lp.powerapp.download Open in urlscan Pro
2606:4700:e6::ac40:c91b Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690...
Effective URL:
https://lp.powerapp.download/ready6/?p=91344.2&v=399
Submission: On June 24 via manual (June 24th 2020, 4:03:13 pm UTC) from US

Summary HTTP 16 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 16 HTTP transactions. The main IP is 2606:4700:e6::ac40:c91b, located in United States and belongs to CLOUDFLARENET, US. The main domain is lp.powerapp.download.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 18th 2019. Valid for: 10 months.

This is the only time lp.powerapp.download was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	54.237.125.12 54.237.125.12	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.230.227.58 54.230.227.58	16509 (AMAZON-02) (AMAZON-02)
1 10	2606:4700:e6:... 2606:4700:e6::ac40:c91b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::681b:a020	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:e2:... 2606:4700:e2::ac40:8e1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	6

4 54.237.125.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-237-125-12.compute-1.amazonaws.com

decreasure.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.227.58 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-54-230-227-58.atl56.r.cloudfront.net

senrecomines.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:e6::ac40:c91b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

lp.powerapp.download	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::681b:a020 (United States)

ASN13335 (CLOUDFLARENET, US)

searchpowerapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:8e1a (United States)

ASN13335 (CLOUDFLARENET, US)

searchpowerplus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	powerapp.download 1 redirects lp.powerapp.download	227 KB
4	decreasure.club decreasure.club	145 KB
1	searchpowerplus.com searchpowerplus.com	540 B
1	searchpowerapp.com searchpowerapp.com	603 B
1	googleapis.com fonts.googleapis.com	855 B
1	senrecomines.fun 1 redirects senrecomines.fun	545 B
16	6

	Domain	Requested by
10	lp.powerapp.download	1 redirects decreasure.club lp.powerapp.download
4	decreasure.club	decreasure.club
1	searchpowerplus.com	lp.powerapp.download
1	searchpowerapp.com	lp.powerapp.download
1	fonts.googleapis.com	lp.powerapp.download
1	senrecomines.fun	1 redirects
16	6

This site contains links to these domains. Also see Links.

Domain
powerapp.download
support.google.com

Subject Issuer	Validity	Valid
decreasure.club Let's Encrypt Authority X3	`2020-06-04` - `2020-09-02`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-12-18` - `2020-10-09`	10 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lp.powerapp.download/ready6/?p=91344.2&v=399
Frame ID: 6531E88BED128F53CD8CCBD13C0D7B51
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce20... Page URL
https://senrecomines.fun/?tid=837193&noocp=1 HTTP 302
https://lp.powerapp.download/redirection.php?lp=12&pid=4.2&ver=1&zoneid=837193&clickid=5491677875508745229 HTTP 302
https://lp.powerapp.download/ready6/?p=91344.2&v=399 Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery-ui.*\.js/i

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery-ui.*\.js/i

Page Statistics

16
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

374 kB
Transfer

1046 kB
Size

8
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://powerapp.download/privacy_policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://powerapp.download/eula/
Title: EULA

Search URL Search Domain Scan URL

URL: https://support.google.com/chrome_webstore/answer/2664769?hl=en
Title: How to Uninstall

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US Page URL
https://senrecomines.fun/?tid=837193&noocp=1 HTTP 302
https://lp.powerapp.download/redirection.php?lp=12&pid=4.2&ver=1&zoneid=837193&clickid=5491677875508745229 HTTP 302
https://lp.powerapp.download/ready6/?p=91344.2&v=399 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 HLXJSRM Show response
decreasure.club/ 12 KB
5 KB 358ms
119ms Document
text/html 54.237.125.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.237.125.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-237-125-12.compute-1.amazonaws.com
Software: / Express
Resource Hash: dbae37fa5a4253e766c9c9abf0b9964c1a8951daf6895a5e59b092e598a1b61c

Request headers

:method: GET
:authority: decreasure.club
:scheme: https
:path: /HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"316b-hNi1MkC4FHOXVkrevE+neMvOYHs"
vary: Accept-Encoding
content-encoding: gzip

GET
H2 200 dlp Show response
decreasure.club/ 214 KB
140 KB 116ms
116ms XHR
text/html 54.237.125.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://decreasure.club/dlp?st=1&lp=not_robot_3&geo=US
Requested by: Host: decreasure.club
URL: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.237.125.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-237-125-12.compute-1.amazonaws.com
Software: / Express
Resource Hash: f70ab006330c652f6d58093fbc6e33245729101c2a358f2b34d9e2165a208aff

Request headers

Referer: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"3568a-YH+jgxEjOtB4eXAyTTXsZyCFG/U"
status: 200
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 push-wrap.js Show response
decreasure.club/ 0
135 B 115ms
114ms Script
text/plain 54.237.125.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://decreasure.club/push-wrap.js?b=8
Requested by: Host: decreasure.club
URL: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.237.125.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-237-125-12.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
access-control-allow-origin: *
x-powered-by: Express
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-methods: GET, POST

GET
H2 200 block.js Show response
decreasure.club/ 0
135 B 116ms
116ms Script
text/plain 54.237.125.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://decreasure.club/block.js?b=4
Requested by: Host: decreasure.club
URL: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.237.125.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-237-125-12.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
access-control-allow-origin: *
x-powered-by: Express
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-methods: GET, POST

GET
H2

200

Primary Request / Show response
lp.powerapp.download/ready6/
Redirect Chain

https://senrecomines.fun/?tid=837193&noocp=1
https://lp.powerapp.download/redirection.php?lp=12&pid=4.2&ver=1&zoneid=837193&clickid=5491677875508745229
https://lp.powerapp.download/ready6/?p=91344.2&v=399

25 KB
6 KB

104ms
103ms

Document
text/html

2606:4700:e6::ac40:c91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.powerapp.download/ready6/?p=91344.2&v=399

Requested by

Host: decreasure.club
URL: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c91b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8623b67fd6a8c07e4e0aca6f575c71b9c307a27509f47f62abdbb2dd200f5c44

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'

Request headers

:method: GET
:authority: lp.powerapp.download
:scheme: https
:path: /ready6/?p=91344.2&v=399
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d9a93865f93b091bc3d790784f544f6801593014578; PHPSESSID=esscdrmr6ismvm0n82c1g11fi1; BCDDUIDC=0D4A2238BBCC4E089A32674AC83CCCAE; SDLPPID=4.2; SDLPVER=1; SDLPZONEID=837193; SDLPCLICKID=5491677875508745229; SDLPLIVE=5491677875508745229
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://decreasure.club/HLXJSRM?tag_id=837193&sub_id1=&sub_id2=8895011778995721216&cookie_id=862ce203-5f0e-4d60-a967-690a9ce4d55e&lp=not_robot_3&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fsenrecomines.fun%2F%3Ftid%3D837193%26noocp%3D1&hop=7&geo=US

Response headers

status: 200
date: Wed, 24 Jun 2020 16:02:58 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
cf-request-id: 0388aa853b00000eb731b5f200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5a87ad1b9f170eb7-FRA
content-encoding: br

Redirect headers

status: 302
date: Wed, 24 Jun 2020 16:02:58 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d9a93865f93b091bc3d790784f544f6801593014578; expires=Fri, 24-Jul-20 16:02:58 GMT; path=/; domain=.powerapp.download; HttpOnly; SameSite=Lax PHPSESSID=esscdrmr6ismvm0n82c1g11fi1; path=/ BCDDUIDC=0D4A2238BBCC4E089A32674AC83CCCAE; expires=Sun, 08-Apr-2294 16:02:58 GMT; Max-Age=8639913600; path=/; domain=.powerapp.download SDLPPID=4.2; expires=Sun, 08-Apr-2294 16:02:58 GMT; Max-Age=8639913600; path=/; domain=.powerapp.download SDLPVER=1; expires=Sun, 08-Apr-2294 16:02:58 GMT; Max-Age=8639913600; path=/; domain=.powerapp.download SDLPZONEID=837193; expires=Sun, 08-Apr-2294 16:02:58 GMT; Max-Age=8639913600; path=/; domain=.powerapp.download SDLPCLICKID=5491677875508745229; expires=Sun, 08-Apr-2294 16:02:58 GMT; Max-Age=8639913600; path=/; domain=.powerapp.download SDLPLIVE=5491677875508745229; expires=Wed, 24-Jun-2020 18:02:58 GMT; Max-Age=7200; path=/; domain=.powerapp.download
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: https://lp.powerapp.download/ready6/?p=91344.2&v=399#spalp2020
cf-cache-status: DYNAMIC
cf-request-id: 0388aa84c600000eb731b57200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5a87ad1add3d0eb7-FRA

GET
DATA 200
OK truncated
/ 112 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ 7 KB
855 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600

Requested by

Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/?p=91344.2&v=399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2265e200507b1207ec22eb06405cfd80e433e6de7665ae9c7f9ef61c375a78cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://lp.powerapp.download/ready6/?p=91344.2&v=399
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 24 Jun 2020 14:27:02 GMT
server: ESF
date: Wed, 24 Jun 2020 16:02:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 Jun 2020 16:02:58 GMT

GET
H2 200 jquery-1.12.4.min.js Show response
lp.powerapp.download/ready6/ 95 KB
32 KB 16ms
15ms Script
application/javascript 2606:4700:e6::ac40:c91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.powerapp.download/ready6/jquery-1.12.4.min.js
Requested by: Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/?p=91344.2&v=399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://lp.powerapp.download/ready6/?p=91344.2&v=399
Origin: https://lp.powerapp.download

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 27 Jan 2019 17:22:40 GMT
server: cloudflare
age: 45
etag: W/"693303309"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5a87ad1c48600eb7-FRA
cf-request-id: 0388aa85af00000eb731b69200000001

GET
H2 200 jquery-ui.js Show response
lp.powerapp.download/ready6/ 509 KB
115 KB 17ms
16ms Script
application/javascript 2606:4700:e6::ac40:c91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.powerapp.download/ready6/jquery-ui.js
Requested by: Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/?p=91344.2&v=399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d

Request headers

Referer: https://lp.powerapp.download/ready6/?p=91344.2&v=399
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 27 Jan 2019 17:23:46 GMT
server: cloudflare
age: 45
etag: W/"3685292503"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5a87ad1c48620eb7-FRA
cf-request-id: 0388aa85af00000eb731b6a200000001

GET
H2 200 animepoints2.gif
lp.powerapp.download/ready6/ 13 KB
13 KB 16ms
16ms Image
image/gif 2606:4700:e6::ac40:c91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.powerapp.download/ready6/animepoints2.gif
Requested by: Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/?p=91344.2&v=399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0798dbbf09ed2ce2e35230e985b8bec1bcb9130c4c0d8619a94fab866e6c3d7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
cf-cache-status: HIT
last-modified: Wed, 01 Apr 2020 16:21:38 GMT
server: cloudflare
age: 7190
etag: "2896065052"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5a87ad1c88c20eb7-FRA
content-length: 13056
cf-request-id: 0388aa85d000000eb731b6f200000001

GET
H2 200 email-decode.min.js Show response
lp.powerapp.download/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
841 B 8ms
7ms Script
application/javascript 2606:4700:e6::ac40:c91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.powerapp.download/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/?p=91344.2&v=399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c91b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 18 Jun 2020 09:09:39 GMT
server: cloudflare
etag: W/"5eeb2f53-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
cf-ray: 5a87ad1c689e0eb7-FRA
cf-request-id: 0388aa85c500000eb731b6e200000001
expires: Fri, 26 Jun 2020 16:02:58 GMT

GET
H2 200 setCookie.php Show response
searchpowerapp.com/ 0
603 B 248ms
199ms XHR
text/html 2606:4700:3030::681b:a020
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://searchpowerapp.com/setCookie.php?pid=4.2&guid=0D4A2238BBCC4E089A32674AC83CCCAE
Requested by: Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/jquery-1.12.4.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::681b:a020 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.4.45-0+deb7u2
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
content-encoding: br
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/5.4.45-0+deb7u2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: text/html
access-control-allow-origin: https://lp.powerapp.download
access-control-allow-credentials: true
cf-ray: 5a87ad1d0a551772-FRA
cf-request-id: 0388aa862100001772b499f200000001

GET
H2 200 setCookie.php Show response
searchpowerplus.com/ 0
540 B 142ms
110ms XHR
text/html 2606:4700:e2::ac40:8e1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://searchpowerplus.com/setCookie.php?guid=0D4A2238BBCC4E089A32674AC83CCCAE
Requested by: Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/jquery-1.12.4.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8e1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.4.45-0+deb7u2
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
content-encoding: br
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/5.4.45-0+deb7u2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: text/html
access-control-allow-origin: https://lp.powerapp.download
access-control-allow-credentials: true
cf-ray: 5a87ad1cebe6c26d-FRA
cf-request-id: 0388aa860c0000c26d2a814200000001

GET
H2 200 bg2.png
lp.powerapp.download/ready6/ 35 KB
35 KB 15ms
14ms Image
image/png 2606:4700:e6::ac40:c91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.powerapp.download/ready6/bg2.png
Requested by: Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/?p=91344.2&v=399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c71b57e331563d16aef0eef478e22c07e0967d691d44815e2b9dc85ad35b2df

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
cf-cache-status: HIT
last-modified: Sun, 07 Jun 2020 12:13:54 GMT
server: cloudflare
age: 7190
etag: "3487261393"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5a87ad1cb94b0eb7-FRA
content-length: 35729
cf-request-id: 0388aa85f700000eb731b74200000001

GET
H2 200 TopAlertNew.png
lp.powerapp.download/ready6/ 6 KB
6 KB 14ms
13ms Image
image/png 2606:4700:e6::ac40:c91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.powerapp.download/ready6/TopAlertNew.png
Requested by: Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/?p=91344.2&v=399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c2c2439ab89be2003517c671569012cc4e03e3a596bfa4361b76b6545836b03

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Jun 2020 16:46:58 GMT
server: cloudflare
age: 7190
etag: "3926478532"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5a87ad1cc9520eb7-FRA
content-length: 5883
cf-request-id: 0388aa85f800000eb731b75200000001

GET
H2 200 CancelPop3.png
lp.powerapp.download/ready6/ 1 KB
1 KB 18ms
17ms Image
image/png 2606:4700:e6::ac40:c91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.powerapp.download/ready6/CancelPop3.png
Requested by: Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/?p=91344.2&v=399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0c8d3388f24084a093464e1b96d7c09c2495ac7a0f91c1fdae48259283c416a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Apr 2020 14:58:47 GMT
server: cloudflare
age: 7190
etag: "2924075962"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5a87ad1cc9560eb7-FRA
content-length: 1407
cf-request-id: 0388aa85f800000eb731b76200000001

GET
H2 206 light.mp3
lp.powerapp.download/ready6/ 16 KB
17 KB 113ms
112ms Media
audio/mpeg 2606:4700:e6::ac40:c91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.powerapp.download/ready6/light.mp3
Requested by: Host: lp.powerapp.download
URL: https://lp.powerapp.download/ready6/?p=91344.2&v=399
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33c4dbad2053699f8332ce40e0edbba0d72563a981950fd574a8f04450b97a63

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 24 Jun 2020 16:02:58 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 23 Jan 2019 16:51:53 GMT
server: cloudflare
etag: "3494608442"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 206
content-type: audio/mpeg
Content-Range: bytes 0-16761/16762
accept-ranges: bytes
cf-ray: 5a87ad1cd9810eb7-FRA
Content-Length: 16762
cf-request-id: 0388aa860600000eb731b77200000001

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.powerapp.download/	1970-04-29 10:28:48	Name: SDLPCLICKID Value: 5491677875508745229
.powerapp.download/	1970-04-29 10:28:48	Name: SDLPZONEID Value: 837193
.powerapp.download/	1970-04-29 10:28:48	Name: SDLPPID Value: 4.2
.powerapp.download/	1970-01-19 10:30:21	Name: SDLPLIVE Value: 5491677875508745229
.powerapp.download/	1970-04-29 10:28:48	Name: SDLPVER Value: 1
.powerapp.download/	1970-04-29 10:28:48	Name: BCDDUIDC Value: 0D4A2238BBCC4E089A32674AC83CCCAE
lp.powerapp.download/	1969-12-31 23:59:59	Name: PHPSESSID Value: esscdrmr6ismvm0n82c1g11fi1
.powerapp.download/	1970-01-19 11:13:26	Name: __cfduid Value: d9a93865f93b091bc3d790784f544f6801593014578

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

decreasure.club
fonts.googleapis.com
lp.powerapp.download
searchpowerapp.com
searchpowerplus.com
senrecomines.fun
2606:4700:3030::681b:a020
2606:4700:e2::ac40:8e1a
2606:4700:e6::ac40:c91b
2a00:1450:4001:808::200a
54.230.227.58
54.237.125.12
1c2c2439ab89be2003517c671569012cc4e03e3a596bfa4361b76b6545836b03
2265e200507b1207ec22eb06405cfd80e433e6de7665ae9c7f9ef61c375a78cd
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
33c4dbad2053699f8332ce40e0edbba0d72563a981950fd574a8f04450b97a63
4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d
5c71b57e331563d16aef0eef478e22c07e0967d691d44815e2b9dc85ad35b2df
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
8623b67fd6a8c07e4e0aca6f575c71b9c307a27509f47f62abdbb2dd200f5c44
a0c8d3388f24084a093464e1b96d7c09c2495ac7a0f91c1fdae48259283c416a
dbae37fa5a4253e766c9c9abf0b9964c1a8951daf6895a5e59b092e598a1b61c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0798dbbf09ed2ce2e35230e985b8bec1bcb9130c4c0d8619a94fab866e6c3d7
f70ab006330c652f6d58093fbc6e33245729101c2a358f2b34d9e2165a208aff

lp.powerapp.download Open in urlscan Pro 2606:4700:e6::ac40:c91b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

67 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

374 kBTransfer

1046 kBSize

8 Cookies

3 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

8 Cookies

Indicators

lp.powerapp.download Open in urlscan Pro
2606:4700:e6::ac40:c91b Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

374 kB
Transfer

1046 kB
Size

8
Cookies

16 HTTP transactions
1 data transactions