urlscan.io logo urlscan.io
SecurityTrails logo

firte-et-baise.com Open in urlscan Pro
52.58.198.163  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://helenwhite.su/
Effective URL: https://firte-et-baise.com/tds/cpa?tdsId=p5781zad_r&tds_campaign=p5781zad&utm_source=int&utm_campaign=04f3571a&utm_content=...
Submission: On March 26 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 2 HTTP transactions. The main IP is 52.58.198.163, located in Frankfurt, Germany and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is firte-et-baise.com.
TLS certificate: Issued by Amazon on July 3rd 2018. Valid for: a year.
This is the only time firte-et-baise.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 47.254.145.114 45102 (CNNIC-ALI...)
1 52.58.198.163 16509 (AMAZON-02)
2 2
Apex Domain
Subdomains		 Transfer
1 firte-et-baise.com
firte-et-baise.com
562 B
1 mysweetgirls.su
mysweetgirls.su
540 B
1 helenwhite.su
helenwhite.su
441 B
2 3
Domain Requested by
1 firte-et-baise.com
1 mysweetgirls.su 1 redirects
1 helenwhite.su
2 3

This site contains no links.

Subject Issuer Validity Valid
firte-et-baise.com
Amazon		 2018-07-03 -
2019-08-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://firte-et-baise.com/tds/cpa?tdsId=p5781zad_r&tds_campaign=p5781zad&utm_source=int&utm_campaign=04f3571a&utm_content={utm_content}&data2={data2}&utm_sub=opnfnl&m=ps
Frame ID: B976A1B8749860D45AD6611AF182BDB5
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://helenwhite.su/ Page URL
  2. http://mysweetgirls.su/z/defr HTTP 302
    https://firte-et-baise.com/tds/cpa?tdsId=p5781zad_r&tds_campaign=p5781zad&utm_source=int&utm_campaign=0... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Debian/i
Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

1 kB
Transfer

0 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://helenwhite.su/ Page URL
  2. http://mysweetgirls.su/z/defr HTTP 302
    https://firte-et-baise.com/tds/cpa?tdsId=p5781zad_r&tds_campaign=p5781zad&utm_source=int&utm_campaign=04f3571a&utm_content={utm_content}&data2={data2}&utm_sub=opnfnl&m=ps Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
helenwhite.su/ 		140 B
441 B 		Document
General
Check archive.org
Download Go to
Full URL
http://helenwhite.su/
Protocol
HTTP/1.1
Server
47.254.145.114 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
Apache/2.4.25 (Debian) OpenSSL/1.0.2r /
Resource Hash

Request headers

Host
helenwhite.su
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 26 Mar 2019 14:11:12 GMT
Server
Apache/2.4.25 (Debian) OpenSSL/1.0.2r
Last-Modified
Sun, 24 Mar 2019 21:41:13 GMT
ETag
"8c-584ddf2743bdb-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
127
Connection
close
Content-Type
text/html
Primary Request cpa
firte-et-baise.com/tds/
Redirect Chain
  • http://mysweetgirls.su/z/defr
  • https://firte-et-baise.com/tds/cpa?tdsId=p5781zad_r&tds_campaign=p5781zad&utm_source=int&utm_campaign=04f3571a&utm_content={utm_content}&data2={data2}&utm_sub=opnfnl&m=ps
9 B
562 B 		Document
General
Check archive.org
Download Go to
Full URL
https://firte-et-baise.com/tds/cpa?tdsId=p5781zad_r&tds_campaign=p5781zad&utm_source=int&utm_campaign=04f3571a&utm_content={utm_content}&data2={data2}&utm_sub=opnfnl&m=ps
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.198.163 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-58-198-163.eu-central-1.compute.amazonaws.com
Software
nginx / Express
Resource Hash
e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31

Request headers

:method
GET
:authority
firte-et-baise.com
:scheme
https
:path
/tds/cpa?tdsId=p5781zad_r&tds_campaign=p5781zad&utm_source=int&utm_campaign=04f3571a&utm_content={utm_content}&data2={data2}&utm_sub=opnfnl&m=ps
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://helenwhite.su/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://helenwhite.su/

Response headers

status
404
date
Tue, 26 Mar 2019 14:11:13 GMT
content-type
text/html; charset=utf-8
content-length
9
server
nginx
set-cookie
AWSALB=VaKDmFWqzrh8ZGjhN5bU3nUCQyZcIuY4FTS327N/mGzkKo1HjZCAE9h9hCRui+vcKM23OJfRsJOsFye9QtvIZRPXkmF67Rh7u6nSzqMwJW2eYSjIFGm3XmwskBot; Expires=Tue, 02 Apr 2019 14:11:13 GMT; Path=/ dci=f6002c6bc700dd5f7460de8fad77d29564a267b7; Max-Age=31536000; Domain=.firte-et-baise.com; Path=/; Expires=Wed, 25 Mar 2020 14:11:13 GMT
x-powered-by
Express
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
access-control-allow-origin
*
etag
W/"9-R1yEhnOj95+nePAcK9WnIdTEFwc"
vary
Accept-Encoding

Redirect headers

Date
Tue, 26 Mar 2019 14:11:13 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By
PHP/7.1.22
Access-Control-Allow-Origin
*
Set-Cookie
cu_defr=0; expires=Wed, 27-Mar-2019 14:11:13 GMT; Max-Age=86400; path=/
Location
https://firte-et-baise.com/tds/cpa?tdsId=p5781zad_r&tds_campaign=p5781zad&utm_source=int&utm_campaign=04f3571a&utm_content={utm_content}&data2={data2}&utm_sub=opnfnl&m=ps
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

2 Cookies

Domain/Path Name / Value
.firte-et-baise.com/ Name: dci
Value: f6002c6bc700dd5f7460de8fad77d29564a267b7
firte-et-baise.com/ Name: AWSALB
Value: VaKDmFWqzrh8ZGjhN5bU3nUCQyZcIuY4FTS327N/mGzkKo1HjZCAE9h9hCRui+vcKM23OJfRsJOsFye9QtvIZRPXkmF67Rh7u6nSzqMwJW2eYSjIFGm3XmwskBot

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

firte-et-baise.com
helenwhite.su
mysweetgirls.su
47.254.145.114
52.58.198.163
e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31