vr2rayT4LlD%2Fto9y7n7P5Xabp7ThMrbjJFK78E2f3PU6Map1FoByPibD3NligNwQFpqNAaXFPj"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-adjust-use-original-forwarded-for: 1

GET
H/1.1 200
OK frame.html Show response
gift-fortune.life/media/mainstream/ Frame C49C 39 B
644 B 297ms
99ms Document
text/html 176.123.1.44
ALEXHOST

General

Check archive.org

Show headers Download Go to

Full URL

https://gift-fortune.life/media/mainstream/frame.html

Requested by

Host: gift-fortune.life
URL: https://gift-fortune.life/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

176.123.1.44 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),

Reverse DNS

tds-proxy43-prod-alex.holacode.tech

Software

nginx /

Resource Hash

a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gift-fortune.life/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=31536000 no-transform
Connection: keep-alive
Content-Length: 39
Content-Security-Policy: block-all-mixed-content
Content-Type: text/html
Date: Fri, 20 Jan 2023 21:03:26 GMT
ETag: "086707e4369f60afedcafb16050a7618"
Expires: Sat, 20 Jan 2024 21:03:26 GMT
Last-Modified: Wed, 31 Aug 2022 09:36:03 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin Accept-Encoding
X-Amz-Request-Id: 173C1ECAF486FF4A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK /
2021.sagahaclub.live/tqsrwedk/ 2 KB
2 KB 1371ms
118ms Document
text/html 141.94.19.38
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://2021.sagahaclub.live/tqsrwedk/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99&f=1&sid=t1~r0buinpvx5ufhik0crd1k42q&fp=K41uPQohlgKs2mWXQ4Fg8aLn%2BE6TgRbRFyIl06KrTHcMTc0Eyk9MJIR0knCtUCmHKM21WZLZUi0IJAtNq1XBYlNRcIE3tXX5x9DcoxyO%2BuwyjTFkfn4qxG1Sd935EcVxigyhRaubRAQZt%2FghI%2FN%2B3GaYlZGL1nwioNFOU8hydVMaLJGt6CEA7eUwmVGJ8Ln2HqvIytiorjq0ZxVzin%2FAFd5UYNCng7dpJvMB%2FDkQbhl2bIIijDXXRDaM3CUAjY9%2BhpHlwZgC2aZ0OOZDfKrM%2FQMOebF%2BjH5MPAXlhmOo4dh4Gtwih%2Fnfnjo9AcNLzaLTLfJFGbEIHSteulyYPO4u68LUTkdCd0GSgMAAPoQ%2FW4h5hfaRL8MzCS4dN%2Bj5zRw0sqieJbte%2BMI8Ghes4R1921TsEkOu3MqimF7hXaKMRa7qyNqanmMSx3YPDRVIgo0PvQpD0MLmVl7i7w6fP5mj2%2BgViH7G7TINTpI8qpsOwMPWUSgbPr5dH4dHBZ866yjwg3X1TfJB3Xnp4oRP1hIo2JUCAjf2g7RDSdy3%2BSGb87QCC08UpfJlo36sIXoeJLuz5dOZ6lwtdmDv68oh%2Bdx8%2FqMB1B3oxMHhTMwMVpcw8AWSJ78YjeHxXJgSjvGSMwD07AdQWudNAvYt5Jj5mWc7PDPZ8kUucRV95Rj5VV0TCUko291Adhv%2FbR6galFDUcueCSDC2%2FUELklbJ88r6lSQmoEftPmvn1KchJLpevR2q2TUpQpZVXgX7eBg4efFjkb5CBNBXE%2F5hWkth9rnaJKg2sFfODBwMte7rjSm4g36NVK5ZxmsTUuQMq3hc%2BB7XzS%2FAdE2EM42fu%2BHPbFI0GMXPXHrF61pGahW82CTN%2B%2FWdODnPCl6k%2Bqd2i8qX6DyYOdsOCupC5N6KpmB6q8dBoiaOsj0ex0GnL1L9M70mPjXe%2FNjDe%2BZuiKf1202AIHbZ1ilzQ2xxpCxb0JM7MEEOYL6JB2ytcBaOgvos5ASyMTs2rczzZzw%2BusALLZPrS9T93N7Od6OYq5kr2VWv8KTxsuhdBf2A7aky4oeewm6dxks4cNgDABpUQ375SXCUubhehwU49nT6lHoqJ6MPFdLFs0p1jlFdquFUi%2FqxqUFakfKmtkxXyLRi%2BHUwMR61eYmhxLm9tqsKQ5R%2By%2F88yUwZqAI5lw4szsjPUe4VY9xnGk5TIXGpW%2BpLcGQEzecffICs0lJV%2FBSxhkY2kn4eirrtelSqr%2BK4LWSAnYAp7Zxc2%2F9L8vMw6TlbwmiqhctYhVhtIzfAVTl%2BC9sdF44UaZW3vcBGj%2B1fAG8t05Kkcb%2FQtwaB5qub17%2FDAeYxzvQSaw1h9zASyOf2jT4i1CgB3X9RkHtop%2BIto3JMNeW3qzY8ocnDmQX2Nm8G%2FZtJRoo4ROWDo61CRDIXCjzI6fJbcBByV51VEhnJjYrqjfNIFsnvdhb8Rpx%2BjCFXLbQfp3Lh3el2j3cW8krVXeFg6lE21MTKbdXl%2FbW%2BWyku6WJ1%2Fj0PnHX7fjH9ttj2Z%2FDD7yIo%2BonDYDOilJ%2FT%2BdsJ5utyFefFZeDYJ%2FAujw7aN3RBsa3MD1ieCQWUyWiAxK1Zs6waj9QC6NbbxvkUAYWxD3R5w9aV5ELBJjdcL6RXgDETxgEiM%2BFskV3uVE%2FzUJ5SOa0SKqWGj7yHX%2BNFNMM%2Bh6w%2FlMnlXIrPtAudbjs4mwuC7JsRW%2Fw%2BVSWS1PfE%2BO%2BQQJ2xXcNXpLyhISPfRpFNC9T%2BnRwFnkUa41LYpJaHEbPCZr9a%2BmAF8kudoBmZo1DlmwjCbYmKn7EA66TwAytsUzEW8b6wfk2jBZQHngUn8Qo8UsE1j8cAAgEQESXdzclHogJ7CWeD8Ue81ndNKCdIASoxRD2EaNAE24VKUKhkzEUXzVtD4MFX8afKD3d7uktHIARxDI0R%2BjCEuTBQ7iXoYK0qbk46Ob9iAtOfTHX5xOilNHj6oOHL9IkVUOvoWF8fDQGdH%2B1kqgq8vgkKpCUpK%2FxNHCc6PMqA6ZOngvnp%2Fl06QuU7HLz1G0%3D
Requested by: Host: gift-fortune.life
URL: https://gift-fortune.life/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.94.19.38 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://gift-fortune.life/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 1585
Content-Type: text/html
Date: Fri, 20 Jan 2023 21:03:27 GMT
Server: nginx
cache-control: private

GET
H/1.1

200
OK

away.php
tecappcloud.com/
Redirect Chain

https://2021.sagahaclub.live/web/?sid=t3~r0buinpvx5ufhik0crd1k42q
https://tecappcloud.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
https://tecappcloud.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D

283 B
432 B

58ms
58ms

Document
text/html

45.77.230.212

General

Check archive.org

Show headers Download Go to

Full URL: https://tecappcloud.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Requested by: Host: 2021.sagahaclub.live
URL: https://2021.sagahaclub.live/tqsrwedk/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99&f=1&sid=t1~r0buinpvx5ufhik0crd1k42q&fp=K41uPQohlgKs2mWXQ4Fg8aLn%2BE6TgRbRFyIl06KrTHcMTc0Eyk9MJIR0knCtUCmHKM21WZLZUi0IJAtNq1XBYlNRcIE3tXX5x9DcoxyO%2BuwyjTFkfn4qxG1Sd935EcVxigyhRaubRAQZt%2FghI%2FN%2B3GaYlZGL1nwioNFOU8hydVMaLJGt6CEA7eUwmVGJ8Ln2HqvIytiorjq0ZxVzin%2FAFd5UYNCng7dpJvMB%2FDkQbhl2bIIijDXXRDaM3CUAjY9%2BhpHlwZgC2aZ0OOZDfKrM%2FQMOebF%2BjH5MPAXlhmOo4dh4Gtwih%2Fnfnjo9AcNLzaLTLfJFGbEIHSteulyYPO4u68LUTkdCd0GSgMAAPoQ%2FW4h5hfaRL8MzCS4dN%2Bj5zRw0sqieJbte%2BMI8Ghes4R1921TsEkOu3MqimF7hXaKMRa7qyNqanmMSx3YPDRVIgo0PvQpD0MLmVl7i7w6fP5mj2%2BgViH7G7TINTpI8qpsOwMPWUSgbPr5dH4dHBZ866yjwg3X1TfJB3Xnp4oRP1hIo2JUCAjf2g7RDSdy3%2BSGb87QCC08UpfJlo36sIXoeJLuz5dOZ6lwtdmDv68oh%2Bdx8%2FqMB1B3oxMHhTMwMVpcw8AWSJ78YjeHxXJgSjvGSMwD07AdQWudNAvYt5Jj5mWc7PDPZ8kUucRV95Rj5VV0TCUko291Adhv%2FbR6galFDUcueCSDC2%2FUELklbJ88r6lSQmoEftPmvn1KchJLpevR2q2TUpQpZVXgX7eBg4efFjkb5CBNBXE%2F5hWkth9rnaJKg2sFfODBwMte7rjSm4g36NVK5ZxmsTUuQMq3hc%2BB7XzS%2FAdE2EM42fu%2BHPbFI0GMXPXHrF61pGahW82CTN%2B%2FWdODnPCl6k%2Bqd2i8qX6DyYOdsOCupC5N6KpmB6q8dBoiaOsj0ex0GnL1L9M70mPjXe%2FNjDe%2BZuiKf1202AIHbZ1ilzQ2xxpCxb0JM7MEEOYL6JB2ytcBaOgvos5ASyMTs2rczzZzw%2BusALLZPrS9T93N7Od6OYq5kr2VWv8KTxsuhdBf2A7aky4oeewm6dxks4cNgDABpUQ375SXCUubhehwU49nT6lHoqJ6MPFdLFs0p1jlFdquFUi%2FqxqUFakfKmtkxXyLRi%2BHUwMR61eYmhxLm9tqsKQ5R%2By%2F88yUwZqAI5lw4szsjPUe4VY9xnGk5TIXGpW%2BpLcGQEzecffICs0lJV%2FBSxhkY2kn4eirrtelSqr%2BK4LWSAnYAp7Zxc2%2F9L8vMw6TlbwmiqhctYhVhtIzfAVTl%2BC9sdF44UaZW3vcBGj%2B1fAG8t05Kkcb%2FQtwaB5qub17%2FDAeYxzvQSaw1h9zASyOf2jT4i1CgB3X9RkHtop%2BIto3JMNeW3qzY8ocnDmQX2Nm8G%2FZtJRoo4ROWDo61CRDIXCjzI6fJbcBByV51VEhnJjYrqjfNIFsnvdhb8Rpx%2BjCFXLbQfp3Lh3el2j3cW8krVXeFg6lE21MTKbdXl%2FbW%2BWyku6WJ1%2Fj0PnHX7fjH9ttj2Z%2FDD7yIo%2BonDYDOilJ%2FT%2BdsJ5utyFefFZeDYJ%2FAujw7aN3RBsa3MD1ieCQWUyWiAxK1Zs6waj9QC6NbbxvkUAYWxD3R5w9aV5ELBJjdcL6RXgDETxgEiM%2BFskV3uVE%2FzUJ5SOa0SKqWGj7yHX%2BNFNMM%2Bh6w%2FlMnlXIrPtAudbjs4mwuC7JsRW%2Fw%2BVSWS1PfE%2BO%2BQQJ2xXcNXpLyhISPfRpFNC9T%2BnRwFnkUa41LYpJaHEbPCZr9a%2BmAF8kudoBmZo1DlmwjCbYmKn7EA66TwAytsUzEW8b6wfk2jBZQHngUn8Qo8UsE1j8cAAgEQESXdzclHogJ7CWeD8Ue81ndNKCdIASoxRD2EaNAE24VKUKhkzEUXzVtD4MFX8afKD3d7uktHIARxDI0R%2BjCEuTBQ7iXoYK0qbk46Ob9iAtOfTHX5xOilNHj6oOHL9IkVUOvoWF8fDQGdH%2B1kqgq8vgkKpCUpK%2FxNHCc6PMqA6ZOngvnp%2Fl06QuU7HLz1G0%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.77.230.212 -, , ASN (),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://2021.sagahaclub.live/tqsrwedk/?u=5nv8wwr&o=gkuk9ze&t=46&cid=63cb019de79eb00001bcbe99&f=1&sid=t1~r0buinpvx5ufhik0crd1k42q&fp=K41uPQohlgKs2mWXQ4Fg8aLn%2BE6TgRbRFyIl06KrTHcMTc0Eyk9MJIR0knCtUCmHKM21WZLZUi0IJAtNq1XBYlNRcIE3tXX5x9DcoxyO%2BuwyjTFkfn4qxG1Sd935EcVxigyhRaubRAQZt%2FghI%2FN%2B3GaYlZGL1nwioNFOU8hydVMaLJGt6CEA7eUwmVGJ8Ln2HqvIytiorjq0ZxVzin%2FAFd5UYNCng7dpJvMB%2FDkQbhl2bIIijDXXRDaM3CUAjY9%2BhpHlwZgC2aZ0OOZDfKrM%2FQMOebF%2BjH5MPAXlhmOo4dh4Gtwih%2Fnfnjo9AcNLzaLTLfJFGbEIHSteulyYPO4u68LUTkdCd0GSgMAAPoQ%2FW4h5hfaRL8MzCS4dN%2Bj5zRw0sqieJbte%2BMI8Ghes4R1921TsEkOu3MqimF7hXaKMRa7qyNqanmMSx3YPDRVIgo0PvQpD0MLmVl7i7w6fP5mj2%2BgViH7G7TINTpI8qpsOwMPWUSgbPr5dH4dHBZ866yjwg3X1TfJB3Xnp4oRP1hIo2JUCAjf2g7RDSdy3%2BSGb87QCC08UpfJlo36sIXoeJLuz5dOZ6lwtdmDv68oh%2Bdx8%2FqMB1B3oxMHhTMwMVpcw8AWSJ78YjeHxXJgSjvGSMwD07AdQWudNAvYt5Jj5mWc7PDPZ8kUucRV95Rj5VV0TCUko291Adhv%2FbR6galFDUcueCSDC2%2FUELklbJ88r6lSQmoEftPmvn1KchJLpevR2q2TUpQpZVXgX7eBg4efFjkb5CBNBXE%2F5hWkth9rnaJKg2sFfODBwMte7rjSm4g36NVK5ZxmsTUuQMq3hc%2BB7XzS%2FAdE2EM42fu%2BHPbFI0GMXPXHrF61pGahW82CTN%2B%2FWdODnPCl6k%2Bqd2i8qX6DyYOdsOCupC5N6KpmB6q8dBoiaOsj0ex0GnL1L9M70mPjXe%2FNjDe%2BZuiKf1202AIHbZ1ilzQ2xxpCxb0JM7MEEOYL6JB2ytcBaOgvos5ASyMTs2rczzZzw%2BusALLZPrS9T93N7Od6OYq5kr2VWv8KTxsuhdBf2A7aky4oeewm6dxks4cNgDABpUQ375SXCUubhehwU49nT6lHoqJ6MPFdLFs0p1jlFdquFUi%2FqxqUFakfKmtkxXyLRi%2BHUwMR61eYmhxLm9tqsKQ5R%2By%2F88yUwZqAI5lw4szsjPUe4VY9xnGk5TIXGpW%2BpLcGQEzecffICs0lJV%2FBSxhkY2kn4eirrtelSqr%2BK4LWSAnYAp7Zxc2%2F9L8vMw6TlbwmiqhctYhVhtIzfAVTl%2BC9sdF44UaZW3vcBGj%2B1fAG8t05Kkcb%2FQtwaB5qub17%2FDAeYxzvQSaw1h9zASyOf2jT4i1CgB3X9RkHtop%2BIto3JMNeW3qzY8ocnDmQX2Nm8G%2FZtJRoo4ROWDo61CRDIXCjzI6fJbcBByV51VEhnJjYrqjfNIFsnvdhb8Rpx%2BjCFXLbQfp3Lh3el2j3cW8krVXeFg6lE21MTKbdXl%2FbW%2BWyku6WJ1%2Fj0PnHX7fjH9ttj2Z%2FDD7yIo%2BonDYDOilJ%2FT%2BdsJ5utyFefFZeDYJ%2FAujw7aN3RBsa3MD1ieCQWUyWiAxK1Zs6waj9QC6NbbxvkUAYWxD3R5w9aV5ELBJjdcL6RXgDETxgEiM%2BFskV3uVE%2FzUJ5SOa0SKqWGj7yHX%2BNFNMM%2Bh6w%2FlMnlXIrPtAudbjs4mwuC7JsRW%2Fw%2BVSWS1PfE%2BO%2BQQJ2xXcNXpLyhISPfRpFNC9T%2BnRwFnkUa41LYpJaHEbPCZr9a%2BmAF8kudoBmZo1DlmwjCbYmKn7EA66TwAytsUzEW8b6wfk2jBZQHngUn8Qo8UsE1j8cAAgEQESXdzclHogJ7CWeD8Ue81ndNKCdIASoxRD2EaNAE24VKUKhkzEUXzVtD4MFX8afKD3d7uktHIARxDI0R%2BjCEuTBQ7iXoYK0qbk46Ob9iAtOfTHX5xOilNHj6oOHL9IkVUOvoWF8fDQGdH%2B1kqgq8vgkKpCUpK%2FxNHCc6PMqA6ZOngvnp%2Fl06QuU7HLz1G0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 20 Jan 2023 21:03:28 GMT
Server: openresty
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 20 Jan 2023 21:03:28 GMT
Location: /away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Server: openresty
Transfer-Encoding: chunked

GET
H2 200 Primary Request details
play.google.com/store/apps/ 303 KB
0 309ms
137ms Document
text/html 2a00:1450:4001:812::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US

Requested by

Host: tecappcloud.com
URL: https://tecappcloud.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GoN0d0azOWbff6uFkzxHOQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googletagmanager.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-GoN0d0azOWbff6uFkzxHOQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googletagmanager.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-site
date: Fri, 20 Jan 2023 21:03:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 0

POST cspreport
play.google.com/_/PlayStoreUi/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: play.google.com
URL: https://play.google.com/_/PlayStoreUi/cspreport

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
adtrafico.atkr2.com/	1970-01-20 17:49:44	Name: afclick Value: 63cb019de79eb00001bcbe99
adtrafico.atkr2.com/	1970-01-20 17:49:44	Name: afoffers Value: {"2":1674248605}
gift-fortune.life/	1969-12-31 23:59:59	Name: sid Value: t1~r0buinpvx5ufhik0crd1k42q
gift-fortune.life/	1969-12-31 23:59:59	Name: p1 Value: https://sagahaclub.live/tqsrwedk/
gift-fortune.life/	1969-12-31 23:59:59	Name: s1 Value: gr1wfak5eihvqjvt

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2021.sagahaclub.live
adtrafico.atkr2.com
gift-fortune.life
play.google.com
tecappcloud.com
www.es.gwafikera.com
play.google.com
109.234.161.105
141.94.19.38
176.123.1.44
2606:4700:3037::6815:5398
2a00:1450:4001:812::200e
45.77.230.212
74a8c58fd31287942df32e44ef07ba20b25d44211fc5ecd3377a46f0422a3ded
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
d1463096f73ed95f8fa41f7439955b61966c4d5e55436d75975d732a9800c2ba

play.google.com Open in urlscan Pro 2a00:1450:4001:812::200e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

71 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

6 IPs

3 Countries

92 kBTransfer

396 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

5 Cookies

1 Console Messages

Indicators

play.google.com Open in urlscan Pro
2a00:1450:4001:812::200e Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

92 kB
Transfer

396 kB
Size

5
Cookies

7 HTTP transactions
0 data transactions