Submitted URL: http://itsgreatnatural.xyz/RHNM5Ed3i6
Effective URL: http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1596230116.226.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120
Submission: On July 31 via manual from US

Summary

This website contacted 3 IPs in 4 countries across 6 domains to perform 4 HTTP transactions. The main IP is 34.196.13.28, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is quatrefeuillepolonaise.xyz.
This is the only time quatrefeuillepolonaise.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 8.210.219.134 45102 (CNNIC-ALI...)
1 1 212.7.204.100 60781 (LEASEWEB-...)
1 2 91.228.153.25 44066 (DE-FIRSTC...)
1 2a03:90c0:999... 199524 (GCORE)
1 1 40.112.135.80 8075 (MICROSOFT...)
2 34.196.13.28 14618 (AMAZON-AES)
4 3
Domain Requested by
2 dsfffmb.mobi 1 redirects
1 quatrefeuillepolonaise.xyz
1 saltiersilurus.xyz dsfffmb.mobi
1 www.track4cr.com 1 redirects
1 dadbab.info dsfffmb.mobi
1 buy.itsgreatnatural.xyz 1 redirects
1 itsgreatnatural.xyz 1 redirects
4 7

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1596230116.226.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120
Frame ID: 9BAF557AE99B33B32C7BBB03C1793346
Requests: 4 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://itsgreatnatural.xyz/RHNM5Ed3i6 HTTP 302
    http://buy.itsgreatnatural.xyz/5e628e4d0a91860001656bfe?pubid=%7Bpubid%7D HTTP 302
    http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=... Page URL
  2. http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=... HTTP 302
    http://www.track4cr.com/click.track?CID=425460&AFID=432697&ADID=2260746&AffiliateReferenceID=-7EBRQC... HTTP 302
    http://saltiersilurus.xyz/ Page URL
  3. http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1596230116.226.2.1.c2FsdGllcnNpbHVydXMue... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

4
Requests

0 %
HTTPS

17 %
IPv6

6
Domains

7
Subdomains

3
IPs

4
Countries

16 kB
Transfer

31 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://itsgreatnatural.xyz/RHNM5Ed3i6 HTTP 302
    http://buy.itsgreatnatural.xyz/5e628e4d0a91860001656bfe?pubid=%7Bpubid%7D HTTP 302
    http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802 Page URL
  2. http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802&fingerprint_=096c3b8e9856a2a26968b0e24c3f507a HTTP 302
    http://www.track4cr.com/click.track?CID=425460&AFID=432697&ADID=2260746&AffiliateReferenceID=-7EBRQCgQAAHMP2kO4AwOuXAODXjAuBgMKQQACDyOJJF8RDRoRDSIRDUIRDVoDTkwHbmwyf2FkY29tYm__cXFyWHZmY0kAAzlB&SID=pid5d36eb203bd6158d4eab533424830c26&subid1={pixel_id} HTTP 302
    http://saltiersilurus.xyz/ Page URL
  3. http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1596230116.226.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://itsgreatnatural.xyz/RHNM5Ed3i6 HTTP 302
  • http://buy.itsgreatnatural.xyz/5e628e4d0a91860001656bfe?pubid=%7Bpubid%7D HTTP 302
  • http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802
Request Chain 2
  • http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802&fingerprint_=096c3b8e9856a2a26968b0e24c3f507a HTTP 302
  • http://www.track4cr.com/click.track?CID=425460&AFID=432697&ADID=2260746&AffiliateReferenceID=-7EBRQCgQAAHMP2kO4AwOuXAODXjAuBgMKQQACDyOJJF8RDRoRDSIRDUIRDVoDTkwHbmwyf2FkY29tYm__cXFyWHZmY0kAAzlB&SID=pid5d36eb203bd6158d4eab533424830c26&subid1={pixel_id} HTTP 302
  • http://saltiersilurus.xyz/

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
dsfffmb.mobi/
Redirect Chain
  • http://itsgreatnatural.xyz/RHNM5Ed3i6
  • http://buy.itsgreatnatural.xyz/5e628e4d0a91860001656bfe?pubid=%7Bpubid%7D
  • http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802
1 KB
1 KB
Document
General
Full URL
http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802
Protocol
HTTP/1.1
Server
91.228.153.25 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
dsde252-4.fornex.org
Software
openresty /
Resource Hash
5cffd0efa04cc91e6eaa0e4eb3618fb0f2404f56b658647981aa2e86af3f163b

Request headers

Host
dsfffmb.mobi
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
openresty
Date
Fri, 31 Jul 2020 21:12:03 GMT
Content-Type
text/html
Content-Length
1245
Connection
keep-alive
X-Node
slave-nl1
Referrer-Policy
unsafe-url
Cache-Control
private, no-transform,no-cache
X-Edge-Node
slave-nl1 dsde252

Redirect headers

Server
nginx
Date
Fri, 31 Jul 2020 21:12:03 GMT
Content-Type
text/html; charset=utf-8
Content-Length
165
Connection
keep-alive
Location
http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802
Set-Cookie
redhash=NWYyNDg5MjMxMTFkMWQwMDAxNmJlODAyfDB8NWU2MjhlNGQwYTkxODYwMDAxNjU2YmZlfHw2YTA1MGUzMS04NDllLTRlM2QtOGMzNy03ZTdhYjA3YTM2ODl8MTU5NjIyOTkyMw==; Path=/; Domain=buy.itsgreatnatural.xyz; Expires=Sat, 31 Jul 2021 21:12:03 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
fingerprint2.2.1.0.min.js
dadbab.info/content/!common_files/js/
29 KB
12 KB
Script
General
Full URL
http://dadbab.info/content/!common_files/js/fingerprint2.2.1.0.min.js
Requested by
Host: dsfffmb.mobi
URL: http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802
Protocol
HTTP/1.1
Server
2a03:90c0:9997::9997 , Germany, ASN199524 (GCORE, AT),
Reverse DNS
Software
nginx /
Resource Hash
b6c65ab685234e744044e9b94c2a52db31b84c54ff3a00044aa188012ad61365

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-ID
cec-up-gc10
Date
Fri, 31 Jul 2020 21:12:03 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Cached-Since
2020-07-30T13:33:51+00:00
Connection
keep-alive
Pragma
public
Last-Modified
Thu, 16 Jan 2020 09:58:32 GMT
Server
nginx
ETag
W/"5e2033c8-73a6"
Vary
Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Cache
HIT
Expires
Fri, 31 Jul 2020 22:12:03 GMT
/
saltiersilurus.xyz/
Redirect Chain
  • http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802&fingerprint_=096c3b8e9856a2a26968b0e24c3f507a
  • http://www.track4cr.com/click.track?CID=425460&AFID=432697&ADID=2260746&AffiliateReferenceID=-7EBRQCgQAAHMP2kO4AwOuXAODXjAuBgMKQQACDyOJJF8RDRoRDSIRDUIRDVoDTkwHbmwyf2FkY29tYm__cXFyWHZmY0kAAzlB&SID=p...
  • http://saltiersilurus.xyz/
932 B
1 KB
Document
General
Full URL
http://saltiersilurus.xyz/
Requested by
Host: dsfffmb.mobi
URL: http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802
Protocol
HTTP/1.1
Server
34.196.13.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-13-28.compute-1.amazonaws.com
Software
nginx /
Resource Hash
eb4ddf1ce4c6d0f8382dd1a1d5663d8f59400f4b7f2d1fc81a46e0949b67adba
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Host
saltiersilurus.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f248923111d1d00016be802

Response headers

Server
nginx
Date
Fri, 31 Jul 2020 21:15:16 GMT
Content-Type
text/html
Content-Length
932
Connection
close
Expires
Mon, 31 Dec 2001 23:59:59 GMT
Pragma
no-cache
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
X-Content-Type-Options
nosniff

Redirect headers

Server
nginx
Date
Fri, 31 Jul 2020 21:12:04 GMT
Content-Type
text/html; charset=utf-8
Content-Length
142
Connection
keep-alive
Cache-Control
private
Location
http://saltiersilurus.xyz
P3P
policyref="/p3p/P3P.www.track4cr.com.xml", CP="NOI DSP COR NID ADM DEV OUR STP OTC"
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Primary Request Cookie set /
quatrefeuillepolonaise.xyz/
415 B
1 KB
Document
General
Full URL
http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1596230116.226.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120
Protocol
HTTP/1.1
Server
34.196.13.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-13-28.compute-1.amazonaws.com
Software
nginx /
Resource Hash
26c0b7bd93a6d20d75f9027c582602b42c8197536208422faf9e13a092f2709f

Request headers

Host
quatrefeuillepolonaise.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Fri, 31 Jul 2020 21:15:16 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
close
Set-Cookie
tpp_u=0%3B1596316324; expires=Sun, 02-Aug-2020 21:12:04 GMT; path=/ tpp_6546459_l=16%3B1596316324; expires=Sun, 02-Aug-2020 21:12:04 GMT; path=/ tpp_ov=102652%3B1596316324; expires=Sun, 02-Aug-2020 21:12:04 GMT; path=/ tpp_ov=102652%2C102907%3B1596316324; expires=Sun, 02-Aug-2020 21:12:04 GMT; path=/ tpp_ov=102652%2C102907%2C102970%3B1596316324; expires=Sun, 02-Aug-2020 21:12:04 GMT; path=/ tpp_oc=102970%3B1596316324; expires=Sun, 02-Aug-2020 21:12:04 GMT; path=/
Expires
Mon, 31 Dec 2001 23:59:59 GMT
Pragma
no-cache

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Domain/Path Name / Value
quatrefeuillepolonaise.xyz/ Name: tpp_oc
Value: 102970%3B1596316324
quatrefeuillepolonaise.xyz/ Name: tpp_ov
Value: 102652%2C102907%2C102970%3B1596316324
quatrefeuillepolonaise.xyz/ Name: tpp_6546459_l
Value: 16%3B1596316324
quatrefeuillepolonaise.xyz/ Name: tpp_u
Value: 0%3B1596316324