offers.generationvip.com

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 3 HTTP transactions. The main IP is 23.56.172.59, located in United States and belongs to AKAMAI-ASN1, US. The main domain is offers.generationvip.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 17th 2019. Valid for: 2 years.

This is the only time offers.generationvip.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	107.175.196.211 107.175.196.211	36352 (AS-COLOCR...) (AS-COLOCROSSING - ColoCrossing)
1 1	35.204.164.160 35.204.164.160	15169 (GOOGLE) (GOOGLE - Google LLC)
2	34.248.250.192 34.248.250.192	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	23.56.172.59 23.56.172.59	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2

1 107.175.196.211 (Buffalo, United States) 1 redirects

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: 107-175-196-211-host.colocrossing.com

download41.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.164.160 (Ascension Island) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 160.164.204.35.bc.googleusercontent.com

hillwhitecom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.248.250.192 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-248-250-192.eu-west-1.compute.amazonaws.com

traffic.focuusing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.56.172.59 (United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-56-172-59.deploy.static.akamaitechnologies.com

offers.generationvip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	focuusing.com traffic.focuusing.com	2 KB
1	generationvip.com offers.generationvip.com	480 B
1	hillwhitecom.com 1 redirects hillwhitecom.com	769 B
1	download41.com 1 redirects download41.com	293 B
3	4

	Domain	Requested by
2	traffic.focuusing.com	traffic.focuusing.com
1	offers.generationvip.com	traffic.focuusing.com
1	hillwhitecom.com	1 redirects
1	download41.com	1 redirects
3	4

This site contains no links.

Subject Issuer	Validity	Valid
*.generationvip.com Sectigo RSA Domain Validation Secure Server CA	`2019-11-17` - `2021-11-16`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://offers.generationvip.com/DE/Welcome_new/?afi=27014&ar=1701&mmi=74078&par=ae654f44YrvkkgR0eILMVba4XOSNi92&gclid=134842046&popunder={popunder}
Frame ID: EE2F1BF9D957007FD53BA815C7A4F15A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://download41.com/r.php?t=c&d=20910&l=1013&c=92027 HTTP 302
https://hillwhitecom.com/?a=1701&oc=10172&c=29650&m=3&s1=1013&s2=20910&s3=92027&s4=21 HTTP 302
http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046 Page URL
http://traffic.focuusing.com/process?afi=27014&ar=1701&campaign=672778&destination=1425495&gclid=13484204... Page URL
https://offers.generationvip.com/DE/Welcome_new/?afi=27014&ar=1701&mmi=74078&par=ae654f44YrvkkgR0eILMVba4XOSN... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Page Statistics

3
Requests

33 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

2 kB
Transfer

1 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://download41.com/r.php?t=c&d=20910&l=1013&c=92027 HTTP 302
https://hillwhitecom.com/?a=1701&oc=10172&c=29650&m=3&s1=1013&s2=20910&s3=92027&s4=21 HTTP 302
http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046 Page URL
http://traffic.focuusing.com/process?afi=27014&ar=1701&campaign=672778&destination=1425495&gclid=134842046&tid=ae654f44YrvkkgR0eILMVba4XOSNi92&traffic_source=97207&crfn=t1ae654f44YrvkkgR0eILMVba4XOSNi92 Page URL
https://offers.generationvip.com/DE/Welcome_new/?afi=27014&ar=1701&mmi=74078&par=ae654f44YrvkkgR0eILMVba4XOSNi92&gclid=134842046&popunder={popunder} Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://download41.com/r.php?t=c&d=20910&l=1013&c=92027 HTTP 302
https://hillwhitecom.com/?a=1701&oc=10172&c=29650&m=3&s1=1013&s2=20910&s3=92027&s4=21 HTTP 302
http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set router traffic.focuusing.com/ Redirect Chain http://download41.com/r.php?t=c&d=20910&l=1013&c=92027 https://hillwhitecom.com/?a=1701&oc=10172&c=29650&m=3&s1=1013&s2=20910&s3=92027&s4=21 http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046	270 B 968 B	76ms 36ms	Document text/html	34.248.250.192 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046 Protocol HTTP/1.1 Server 34.248.250.192 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-34-248-250-192.eu-west-1.compute.amazonaws.com Software Mono-HTTPAPI/1.0 / Resource Hash Request headers Host traffic.focuusing.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Cache-Control no-cache, must-revalidate Cache-control no-cache="set-cookie" Content-Type text/html; charset=utf-8 Date Thu, 12 Dec 2019 15:40:50 GMT Expires Thu, 11 Nov 1999 11:11:11 GMT ORIG_REF http://unknown.net/ Server Mono-HTTPAPI/1.0 Set-Cookie CRID=ae654f44YrvkkgR0eILMVba4XOSNi92;Expires=Mon, 10-Feb-2020 15:40:50; FCRID=Q3VzdG9tZXI=:100709_QWR2ZXJ0aXNlcg==:66232_Q2FtcGFpZ24=:672778;Expires=Mon, 10-Feb-2020 15:40:50; AWSELB=77D91F6D08571353F1686779C47F77A540CBED705DA55B6BD6207F177433D0A52594319DF44787F3968742303E84F42D208952C30FF3718EC245B392F1EE527C2C8EA03F9C;PATH=/;MAX-AGE=360 Content-Length 270 Connection keep-alive Redirect headers Cache-Control private Content-Type text/html; charset=utf-8 Date Thu, 12 Dec 2019 15:40:41 GMT Location http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie som=0dmZuzzdz8RfmlYBqlDeWsASvrCwCJPyHipWz0nmPQ1e8EsEHlVmYQ==; domain=.hillwhitecom.com; path=/; HttpOnly ti=l9fmCh2DXnEn09GCPS3RGcASvrCwCJPyHipWz0nmPQ1e8EsEHlVmYQ==; domain=.hillwhitecom.com; expires=Thu, 12-Dec-2024 15:40:41 GMT; path=/; HttpOnly c10152=0dmZuzzdz8Sw7nYDhCLz0vVo63B0KJRyb+3FwWPxE/2WNn0hIUrMXQ==; domain=.hillwhitecom.com; expires=Sat, 11-Jan-2020 15:40:41 GMT; path=/; HttpOnly Content-Length 236
GET H/1.1	200 OK	Cookie set process traffic.focuusing.com/	216 B 665 B	31ms 30ms	Document text/html	34.248.250.192 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://traffic.focuusing.com/process?afi=27014&ar=1701&campaign=672778&destination=1425495&gclid=134842046&tid=ae654f44YrvkkgR0eILMVba4XOSNi92&traffic_source=97207&crfn=t1ae654f44YrvkkgR0eILMVba4XOSNi92 Requested by Host: traffic.focuusing.com URL: http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046 Protocol HTTP/1.1 Server 34.248.250.192 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-34-248-250-192.eu-west-1.compute.amazonaws.com Software Mono-HTTPAPI/1.0 / Resource Hash Request headers Host traffic.focuusing.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046 Accept-Encoding gzip, deflate Cookie CRID=ae654f44YrvkkgR0eILMVba4XOSNi92; FCRID=Q3VzdG9tZXI=:100709_QWR2ZXJ0aXNlcg==:66232_Q2FtcGFpZ24=:672778; AWSELB=77D91F6D08571353F1686779C47F77A540CBED705DA55B6BD6207F177433D0A52594319DF44787F3968742303E84F42D208952C30FF3718EC245B392F1EE527C2C8EA03F9C Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046 Response headers Cache-Control no-cache, must-revalidate Content-Type text/html; charset=utf-8 Date Thu, 12 Dec 2019 15:40:50 GMT Expires Thu, 11 Nov 1999 11:11:11 GMT ORIG_REF http://traffic.focuusing.com/router?code=2ZZLI2B&traffic_source=97207&afi=27014&ar=1701&gclid=134842046 Server Mono-HTTPAPI/1.0 Set-Cookie CRID=ae654f44YrvkkgR0eILMVba4XOSNi92;Expires=Mon, 10-Feb-2020 15:40:50; Content-Length 216 Connection keep-alive
GET H2	500	Primary Request / Show response offers.generationvip.com/DE/Welcome_new/	283 B 480 B	13342ms 13020ms	Document text/html	23.56.172.59 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://offers.generationvip.com/DE/Welcome_new/?afi=27014&ar=1701&mmi=74078&par=ae654f44YrvkkgR0eILMVba4XOSNi92&gclid=134842046&popunder={popunder} Requested by Host: traffic.focuusing.com URL: http://traffic.focuusing.com/process?afi=27014&ar=1701&campaign=672778&destination=1425495&gclid=134842046&tid=ae654f44YrvkkgR0eILMVba4XOSNi92&traffic_source=97207&crfn=t1ae654f44YrvkkgR0eILMVba4XOSNi92 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.56.172.59 , United States, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-56-172-59.deploy.static.akamaitechnologies.com Software AkamaiGHost / Resource Hash `de51ea52ddb8a00450818d849d81e7f754fda35ecf93294bbbce29c935a2ce01` Request headers :method GET :authority offers.generationvip.com :scheme https :path /DE/Welcome_new/?afi=27014&ar=1701&mmi=74078&par=ae654f44YrvkkgR0eILMVba4XOSNi92&gclid=134842046&popunder={popunder} pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site cross-site sec-fetch-mode navigate referer http://traffic.focuusing.com/process?afi=27014&ar=1701&campaign=672778&destination=1425495&gclid=134842046&tid=ae654f44YrvkkgR0eILMVba4XOSNi92&traffic_source=97207&crfn=t1ae654f44YrvkkgR0eILMVba4XOSNi92 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://traffic.focuusing.com/process?afi=27014&ar=1701&campaign=672778&destination=1425495&gclid=134842046&tid=ae654f44YrvkkgR0eILMVba4XOSNi92&traffic_source=97207&crfn=t1ae654f44YrvkkgR0eILMVba4XOSNi92 Response headers status 500 server AkamaiGHost mime-version 1.0 content-type text/html content-length 283 expires Thu, 12 Dec 2019 15:41:03 GMT date Thu, 12 Dec 2019 15:41:03 GMT server-timing cdn-cache; desc=MISS edge; dur=12922 origin; dur=0

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

download41.com
hillwhitecom.com
offers.generationvip.com
traffic.focuusing.com
107.175.196.211
23.56.172.59
34.248.250.192
35.204.164.160
de51ea52ddb8a00450818d849d81e7f754fda35ecf93294bbbce29c935a2ce01

offers.generationvip.com Open in urlscan Pro 23.56.172.59 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

33 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

2 IPs

3 Countries

2 kBTransfer

1 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

Indicators

offers.generationvip.com Open in urlscan Pro
23.56.172.59 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

33 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

2 kB
Transfer

1 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions