urlscan.io logo urlscan.io
SecurityTrails logo

www.kaitlynspastgame.win Open in urlscan Pro
184.164.128.179  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.kaitlynspastgame.win/?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&o=edtlh...
Effective URL: http://www.kaitlynspastgame.win/globaloffer.html?x-global
Submission: On December 04 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 8 domains to perform 20 HTTP transactions. The main IP is 184.164.128.179, located in Tempe, United States and belongs to SSASN2 - SECURED SERVERS LLC, US. The main domain is www.kaitlynspastgame.win.
This is the only time www.kaitlynspastgame.win was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 6 184.164.128.179 20454 (SSASN2)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.196.13.28 14618 (AMAZON-AES)
1 198.143.165.220 32475 (SINGLEHOP...)
2 35.157.234.193 16509 (AMAZON-02)
3 52.29.210.16 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
20 9
6    184.164.128.179 (Tempe, United States)

ASN20454 (SSASN2 - SECURED SERVERS LLC, US)
www.kaitlynspastgame.win
1    2a00:1450:4001:81d::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
1    34.196.13.28 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-196-13-28.compute-1.amazonaws.com
saturndiscovery.com
1    198.143.165.220 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC - SingleHop, Inc., US)
PTR: server04.com-2.mobi
affrdr.traceyforluck.win
2    35.157.234.193 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-234-193.eu-central-1.compute.amazonaws.com
questionfly.com
3    52.29.210.16 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-210-16.eu-central-1.compute.amazonaws.com
panelsave.com
1    2a00:1450:4001:814::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    2a00:1450:4001:818::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.gstatic.com
Domain Requested by
6 www.kaitlynspastgame.win 2 redirects www.kaitlynspastgame.win
3 panelsave.com panelsave.com
2 questionfly.com questionfly.com
1 www.gstatic.com www.google.com
1 www.google.com panelsave.com
www.gstatic.com
1 affrdr.traceyforluck.win
1 saturndiscovery.com www.kaitlynspastgame.win
1 ajax.googleapis.com www.kaitlynspastgame.win
20 8

This site contains no links.

Subject Issuer Validity Valid
smartcampaign.site
COMODO RSA Domain Validation Secure Server CA		 2017-06-28 -
2018-05-11		 10 months crt.sh
landerdelivery.com
COMODO RSA Domain Validation Secure Server CA		 2017-10-11 -
2018-02-14		 4 months crt.sh
www.google.com
Google Internet Authority G2		 2017-11-16 -
2018-02-08		 3 months crt.sh
*.google.com
Google Internet Authority G2		 2017-11-16 -
2018-02-08		 3 months crt.sh

This page contains 7 frames:

Frame: http://saturndiscovery.com/?subid=x-global
Frame ID: 26985.1
Requests: 6 HTTP requests in this frame

Frame: http://affrdr.traceyforluck.win/?utm_term=6495483761373744728&clickverify=1
Frame ID: 27008.1
Requests: 2 HTTP requests in this frame

Frame: https://questionfly.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?pubid=stw&subid=6495483761373744728
Frame ID: 27025.1
Requests: 2 HTTP requests in this frame

Frame: https://panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/
Frame ID: 27041.1
Requests: 3 HTTP requests in this frame

Frame: https://panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/
Frame ID: 27068.1
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&co=aHR0cHM6Ly9wYW5lbHNhdmUuY29tOjQ0Mw..&hl=en&type=image&v=r20171129143447&theme=light&size=normal&cb=rlbcehk94q2a
Frame ID: 27068.2
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=r20171129143447&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6
Frame ID: 27068.3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.kaitlynspastgame.win/?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1... HTTP 302
    http://www.kaitlynspastgame.win/week.php?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i... HTTP 302
    http://www.kaitlynspastgame.win/week.cgi?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i... Page URL
  2. http://www.kaitlynspastgame.win/globaloffer.html?x-global Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

20
Requests

35 %
HTTPS

38 %
IPv6

8
Domains

8
Subdomains

9
IPs

3
Countries

285 kB
Transfer

508 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.kaitlynspastgame.win/?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&o=edtlhealam&s=romco014&p=week&f=0&r=hzoesiepeezh HTTP 302
    http://www.kaitlynspastgame.win/week.php?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&edtlhealam&romco014 HTTP 302
    http://www.kaitlynspastgame.win/week.cgi?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&edtlhealam&romco014 Page URL
  2. http://www.kaitlynspastgame.win/globaloffer.html?x-global Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.kaitlynspastgame.win/?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&o=edtlhealam&s=romco014&p=week&f=0&r=hzoesiepeezh HTTP 302
  • http://www.kaitlynspastgame.win/week.php?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&edtlhealam&romco014 HTTP 302
  • http://www.kaitlynspastgame.win/week.cgi?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&edtlhealam&romco014
Request Chain 6
  • http://broachandpignut.com/?k=08ecd919bd686d6472167ef017530663.1512347665.460.2.1.c2F0dXJuZGlzY292ZXJ5LmNvbQ%3D%3D&subid=x-global&r=&z=0 HTTP 302
  • http://affrdr.traceyforluck.win/?utm_medium=d057b88f7dc15712abce407a19f32d5785f1385b&utm_campaign=TD1&1=1703&2=s6169118&cid={clickid} HTTP 302
  • http://affrdr.traceyforluck.win/?utm_term=6495483761373744728&clickverify=1
Request Chain 8
  • http://affrdr.traceyforluck.win/proc.php?61ffb67704e8f2d20fa750792857303ea8302726 HTTP 302
  • https://questionfly.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?pubid=stw&subid=6495483761373744728

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set week.cgi
www.kaitlynspastgame.win/
Redirect Chain
  • http://www.kaitlynspastgame.win/?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&o=edtlhealam&s=romco014&p=week&f=0&r=hzoesiepeezh
  • http://www.kaitlynspastgame.win/week.php?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&edtlhealam&romco014
  • http://www.kaitlynspastgame.win/week.cgi?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&edtlhealam&romco014
902 B
909 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.kaitlynspastgame.win/week.cgi?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&edtlhealam&romco014
Protocol
HTTP/1.1
Server
184.164.128.179 Tempe, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US),
Reverse DNS
Software
Apache/2.2.3 (CentOS) /
Resource Hash
2b89944fb3cda29096e0e897775cdc96add92d40bc9b176c9e67fc278be115bd

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.kaitlynspastgame.win
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Set-Cookie
edtlhealam=1512347662; path=/;
Date
Mon, 04 Dec 2017 00:34:21 GMT
Server
Apache/2.2.3 (CentOS)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=998
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 04 Dec 2017 00:34:21 GMT
Server
Apache/2.2.3 (CentOS)
X-Powered-By
PHP/5.3.3
Content-Type
text/html; charset=UTF-8
Location
http://www.kaitlynspastgame.win/week.cgi?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&edtlhealam&romco014
Connection
Keep-Alive
Keep-Alive
timeout=5, max=999
Content-Length
0
Primary Request globaloffer.html
www.kaitlynspastgame.win/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.kaitlynspastgame.win/globaloffer.html?x-global
Requested by
Host: www.kaitlynspastgame.win
URL: http://www.kaitlynspastgame.win/week.cgi?a=ZERkS01WSWxaMlZ2Y21kbExtZHBaWE5sSVdobGQybDBkQzVqYjIwbGVYcFdVRVk&i=TVRVeE1qTXpOalE0T0E&edtlhealam&romco014
Protocol
HTTP/1.1
Server
184.164.128.179 Tempe, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US),
Reverse DNS
Software
Apache/2.2.3 (CentOS) / PHP/5.3.3
Resource Hash
013ee3f53259b95b4ed9d350b907d78cbf8cab6c85a02a20d7c63289a8ecdd45

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.kaitlynspastgame.win
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Cookie
edtlhealam=1512347662
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Mon, 04 Dec 2017 00:34:23 GMT
Server
Apache/2.2.3 (CentOS)
Connection
Keep-Alive
X-Powered-By
PHP/5.3.3
Content-Length
2321
Keep-Alive
timeout=5, max=997
Content-Type
text/html; charset=UTF-8
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ 		91 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
Requested by
Host: www.kaitlynspastgame.win
URL: http://www.kaitlynspastgame.win/globaloffer.html?x-global
Protocol
HTTP/1.1
Server
2a00:1450:4001:81d::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Pragma
no-cache
Connection
keep-alive
Accept-Encoding
gzip, deflate
Host
ajax.googleapis.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Thu, 09 Nov 2017 21:08:17 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
2085966
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
32954
X-XSS-Protection
1; mode=block
Expires
Fri, 09 Nov 2018 21:08:17 GMT
de.gif
www.kaitlynspastgame.win/geoip/flags/ 		362 B
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.kaitlynspastgame.win/geoip/flags/de.gif
Requested by
Host: www.kaitlynspastgame.win
URL: http://www.kaitlynspastgame.win/globaloffer.html?x-global
Protocol
HTTP/1.1
Server
184.164.128.179 Tempe, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US),
Reverse DNS
Software
Apache/2.2.3 (CentOS) /
Resource Hash
4ac4ccd6f0702c91e9251cb2b4bcbfd5854f6cb1d274dd2623f42e38ef7532d5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.kaitlynspastgame.win
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Cache-Control
no-cache
Cookie
edtlhealam=1512347662
Connection
keep-alive
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Mon, 04 Dec 2017 00:34:23 GMT
Last-Modified
Sun, 20 Jan 2013 05:12:38 GMT
Server
Apache/2.2.3 (CentOS)
ETag
"51e0072-16a-4d3b164a43d80"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=996
Content-Length
362
loading.gif
www.kaitlynspastgame.win/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.kaitlynspastgame.win/loading.gif
Requested by
Host: www.kaitlynspastgame.win
URL: http://www.kaitlynspastgame.win/globaloffer.html?x-global
Protocol
HTTP/1.1
Server
184.164.128.179 Tempe, United States, ASN20454 (SSASN2 - SECURED SERVERS LLC, US),
Reverse DNS
Software
Apache/2.2.3 (CentOS) /
Resource Hash
9db27f3f93ca9ea3e6a2e21698aab0044f28b303d43164230b6a15d1aae4d7a1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.kaitlynspastgame.win
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Cache-Control
no-cache
Cookie
edtlhealam=1512347662
Connection
keep-alive
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Mon, 04 Dec 2017 00:34:23 GMT
Last-Modified
Tue, 05 Mar 2013 08:57:27 GMT
Server
Apache/2.2.3 (CentOS)
ETag
"518039c-e75-4d729a9aa8bc0"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=995
Content-Length
3701
/
saturndiscovery.com/ 		0
0
/
saturndiscovery.com/ Frame 2700 		964 B
964 B 		Document
General
Check archive.org
Download Go to
Full URL
http://saturndiscovery.com/?subid=x-global
Protocol
HTTP/1.1
Server
34.196.13.28 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-196-13-28.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2e04954fb8b4327676dcb8617ae2a6ac8e25ecf767405030908e0d63073df3bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
saturndiscovery.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2017 00:34:25 GMT
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
text/html
Connection
close
Content-Length
964
Expires
Mon, 31 Dec 2001 23:59:59 GMT
/
affrdr.traceyforluck.win/ Frame 2700
Redirect Chain
  • http://broachandpignut.com/?k=08ecd919bd686d6472167ef017530663.1512347665.460.2.1.c2F0dXJuZGlzY292ZXJ5LmNvbQ%3D%3D&subid=x-global&r=&z=0
  • http://affrdr.traceyforluck.win/?utm_medium=d057b88f7dc15712abce407a19f32d5785f1385b&utm_campaign=TD1&1=1703&2=s6169118&cid={clickid}
  • http://affrdr.traceyforluck.win/?utm_term=6495483761373744728&clickverify=1
0
0
/
affrdr.traceyforluck.win/ Frame 2702 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://affrdr.traceyforluck.win/?utm_term=6495483761373744728&clickverify=1
Protocol
HTTP/1.1
Server
198.143.165.220 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop, Inc., US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
f2e3ca4ccc079c7b7f04418a2ecb052efec5f56c6458a6588f298ee371974ef4

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
affrdr.traceyforluck.win
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Cookie
u=e2b358ce7c8981fbb3e9dc04fbc3fe12
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2017 00:34:26 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:00 GMT
5a37c8ad-f104-11e5-9f1f-0626cc8adced
questionfly.com/c/ Frame 2702
Redirect Chain
  • http://affrdr.traceyforluck.win/proc.php?61ffb67704e8f2d20fa750792857303ea8302726
  • https://questionfly.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?pubid=stw&subid=6495483761373744728
0
0
Cookie set 5a37c8ad-f104-11e5-9f1f-0626cc8adced
questionfly.com/c/ Frame 2704 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://questionfly.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?pubid=stw&subid=6495483761373744728
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.157.234.193 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-157-234-193.eu-central-1.compute.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
99e5e76b409770610c5a74909af9f7591ea322821e9186594ff8bb6e8fc4a049

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
questionfly.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://affrdr.traceyforluck.win/?utm_term=6495483761373744728&clickverify=1
Connection
keep-alive
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Referer
http://affrdr.traceyforluck.win/?utm_term=6495483761373744728&clickverify=1#
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Mon, 04 Dec 2017 00:34:26 GMT
Content-Encoding
gzip
X-Client-Addr
148.251.45.254
Server
nginx/1.12.2
Vary
Accept-Encoding Accept-Encoding
Content-Type
text/html; charset=UTF-8
Set-Cookie
_s=e1c7b306-d88a-11e7-a872-01470cc40fca; expires=Thu, 14-Dec-2017 00:34:26 GMT; Max-Age=864000; path=/; HttpOnly
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
keep-alive
/
questionfly.com/v/e1c7fe10-d88a-11e7-bc3e-01470cc40fba/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/ Frame 2704 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://questionfly.com/v/e1c7fe10-d88a-11e7-bc3e-01470cc40fba/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/?pubid=stw&subid=6495483761373744728&_i=1&_s=e1c7b306-d88a-11e7-a872-01470cc40fca&_r=affrdr.traceyforluck.win&_n=&_d=6|0|0|0|1|1|||1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|68|1|1|o:8,min:18,gl:0,font:31,t:68|u|lum0y,6nq96o,0|en-US|Linux%20x86_64|d41d8cd98f00b204e9800998ecf8427e|20030107|5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_12_6)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/61.0.3163.100%20Safari/537.36|0|8|148.251.45.170|u|0|u|u|u|u|u|u|0_0_0_0_1_1_1_0|1|u
Requested by
Host: questionfly.com
URL: https://questionfly.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?pubid=stw&subid=6495483761373744728
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.157.234.193 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-157-234-193.eu-central-1.compute.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
questionfly.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Cookie
_s=e1c7b306-d88a-11e7-a872-01470cc40fca
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Mon, 04 Dec 2017 00:34:26 GMT
Content-Encoding
gzip
X-Client-Addr
148.251.45.254
Server
nginx/1.12.2
Vary
Accept-Encoding Accept-Encoding
Content-Type
text/html;charset=utf-8
Cache-Control
no-cache
Refresh
0;url=https://panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/
Connection
keep-alive
Transfer-Encoding
chunked
/
panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/ Frame 2704 		0
0
/
panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/ Frame 2706 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.29.210.16 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-29-210-16.eu-central-1.compute.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
d89ad6a7dd92a55cd6a585b268e19d2a9f2e65ec025a4a4e05bf6bc51e83f2c5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
panelsave.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://questionfly.com/v/e1c7fe10-d88a-11e7-bc3e-01470cc40fba/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/?pubid=stw&subid=6495483761373744728&_i=1&_s=e1c7b306-d88a-11e7-a872-01470cc40fca&_r=affrdr.traceyforluck.win&_n=&_d=6|0|0|0|1|1|||1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|68|1|1|o:8,min:18,gl:0,font:31,t:68|u|lum0y,6nq96o,0|en-US|Linux%20x86_64|d41d8cd98f00b204e9800998ecf8427e|20030107|5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_12_6)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/61.0.3163.100%20Safari/537.36|0|8|148.251.45.170|u|0|u|u|u|u|u|u|0_0_0_0_1_1_1_0|1|u
Connection
keep-alive
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Referer
https://questionfly.com/v/e1c7fe10-d88a-11e7-bc3e-01470cc40fba/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/?pubid=stw&subid=6495483761373744728&_i=1&_s=e1c7b306-d88a-11e7-a872-01470cc40fca&_r=affrdr.traceyforluck.win&_n=&_d=6|0|0|0|1|1|||1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|68|1|1|o:8,min:18,gl:0,font:31,t:68|u|lum0y,6nq96o,0|en-US|Linux%20x86_64|d41d8cd98f00b204e9800998ecf8427e|20030107|5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_12_6)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/61.0.3163.100%20Safari/537.36|0|8|148.251.45.170|u|0|u|u|u|u|u|u|0_0_0_0_1_1_1_0|1|u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Mon, 04 Dec 2017 00:34:26 GMT
Content-Encoding
gzip
X-Client-Addr
148.251.45.254
Server
nginx/1.12.2
Vary
Accept-Encoding Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
keep-alive
index.css
panelsave.com/static/8c579bd6-2433-11e6-9af1-02401b02a2b5/ Frame 2706 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://panelsave.com/static/8c579bd6-2433-11e6-9af1-02401b02a2b5/index.css
Requested by
Host: panelsave.com
URL: https://panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.29.210.16 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-29-210-16.eu-central-1.compute.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
12ef32ce1980a396abcf82a7009904319aa65bcfd8c5a6a8ccfc2a1ba006217d

Request headers

Accept
text/css,*/*;q=0.1
Pragma
no-cache
Connection
keep-alive
Accept-Encoding
gzip, deflate
Host
panelsave.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Mon, 04 Dec 2017 00:34:26 GMT
Last-Modified
Mon, 04 Dec 2017 00:34:08 GMT
Server
nginx/1.12.2
ETag
"5a249800-a7e"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2686
imag.png
panelsave.com/static/8c579bd6-2433-11e6-9af1-02401b02a2b5/ Frame 2706 		161 KB
161 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://panelsave.com/static/8c579bd6-2433-11e6-9af1-02401b02a2b5/imag.png
Requested by
Host: panelsave.com
URL: https://panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.29.210.16 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-29-210-16.eu-central-1.compute.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
d4d4c5cc56227940ffb87681bb39a43983adad7f5103167731e496ceea808b17

Request headers

Accept
image/webp,image/apng,image/*,*/*;q=0.8
Pragma
no-cache
Connection
keep-alive
Accept-Encoding
gzip, deflate
Host
panelsave.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

Date
Mon, 04 Dec 2017 00:34:26 GMT
Last-Modified
Mon, 04 Dec 2017 00:34:09 GMT
Server
nginx/1.12.2
ETag
"5a249801-284fc"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
165116
api.js
www.google.com/recaptcha/ Frame 2706 		805 B
446 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Requested by
Host: panelsave.com
URL: https://panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:814::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
b992e76c844912efcf8277dfcda6affe7b519f078eb233f8a652c1bc19eb3b0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/recaptcha/api.js?onload=onloadCallback&render=explicit
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.google.com
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

date
Mon, 04 Dec 2017 00:34:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
428
x-xss-protection
1; mode=block
expires
Mon, 04 Dec 2017 00:34:26 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/api2/r20171129143447/ Frame 2706 		220 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/api2/r20171129143447/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:818::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
de0ec2e2369f12b72cc8662e83f5b199c92b145df173be7a1ad7554648459d46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/recaptcha/api2/r20171129143447/recaptcha__en.js
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.gstatic.com
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Response headers

date
Thu, 30 Nov 2017 20:51:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Nov 2017 01:15:00 GMT
server
sffe
age
272548
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
71891
x-xss-protection
1; mode=block
expires
Fri, 30 Nov 2018 20:51:58 GMT
anchor
www.google.com/recaptcha/api2/ Frame 2706 		0
0
bframe
www.google.com/recaptcha/api2/ Frame 2706 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
saturndiscovery.com
URL
http://saturndiscovery.com/?subid=x-global
Domain
affrdr.traceyforluck.win
URL
http://affrdr.traceyforluck.win/?utm_term=6495483761373744728&clickverify=1
Domain
questionfly.com
URL
https://questionfly.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?pubid=stw&subid=6495483761373744728
Domain
panelsave.com
URL
https://panelsave.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/e1d88884-d88a-11e7-b6c8-114630b4cf9a/
Domain
www.google.com
URL
https://www.google.com/recaptcha/api2/anchor?k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&co=aHR0cHM6Ly9wYW5lbHNhdmUuY29tOjQ0Mw..&hl=en&type=image&v=r20171129143447&theme=light&size=normal&cb=rlbcehk94q2a
Domain
www.google.com
URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=r20171129143447&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| verifyCallback number| widgetId1 function| onloadCallback function| showCaptcha function| hideCaptcha function| getRecaptchaUrl function| onCaptchaResolved function| gotoFinalLocation function| beforeCaptchaRender function| afterCaptchaRender object| ___grecaptcha_cfg boolean| __google_recaptcha_client object| recaptcha object| grecaptcha object| closure_lm_224015

0 Cookies