urlscan.io logo urlscan.io
SecurityTrails logo

affectedplain.com Open in urlscan Pro
172.67.191.204  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/sdfsvxclkvidfugyvdd.html
Effective URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Submission: On June 07 via manual from MX — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 20 HTTP transactions. The main IP is 172.67.191.204, located in United States and belongs to CLOUDFLARENET, US. The main domain is affectedplain.com.
TLS certificate: Issued by E1 on May 8th 2023. Valid for: 3 months.
This is the only time affectedplain.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 52.219.178.146 16509 (AMAZON-02)
1 172.82.84.172 398343 (BAXET-GROUP)
1 1 172.67.141.78 13335 (CLOUDFLAR...)
17 172.67.191.204 13335 (CLOUDFLAR...)
1 142.250.72.106 15169 (GOOGLE)
20 4
1    52.219.178.146 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com
aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com
1    172.82.84.172 (United States)

ASN398343 (BAXET-GROUP, US)
romqust.com
1    172.67.141.78 (United States)

ASN13335 (CLOUDFLARENET, US)
foregoneblade.live
17    172.67.191.204 (United States)

ASN13335 (CLOUDFLARENET, US)
affectedplain.com
1    142.250.72.106 (Staten Island, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f10.1e100.net
ajax.googleapis.com
Domain Requested by
17 affectedplain.com romqust.com
affectedplain.com
1 ajax.googleapis.com affectedplain.com
1 foregoneblade.live 1 redirects
1 romqust.com aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com
1 aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com
20 5

This site contains no links.

Subject Issuer Validity Valid
*.s3.us-east-2.amazonaws.com
Amazon RSA 2048 M01		 2023-04-11 -
2024-02-28		 a year crt.sh
romqust.com
R3		 2023-04-11 -
2023-07-10		 3 months crt.sh
affectedplain.com
E1		 2023-05-08 -
2023-08-06		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Frame ID: DE464E82D8FA89478003A06483E2A897
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Ace Hardware-Shopper

Page URL History Show full URLs

  1. https://aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/sdfsvxclkvidfugyvdd.html Page URL
  2. https://romqust.com/0/0/0/533e93dba02ac2dfc83e6c64c03eceda Page URL
  3. https://foregoneblade.live/d-6v13g/index_2.php?s1=351510&s2=999403922&s3=1949&s4=2084&ow=72&p=10-c-6v13g HTTP 302
    https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

196 kB
Transfer

429 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/sdfsvxclkvidfugyvdd.html Page URL
  2. https://romqust.com/0/0/0/533e93dba02ac2dfc83e6c64c03eceda Page URL
  3. https://foregoneblade.live/d-6v13g/index_2.php?s1=351510&s2=999403922&s3=1949&s4=2084&ow=72&p=10-c-6v13g HTTP 302
    https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
sdfsvxclkvidfugyvdd.html
aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/ 		137 B
531 B 		Document
General
Check archive.org
Download Go to
Full URL
https://aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/sdfsvxclkvidfugyvdd.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.178.146 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-r-w.us-east-2.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Content-Length
137
Content-Type
text/html
Date
Wed, 07 Jun 2023 18:38:01 GMT
ETag
"c23545246db1d53c3b4a9c3d865644b7"
Last-Modified
Tue, 06 Jun 2023 15:17:49 GMT
Server
AmazonS3
x-amz-id-2
RhZnWp7ujCJR7j1+T00MTaI3TXHbEquBcDQNM53odeX1n2APTxlnj7+Mc/AEBlEcOkbuo4RuVhI=
x-amz-request-id
JBHYY2MNEJBD06NE
x-amz-server-side-encryption
AES256
533e93dba02ac2dfc83e6c64c03eceda
romqust.com/0/0/0/ 		167 B
463 B 		Document
General
Check archive.org
Download Go to
Full URL
https://romqust.com/0/0/0/533e93dba02ac2dfc83e6c64c03eceda
Requested by
Host: aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com
URL: https://aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/sdfsvxclkvidfugyvdd.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.82.84.172 , United States, ASN398343 (BAXET-GROUP, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
https://aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-length
167
content-type
text/html; charset=UTF-8
date
Wed, 07 Jun 2023 18:38:00 GMT
server
Apache
Primary Request /
affectedplain.com/d-6v13g/
Redirect Chain
  • https://foregoneblade.live/d-6v13g/index_2.php?s1=351510&s2=999403922&s3=1949&s4=2084&ow=72&p=10-c-6v13g
  • https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
41 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Requested by
Host: romqust.com
URL: https://romqust.com/0/0/0/533e93dba02ac2dfc83e6c64c03eceda
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a4cbd2b01bcc1213a55c6e3989d1032ae9595e505eba80d6fa70f4d47be857e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://romqust.com/0/0/0/533e93dba02ac2dfc83e6c64c03eceda#undefined
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7d3b027d8f6b4337-EWR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 07 Jun 2023 18:38:01 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CyaXSljOe5kboC1I6eku4DM%2Fo3y4uru8LrpeSey77VZzTe6OkvP01amw%2BrNylvBu5R4PQUWuiGbVNemqMQHRfKK%2FuzCnCdM2Cx9U4wkd35iONlRsDfltkzWJ7Lce%2BePEEPk%2Fnw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
7d3b027aada50f5f-EWR
content-type
text/html; charset=UTF-8
date
Wed, 07 Jun 2023 18:38:01 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nam9UtJIGbnhdlUmzTc2bHJ%2BUMfMh4Dggkj2o7AftV3YGHwRUut%2FNdadXiPJiAPPyuIDupHWd0wcRFXKOAPr2S%2Fa5Aq0XrH8UpPLDpB%2BzR%2BlRg%2BdgYwsjCj63tlO80ykUHFQ8XY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
bootstrapp.min.css
affectedplain.com/d-6v13g/assets/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://affectedplain.com/d-6v13g/assets/css/bootstrapp.min.css
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35b735bedf07d6b66c0a9b4b82b307c9cce8b70b61b3661f2dfe87d7c1fc814c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
81144
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=prEraSsfEtknB%2B0pAs6VptjKmLpR1BcxiT7IJmpPNRE4Y8WGt4wmYGs8Iq3rxFZAYPksWWhZbytqgm3bFrtTzVzaq8ZzC7cmum2Q4jcfnnaq9j%2B5qTIBKw47VPr2FtFbnZJ0Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d3b027e584e4337-EWR
expires
Tue, 13 Jun 2023 20:05:37 GMT
main0010.css
affectedplain.com/d-6v13g/assets/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://affectedplain.com/d-6v13g/assets/css/main0010.css
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa36256a9e62971035994e35f7679b2efe818cf6d8cb0ca847825560f7f07f7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 08 Apr 2022 13:20:43 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2F2pQkkUNbprVGyRWqspSKQKRwTnkzUfiN7YS5YBKhwD5V50v%2FajGYm7y7qfhhfahN0i252y7awWOaU1vPdT3RXKkC3TzaVXzIKQxiju0FDdCXIB3e3f6farofwR3q0N%2FACTpA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d3b027e58504337-EWR
expires
Wed, 14 Jun 2023 18:38:02 GMT
terms.css
affectedplain.com/d-6v13g/assets/css/ 		1 KB
757 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://affectedplain.com/d-6v13g/assets/css/terms.css
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30ab151bbfbf9da9daa1bcdbf284f19d567f41301015a66084a7571eaae2fa9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
81144
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2S1mDTcNvPL2GdDB4gTark1eMwrslfSXF2pcDRwThq1t8bif1wyoPkztd3xYL5CPR4IgOtnDHxJux7ewFB4DzsX9WXlKTPlQUaiIg24mcMyFy8S1S4MKxNQLfdo2cSTzkuGBkw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d3b027e58514337-EWR
expires
Tue, 13 Jun 2023 20:05:37 GMT
ipad.png
affectedplain.com/d-6v13g/assets/images/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://affectedplain.com/d-6v13g/assets/images/ipad.png
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e87b95d23998a3fcf71b26abdea393644e5fceaee4cb2c796aaee90a3bbfe61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68085
alt-svc
h3=":443"; ma=86400
content-length
23121
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qau3ri8WNiC5vt7abiFEnE26xRtgnPJsANEww8YVkUhrIv6bNdbWnO34v%2FaG52m6sIMRz7e5RShA74oAMKmh4Yyfyj7OpdEyItSinw1%2FNqjq4QSxcSaCop%2F8ZCENi6oxDA4Rgg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d3b027f29214337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
5.jpg
affectedplain.com/d-6v13g/assets/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://affectedplain.com/d-6v13g/assets/images/5.jpg
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
856a3e25e403c4f577c63b78a2ee734deedeb7b77fdb25a600b2a5dded64f722
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68085
alt-svc
h3=":443"; ma=86400
content-length
1250
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3R2dO1ronR39U4lrDJpKyp%2FAYih537kQChYdsnEpxad9WQggyPZC1Z3TQegciF5a7jWZ3ahsLob%2BH%2B7RhPcQ4Ued8S8uM4OKaek60%2FDZMTLJA25CbOMfIiJnp2Fwxpv3HggbGg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d3b027f29224337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
3.jpg
affectedplain.com/d-6v13g/assets/images/ 		936 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://affectedplain.com/d-6v13g/assets/images/3.jpg
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7532d53e07de8cd28c1a4d98e284df714255ec21c86d6756fe9261ec30691cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68084
alt-svc
h3=":443"; ma=86400
content-length
936
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ib5Du912I82TNbPoZ8U7%2FBSRBY7xexJteD0YlTUYVc6JEEFPGj57zWLrZH4pvPBOLYPVjMXbmg4Bhgz%2BlcaBdie8dLqjxOjhcmIxxQ0AoB2ghowTVaC8Vxbg9%2F9nU4JZCKenhw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d3b027f29244337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
4.jpg
affectedplain.com/d-6v13g/assets/images/ 		1005 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://affectedplain.com/d-6v13g/assets/images/4.jpg
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4475cabe931a1f71deea2db0509054d4261af226673c9450f0085b82d6d123f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
16045
alt-svc
h3=":443"; ma=86400
content-length
1005
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PC6pYXp9ddworg9Vqd0nYy46jiqTvCqGnFZkWkbnFz1ZGP0pI4YuJ1Z9YfVq6%2F2Ke9gVrYV8DU4FHlYDWf4xDwgZ6jE%2BceqocbxDHJYxkwRRCWTT1ri20OFJjnHhSkLuwJ004Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d3b027f29254337-EWR
expires
Wed, 14 Jun 2023 14:10:37 GMT
2.jpg
affectedplain.com/d-6v13g/assets/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://affectedplain.com/d-6v13g/assets/images/2.jpg
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ac98de861aae4984b0d4a2eaaf03525b8a230f6645598d7951ad970eb35193a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68085
alt-svc
h3=":443"; ma=86400
content-length
1212
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZ0O%2F9lBa2XrTnM%2BOTZjTnHoc8ieVqdbuLrMGEYzjaL%2FPOtDqZQCyMY5Hno%2BFhBCuUHOQmK3wDcGLvLpU%2Fh4pS8ei6fYI3JUsYP2Fgtj0E8JV8iFSBTHeoTD5%2BKNN3oeYBGuJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d3b027f29264337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
1.jpg
affectedplain.com/d-6v13g/assets/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://affectedplain.com/d-6v13g/assets/images/1.jpg
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
957fa9d8e22009502c40c12d830e48a28de8cfdcec5926bfb27830ef3b460611
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68084
alt-svc
h3=":443"; ma=86400
content-length
1933
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ThHgJRS3RQbA5vsYpxz24PUAAXj52rHKjupUrnGMVKJ55YenSVvr%2FWyTn92Q5HfkfDg9d1jO9%2FSDO2xZbq1nryeJF5tQZCZIlXkud0q0NEbjfTJC%2FdM1CorNMA7OhoV4rC52w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d3b027f29274337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
download.png
affectedplain.com/d-6v13g/assets/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://affectedplain.com/d-6v13g/assets/images/download.png
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d43c47d081ccec81e0af4c139eb7ad18c06fd84cd5aafe96fbcb55bd4e29efb5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68084
alt-svc
h3=":443"; ma=86400
content-length
1300
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gRx84i5h5HAV4qP1XA5iEkbZdzqGcKOYtANyZYoogzTvCF%2FTCmXjEiK%2FGBYVVeygGohHeFHYH5%2FRzQ8pF0zrqsxpkVo66%2Bc4kavR2PDg7PS8uJL7q6TaKWjXvnfTzZ1%2BR%2BW9AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d3b027f29284337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
x.png
affectedplain.com/d-6v13g/assets/images/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://affectedplain.com/d-6v13g/assets/images/x.png
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68084
alt-svc
h3=":443"; ma=86400
content-length
5389
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NgENeBqjbETRyY%2F25JgRSPPDhsTex9aYPwrz5wvAaJv32hJGkiJsgsQrf3%2FgCXfuZzjGrXCJ1v66SAlydBAcrVQ1HBPTyo4v9upxM33YeTztSx05WA9TfXCP4TYIXK%2BxnKss%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d3b027f292a4337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.2/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.106 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f10.1e100.net
Software
sffe /
Resource Hash
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 14:10:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16063
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33495
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Jun 2024 14:10:19 GMT
modal.js
affectedplain.com/d-6v13g/assets/js/ 		887 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://affectedplain.com/d-6v13g/assets/js/modal.js
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c94b3e9800d457f6d9f64d3a25c360a749c49e855c3a1f74aed1d77e86948c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68084
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PvwW5eDmkzwtREVuJQiNQw8Wc7z1oM6Zqdc5cCw8JfpfaqLO6U54udFZBB1QS8SBHHfCuOKitABC2InBWEPIq7fWkOJ6JfbhdlhtWoVYV00cUK2ZmzS8XvwL7yVeyBnsVRyW4w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d3b027f19154337-EWR
expires
Tue, 13 Jun 2023 23:43:18 GMT
bootstrap.min.js
affectedplain.com/d-6v13g/assets/bootstrap/dist/js/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://affectedplain.com/d-6v13g/assets/bootstrap/dist/js/bootstrap.min.js
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a6ee36ce8e2826b76fd7632195831e3710b8c3bd2002af22dbb3f0b85b64f16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68084
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fs9Dc9yBI1Ea18AdKCyZjkSAJeifOXCenkuuaXkN2GEPeQaMBUKqbeVKvkDO8O67e8QBFZ84t1wElFZkariepl%2BWud9W6a%2B%2F%2BW8cBWxsSaZAP%2FSZX6%2F2OWslmRQf%2FBE9qF1PIw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d3b027f291c4337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
scripts-w23478e-ed5.js
affectedplain.com/d-6v13g/assets/js/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://affectedplain.com/d-6v13g/assets/js/scripts-w23478e-ed5.js?v=2&cc=us
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94a101733b064ea75abcc50f0c0f5b8be69890186b9f96a3e9cb956a2d6845a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68084
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Mon, 29 Nov 2021 14:44:40 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NDCNNgjPqGANmCq8TqwdGVW9zZVkg3eE%2F8HK6RytJNKLKAF16lBOA6Wbkr0iGAINLeB2dhA2T2YN5JXmrQLwp758nX6mGlxG76g3iZkz2FY88ver%2FWL1gSLR83bEMNkmi%2FOx5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d3b027f291f4337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
css.css
affectedplain.com/d-6v13g/assets/css/ 		4 KB
768 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://affectedplain.com/d-6v13g/assets/css/css.css
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeeb96b92d5aeda83b7b00508324d18dedf839671918eed90f9ff83d85c196d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/?ab7021ae81737f506e1fbde7108e8d25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68084
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 19 Aug 2021 12:47:54 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zmNDAKsFX7U%2F7NLuI45sluV8ggDGYr5CfCpHv6tK%2B6K8H1Jm0uLSmbSmCLr8S%2FlijNE%2FRtgTKXABo4TANiA7DE7gCmk76aTVQI7x%2FowC%2Bx5mq%2F9lT3lZQQ3hjlXhJaqWUZA%2Bpw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7d3b027f292b4337-EWR
expires
Tue, 13 Jun 2023 23:43:17 GMT
bg-ace.jpg
affectedplain.com/d-6v13g/assets/images/ 		79 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://affectedplain.com/d-6v13g/assets/images/bg-ace.jpg
Requested by
Host: affectedplain.com
URL: https://affectedplain.com/d-6v13g/assets/css/main0010.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.191.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05bd6e53460437d7c0d887dac8c8a6dcdc1c7d0066d7c5ce551c1dbf760577d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://affectedplain.com/d-6v13g/assets/css/main0010.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 18:38:02 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
92930
alt-svc
h3=":443"; ma=86400
content-length
80745
x-xss-protection
1; mode=block
last-modified
Fri, 08 Apr 2022 13:20:15 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYbmYDZzRZOPC%2F6vbNkRx2h6pCmOMzZEStg%2FEveqLPo3E23KUjMs70IRjAgqscNCQADWw6O4futoiwGHvtX%2BhnmfQ%2BuHxAOnLTzsIBgLzijQ8ubFvRuSZwZfs6Yzx5wctv%2BpOA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7d3b027f292c4337-EWR
expires
Tue, 13 Jun 2023 16:49:12 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend function| socle function| $ function| jQuery object| jQuery1112021792172860947057 function| findGetParameter function| buildOfferHtml function| getRandomInt function| processQuestion number| offer_tick undefined| zz object| wall_json object| $questionsForm object| $activeQuestion object| $nextQuestion

3 Cookies

Domain/Path Name / Value
romqust.com/ Name: uid1949
Value: 999403922-20230607143800-51cd74691425c8c2de45052cead6d772-2084
foregoneblade.live/ Name: PHPSESSID
Value: 0ac40b3eab9d0e91140bc5973cfd6a81
affectedplain.com/ Name: PHPSESSID
Value: 900e642591f9b7a2a55a83fbd3a8acb8

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

affectedplain.com
ajax.googleapis.com
aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com
foregoneblade.live
romqust.com
142.250.72.106
172.67.141.78
172.67.191.204
172.82.84.172
52.219.178.146
05bd6e53460437d7c0d887dac8c8a6dcdc1c7d0066d7c5ce551c1dbf760577d1
1a6ee36ce8e2826b76fd7632195831e3710b8c3bd2002af22dbb3f0b85b64f16
2ac98de861aae4984b0d4a2eaaf03525b8a230f6645598d7951ad970eb35193a
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
30ab151bbfbf9da9daa1bcdbf284f19d567f41301015a66084a7571eaae2fa9a
35b735bedf07d6b66c0a9b4b82b307c9cce8b70b61b3661f2dfe87d7c1fc814c
6a4cbd2b01bcc1213a55c6e3989d1032ae9595e505eba80d6fa70f4d47be857e
7c94b3e9800d457f6d9f64d3a25c360a749c49e855c3a1f74aed1d77e86948c0
7e87b95d23998a3fcf71b26abdea393644e5fceaee4cb2c796aaee90a3bbfe61
856a3e25e403c4f577c63b78a2ee734deedeb7b77fdb25a600b2a5dded64f722
94a101733b064ea75abcc50f0c0f5b8be69890186b9f96a3e9cb956a2d6845a2
957fa9d8e22009502c40c12d830e48a28de8cfdcec5926bfb27830ef3b460611
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
d43c47d081ccec81e0af4c139eb7ad18c06fd84cd5aafe96fbcb55bd4e29efb5
d7532d53e07de8cd28c1a4d98e284df714255ec21c86d6756fe9261ec30691cf
e4475cabe931a1f71deea2db0509054d4261af226673c9450f0085b82d6d123f
eeeb96b92d5aeda83b7b00508324d18dedf839671918eed90f9ff83d85c196d4
fa36256a9e62971035994e35f7679b2efe818cf6d8cb0ca847825560f7f07f7e