urlscan.io logo urlscan.io
SecurityTrails logo

edtreatmentgroup.com Open in urlscan Pro
185.62.238.21  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
Effective URL: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Submission: On September 03 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 9 domains to perform 30 HTTP transactions. The main IP is 185.62.238.21, located in Bulgaria and belongs to SINGLEHOP-LLC - SingleHop LLC, US. The main domain is edtreatmentgroup.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 1st 2019. Valid for: 3 months.
This is the only time edtreatmentgroup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 149.56.111.197 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 35.166.165.160 16509 (AMAZON-02)
2 2 54.148.113.91 16509 (AMAZON-02)
19 185.62.238.21 32475 (SINGLEHOP...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
30 7
5    149.56.111.197 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: 197.ip-149-56-111.net
www.skinnyswitch.icu
1    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
1    35.166.165.160 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-166-165-160.us-west-2.compute.amazonaws.com
108trk.com
2    54.148.113.91 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-113-91.us-west-2.compute.amazonaws.com
rmtrk1.com
19    185.62.238.21 (Bulgaria)

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: c38336.sgvps.net
edtreatmentgroup.com
1    2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
2    2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
s.ytimg.com
1    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.youtube-nocookie.com
Domain Requested by
19 edtreatmentgroup.com www.skinnyswitch.icu
edtreatmentgroup.com
5 www.skinnyswitch.icu www.skinnyswitch.icu
ajax.googleapis.com
2 www.google-analytics.com www.googletagmanager.com
edtreatmentgroup.com
2 rmtrk1.com 2 redirects
1 www.youtube-nocookie.com edtreatmentgroup.com
1 s.ytimg.com edtreatmentgroup.com
1 www.googletagmanager.com edtreatmentgroup.com
1 108trk.com 1 redirects
1 ajax.googleapis.com www.skinnyswitch.icu
30 9

This site contains no links.

Subject Issuer Validity Valid

1970-01-01 -
1970-01-01		 a few seconds crt.sh
edtreatmentgroup.com
Let's Encrypt Authority X3		 2019-09-01 -
2019-11-30		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-08-13 -
2019-11-11		 3 months crt.sh
*.google.com
GTS CA 1O1		 2019-08-13 -
2019-11-11		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Frame ID: 1771F0F86D8E24F35A29E86CC1398144
Requests: 28 HTTP requests in this frame

Frame: http://www.skinnyswitch.icu/ajax/get_imgl/loading.gif/
Frame ID: 791AD95A0E19E23DF796EEA80F8A2909
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube-nocookie.com/embed/1AblKKMfjGA?enablejsapi=1&playsinline=1&fs=0&rel=0&controls=0&showinfo=0&autoplay=1
Frame ID: 8B721E30CDC222161994667DD4853A95
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619 Page URL
  2. https://108trk.com/?a=162&c=1008&s1=PRI21AUG HTTP 302
    http://rmtrk1.com/?a=37&c=127&s1=162&s2=15072784&s3=PRI21AUG HTTP 302
    https://rmtrk1.com/?a=37&c=127&s1=162&s2=15072784&s3=PRI21AUG&ckmguid=509058b4-9eaf-4fe0-8d53-4... HTTP 302
    https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com\/(?:v|embed)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

30
Requests

80 %
HTTPS

56 %
IPv6

9
Domains

9
Subdomains

7
IPs

4
Countries

1014 kB
Transfer

1214 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619 Page URL
  2. https://108trk.com/?a=162&c=1008&s1=PRI21AUG HTTP 302
    http://rmtrk1.com/?a=37&c=127&s1=162&s2=15072784&s3=PRI21AUG HTTP 302
    https://rmtrk1.com/?a=37&c=127&s1=162&s2=15072784&s3=PRI21AUG&ckmguid=509058b4-9eaf-4fe0-8d53-4a91cf9ceece HTTP 302
    https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
1741AY5530F9311I165CQ76840951NB3164974619
www.skinnyswitch.icu/l/lt19U18973XN1101U/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
Protocol
HTTP/1.1
Server
149.56.111.197 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
197.ip-149-56-111.net
Software
Apache / PHP/5.3.4
Resource Hash
59f9fb8d7448bba1ba63d3a63e42f40e916b30856c51fb1a3123340978e6f0a1

Request headers

Host
www.skinnyswitch.icu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Sep 2019 14:32:19 GMT
Server
Apache
X-Powered-By
PHP/5.3.4
Content-Length
2031
Keep-Alive
timeout=15, max=100
Connection
Keep-Alive
Content-Type
text/html
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ 		90 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: www.skinnyswitch.icu
URL: http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
Protocol
HTTP/1.1
Security
, ,
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 02 Sep 2019 14:53:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
85132
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
33018
X-XSS-Protection
0
Expires
Tue, 01 Sep 2020 14:53:27 GMT
/
www.skinnyswitch.icu/ajax/get_js/main/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.skinnyswitch.icu/ajax/get_js/main/
Requested by
Host: www.skinnyswitch.icu
URL: http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
Protocol
HTTP/1.1
Security
, ,
Server
149.56.111.197 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
197.ip-149-56-111.net
Software
Apache / PHP/5.3.4
Resource Hash
6e81862e7adb1609c3c0d873ecfeff71413ea02e219669d27cd8e6ecd1f774c9

Request headers

Referer
http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Sep 2019 14:32:19 GMT
Server
Apache
Connection
Keep-Alive
X-Powered-By
PHP/5.3.4
Content-Length
2738
Keep-Alive
timeout=15, max=99
Content-Type
text/javascript
/
www.skinnyswitch.icu/ajax/get_imgl/loading.gif/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.skinnyswitch.icu/ajax/get_imgl/loading.gif/
Requested by
Host: www.skinnyswitch.icu
URL: http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
Protocol
HTTP/1.1
Security
, ,
Server
149.56.111.197 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
197.ip-149-56-111.net
Software
Apache / PHP/5.3.4
Resource Hash
f5822f713ac663d495c62ecd1dfcdfb1ecc28d694166e8ecc7e6b466f025f154

Request headers

Referer
http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Sep 2019 14:32:19 GMT
Server
Apache
Connection
Keep-Alive
X-Powered-By
PHP/5.3.4
Transfer-Encoding
chunked
Keep-Alive
timeout=15, max=100
Content-Type
image/gif
/
www.skinnyswitch.icu/ajax_m/get_main_page/18973/19/165/76840951/18973-76840951-9311-5530/1101/1741/ 		44 B
242 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://www.skinnyswitch.icu/ajax_m/get_main_page/18973/19/165/76840951/18973-76840951-9311-5530/1101/1741/
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
HTTP/1.1
Security
, ,
Server
149.56.111.197 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
197.ip-149-56-111.net
Software
Apache / PHP/5.3.4
Resource Hash

Request headers

Accept
*/*
Referer
http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Sep 2019 14:32:19 GMT
Server
Apache
Connection
Keep-Alive
X-Powered-By
PHP/5.3.4
Content-Length
44
Keep-Alive
timeout=15, max=98
Content-Type
text/html
/
www.skinnyswitch.icu/ajax/get_imgl/loading.gif/ Frame 791A 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.skinnyswitch.icu/ajax/get_imgl/loading.gif/
Requested by
Host: www.skinnyswitch.icu
URL: http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
Protocol
HTTP/1.1
Security
, ,
Server
149.56.111.197 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
197.ip-149-56-111.net
Software
Apache / PHP/5.3.4
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Sep 2019 14:32:19 GMT
Server
Apache
Connection
Keep-Alive
X-Powered-By
PHP/5.3.4
Transfer-Encoding
chunked
Keep-Alive
timeout=15, max=99
Content-Type
image/gif
Primary Request /
edtreatmentgroup.com/vsl/tupisecretVON/
Redirect Chain
  • https://108trk.com/?a=162&c=1008&s1=PRI21AUG
  • http://rmtrk1.com/?a=37&c=127&s1=162&s2=15072784&s3=PRI21AUG
  • https://rmtrk1.com/?a=37&c=127&s1=162&s2=15072784&s3=PRI21AUG&ckmguid=509058b4-9eaf-4fe0-8d53-4a91cf9ceece
  • https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
107 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Requested by
Host: www.skinnyswitch.icu
URL: http://www.skinnyswitch.icu/ajax/get_js/main/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
896757779b8600088020a620f17cffa95e7c43fbd4cf1c7057b2d98db53e9c4a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
edtreatmentgroup.com
:scheme
https
:path
/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
http://www.skinnyswitch.icu/l/lt19U18973XN1101U/1741AY5530F9311I165CQ76840951NB3164974619

Response headers

status
200
server
nginx
date
Tue, 03 Sep 2019 14:32:22 GMT
content-type
text/html; charset=UTF-8
content-length
38390
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0 max-age=600, private, must-revalidate
pragma
no-cache
set-cookie
PHPSESSID=rigpknk054pt99mrgtknsb69u5; path=/ looked=yes; expires=Tue, 03-Sep-2019 15:32:22 GMT; Max-Age=3600
vary
Accept-Encoding
content-encoding
gzip
x-xss-protection
1; mode=block
x-proxy-cache
MISS
alt-svc
quic=":443"; ma=86400; v="43,39"

Redirect headers

Cache-Control
private
Content-Length
216
Content-Type
text/html; charset=utf-8
Date
Tue, 03 Sep 2019 14:32:21 GMT
Location
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
P3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
sid=NpPMYb6z2BOcdDVcVppUQoX9/dXIhT1vQFThO7h9IJxMvyjda+NYsg==; domain=.rmtrk1.com; path=/; HttpOnly trk=pGNXhTxuFtacdDVcVppUQoX9/dXIhT1vQFThO7h9IJxMvyjda+NYsg==; domain=.rmtrk1.com; expires=Tue, 03-Sep-2024 07:32:22 GMT; path=/; HttpOnly c24=NpPMYb6z2BOkKC3iJ4o7ppT+ZjJ8FABwN2/6fos8o3k=; domain=.rmtrk1.com; expires=Thu, 03-Oct-2019 14:32:22 GMT; path=/; HttpOnly
Connection
close
headline.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/headline.png
Requested by
Host: edtreatmentgroup.com
URL: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
f625d0e0e7b93f82514ca8b5013ab7cc449b304a35c9b3edbec8092b941d7626
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:23 GMT
server
nginx
etag
"4df2-57ab481cdbf80"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:39 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
19954
x-xss-protection
1; mode=block
x-proxy-cache
HIT
PS-st.jpg
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		310 KB
311 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/PS-st.jpg
Requested by
Host: edtreatmentgroup.com
URL: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
def43ac32c51677d9a841c5381f5c53e74f64c63c7868ccb56521f65bbfdc247
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:23 GMT
server
nginx
etag
"4d8a6-58a95dde3b040"
content-type
image/jpeg
status
200
expires
Fri, 04 Oct 2019 15:56:39 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
317606
x-xss-protection
1; mode=block
x-proxy-cache
HIT
sound.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		547 B
782 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/sound.png
Requested by
Host: edtreatmentgroup.com
URL: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
0f4a56cecd96561007b665e3f5ab1c4a834b4944a61e0745af8135c21dd67905
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:23 GMT
server
nginx
etag
"223-57ab481fb8640"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:39 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
547
x-xss-protection
1; mode=block
x-proxy-cache
HIT
bg1.jpg
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/bg1.jpg
Requested by
Host: edtreatmentgroup.com
URL: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
c1eff836978f2fa35346b18a731a4c51c4d8afd9caaa8a03bdb922503f3049dd
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:23 GMT
server
nginx
etag
"6107-57ab481817440"
content-type
image/jpeg
status
200
expires
Fri, 04 Oct 2019 15:56:39 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
24839
x-xss-protection
1; mode=block
x-proxy-cache
HIT
js
www.googletagmanager.com/gtag/ 		68 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-124358878-1
Requested by
Host: edtreatmentgroup.com
URL: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9fb2ad49f72929e0b9141fb6b53f963a9f75174a2cc0d3b7ac17771e7c5b52d2
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:23 GMT
content-encoding
br
last-modified
Tue, 03 Sep 2019 12:00:00 GMT
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
26611
x-xss-protection
0
expires
Tue, 03 Sep 2019 14:32:23 GMT
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-124358878-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
3986
date
Tue, 03 Sep 2019 13:25:57 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
17803
expires
Tue, 03 Sep 2019 15:25:57 GMT
collect
www.google-analytics.com/r/ 		35 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j79&a=2131219925&t=pageview&_s=1&dl=https%3A%2F%2Fedtreatmentgroup.com%2Fvsl%2FtupisecretVON%2F%3Fs1%3D162%26s2%3D15072784%26s3%3DPRI21AUG%26affId%3D37&dr=http%3A%2F%2Fwww.skinnyswitch.icu%2Fl%2Flt19U18973XN1101U%2F1741AY5530F9311I165CQ76840951NB3164974619&ul=en-us&de=UTF-8&dt=Prime%20Potence&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1284920995&gjid=926592009&cid=2010944379.1567521143&tid=UA-124358878-1&_gid=1675235936.1567521143&_r=1&gtm=2ou8l2&z=468564737
Requested by
Host: edtreatmentgroup.com
URL: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 03 Sep 2019 14:32:23 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vflgX_lHM/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ytimg.com/yts/jsbin/www-widgetapi-vflgX_lHM/www-widgetapi.js
Requested by
Host: edtreatmentgroup.com
URL: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
cd6b18ff49e6f8b2a4729827452ce62bf9d8f7a66ef683ebfa581d7fb4b4f3a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 02 Jul 2018 17:57:02 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
status
200
cache-control
public, max-age=691200
accept-ranges
bytes
timing-allow-origin
https://www.youtube.com
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
7700
x-xss-protection
0
expires
Wed, 11 Sep 2019 14:32:23 GMT
1AblKKMfjGA
www.youtube-nocookie.com/embed/ Frame 8B72 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube-nocookie.com/embed/1AblKKMfjGA?enablejsapi=1&playsinline=1&fs=0&rel=0&controls=0&showinfo=0&autoplay=1
Requested by
Host: edtreatmentgroup.com
URL: https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube-nocookie.com
:scheme
https
:path
/embed/1AblKKMfjGA?enablejsapi=1&playsinline=1&fs=0&rel=0&controls=0&showinfo=0&autoplay=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37

Response headers

status
200
strict-transport-security
max-age=31536000
expires
Tue, 27 Apr 1971 19:44:06 EST
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache
content-encoding
br
date
Tue, 03 Sep 2019 14:32:23 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
prod11.jpg
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/prod11.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
7fc3de52ff72d39aee370e15356bbacca86d09e00a502490e6d8372bdfbbbaaa
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"168d5-57ab481dd01c0"
content-type
image/jpeg
status
200
expires
Fri, 04 Oct 2019 15:56:40 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
92373
x-xss-protection
1; mode=block
x-proxy-cache
HIT
prod62.jpg
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		81 KB
81 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/prod62.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
b9552d69a620a8d760301ae5d21e010adda91cf1c264b4f962fa09615a7cdd65
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"14454-57ab481fb8640"
content-type
image/jpeg
status
200
expires
Fri, 04 Oct 2019 15:56:41 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
83028
x-xss-protection
1; mode=block
x-proxy-cache
HIT
prod3.jpg
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		100 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/prod3.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
4f2267bddd8b6e91b5ea8d4411edd271f07fe2e0998c4e3851ad56095518d0c9
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"18f63-57ab481ec4400"
content-type
image/jpeg
status
200
expires
Fri, 04 Oct 2019 15:56:40 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
102243
x-xss-protection
1; mode=block
x-proxy-cache
HIT
coment.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		75 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/coment.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
ae368d889d4a893355938b281161e936e0203be41c1e43b7d3e36f817efff76b
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"12ac1-57ab48190b680"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:40 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
76481
x-xss-protection
1; mode=block
x-proxy-cache
HIT
logos.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/logos.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
7ebb69f98194dbb89cc4a7706bc677744a51ab2bbf29a77be2585cf7d3f57654
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"3dcf-57ab481cdbf80"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:40 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
15823
x-xss-protection
1; mode=block
x-proxy-cache
HIT
autor12.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/autor12.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
ec28dcf47404e7d3e29881b6f7e9811a2305e68a3d1c7353a5941120668964cc
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"1cb4-57ab481723200"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:41 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
7348
x-xss-protection
1; mode=block
x-proxy-cache
HIT
comment.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/comment.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
812dc06eab0114439d4ddf86e0304fb08aa58c482a9d239443745dab4a71edd1
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"95f-57ab4819ff8c0"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:41 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
2399
x-xss-protection
1; mode=block
x-proxy-cache
HIT
autor22.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/autor22.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
62eff5cc56f70068cf034512e2d2f178ef7dea8730b61048fb7b0bae3e24d431
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"1a8e-57ab481723200"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:41 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
6798
x-xss-protection
1; mode=block
x-proxy-cache
HIT
comment2.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/comment2.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
a314365e8989d0c3139a35a6434f3d3ae1dfac5a6be682a76ec74adb6821fddd
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"a4d-57ab4819ff8c0"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:40 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
2637
x-xss-protection
1; mode=block
x-proxy-cache
HIT
autor32.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/autor32.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
cc136eb3d23bf03367242fac485fab40c72ece877738b43acf788189910b409b
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"19d2-57ab481817440"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:40 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
6610
x-xss-protection
1; mode=block
x-proxy-cache
HIT
comment3.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/comment3.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
5c0219685bacc2289dc99d4cbd3b1a97643295b569e48b2d2a2c8608a6808340
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"a66-57ab481af3b00"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:40 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
2662
x-xss-protection
1; mode=block
x-proxy-cache
HIT
book1.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/book1.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
65527195e165d80cbbd1835eeb66c35a584d20d0ccafaed99356c0eab3f41487
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"b4d5-57cbf56a7f980"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:41 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
46293
x-xss-protection
1; mode=block
x-proxy-cache
HIT
book2.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/book2.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
cc045a15767dc90d79ebd2d1d31c57a16d0507be1ab9c44c857ad4b5829d216e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"10298-57cbf56a7f980"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:41 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
66200
x-xss-protection
1; mode=block
x-proxy-cache
HIT
guar.png
edtreatmentgroup.com/vsl/tupisecretVON/imgs/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edtreatmentgroup.com/vsl/tupisecretVON/imgs/guar.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.62.238.21 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
c38336.sgvps.net
Software
nginx /
Resource Hash
3364bbec280bdd808ad19bd72eec3e86e22efb2188fbf067f77891bd2a4f2964
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://edtreatmentgroup.com/vsl/tupisecretVON/?s1=162&s2=15072784&s3=PRI21AUG&affId=37
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 14:32:24 GMT
server
nginx
etag
"2cc1-57ab481be7d40"
content-type
image/png
status
200
expires
Fri, 04 Oct 2019 15:56:41 GMT
cache-control
max-age=2692000, public
accept-ranges
bytes
alt-svc
quic=":443"; ma=86400; v="43,39"
content-length
11457
x-xss-protection
1; mode=block
x-proxy-cache
HIT

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery string| $time number| $w object| player function| onYouTubeIframeAPIReady function| onPlayerReady function| onPlayerStateChange function| stopedVideo function| show function| scrolling number| remain_bv function| parseTime_bv boolean| click function| init number| $hw function| gtag object| dataLayer number| timeoutId object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| onYTReady object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| YT object| video

5 Cookies

Domain/Path Name / Value
.edtreatmentgroup.com/ Name: _gat_gtag_UA_124358878_1
Value: 1
.edtreatmentgroup.com/ Name: _gid
Value: GA1.2.1675235936.1567521143
.edtreatmentgroup.com/ Name: _ga
Value: GA1.2.2010944379.1567521143
edtreatmentgroup.com/ Name: PHPSESSID
Value: rigpknk054pt99mrgtknsb69u5
edtreatmentgroup.com/vsl/tupisecretVON Name: looked
Value: yes

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

108trk.com
ajax.googleapis.com
edtreatmentgroup.com
rmtrk1.com
s.ytimg.com
www.google-analytics.com
www.googletagmanager.com
www.skinnyswitch.icu
www.youtube-nocookie.com
149.56.111.197
185.62.238.21
2a00:1450:4001:808::200a
2a00:1450:4001:808::200e
2a00:1450:4001:814::200e
2a00:1450:4001:81a::2008
2a00:1450:4001:81c::200e
35.166.165.160
54.148.113.91
0f4a56cecd96561007b665e3f5ab1c4a834b4944a61e0745af8135c21dd67905
3364bbec280bdd808ad19bd72eec3e86e22efb2188fbf067f77891bd2a4f2964
4f2267bddd8b6e91b5ea8d4411edd271f07fe2e0998c4e3851ad56095518d0c9
59f9fb8d7448bba1ba63d3a63e42f40e916b30856c51fb1a3123340978e6f0a1
5c0219685bacc2289dc99d4cbd3b1a97643295b569e48b2d2a2c8608a6808340
62eff5cc56f70068cf034512e2d2f178ef7dea8730b61048fb7b0bae3e24d431
65527195e165d80cbbd1835eeb66c35a584d20d0ccafaed99356c0eab3f41487
6e81862e7adb1609c3c0d873ecfeff71413ea02e219669d27cd8e6ecd1f774c9
7ebb69f98194dbb89cc4a7706bc677744a51ab2bbf29a77be2585cf7d3f57654
7fc3de52ff72d39aee370e15356bbacca86d09e00a502490e6d8372bdfbbbaaa
812dc06eab0114439d4ddf86e0304fb08aa58c482a9d239443745dab4a71edd1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
896757779b8600088020a620f17cffa95e7c43fbd4cf1c7057b2d98db53e9c4a
9fb2ad49f72929e0b9141fb6b53f963a9f75174a2cc0d3b7ac17771e7c5b52d2
a314365e8989d0c3139a35a6434f3d3ae1dfac5a6be682a76ec74adb6821fddd
ae368d889d4a893355938b281161e936e0203be41c1e43b7d3e36f817efff76b
b9552d69a620a8d760301ae5d21e010adda91cf1c264b4f962fa09615a7cdd65
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1eff836978f2fa35346b18a731a4c51c4d8afd9caaa8a03bdb922503f3049dd
cc045a15767dc90d79ebd2d1d31c57a16d0507be1ab9c44c857ad4b5829d216e
cc136eb3d23bf03367242fac485fab40c72ece877738b43acf788189910b409b
cd6b18ff49e6f8b2a4729827452ce62bf9d8f7a66ef683ebfa581d7fb4b4f3a3
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
def43ac32c51677d9a841c5381f5c53e74f64c63c7868ccb56521f65bbfdc247
ec28dcf47404e7d3e29881b6f7e9811a2305e68a3d1c7353a5941120668964cc
f5822f713ac663d495c62ecd1dfcdfb1ecc28d694166e8ecc7e6b466f025f154
f625d0e0e7b93f82514ca8b5013ab7cc449b304a35c9b3edbec8092b941d7626