tsebreward.com Open in urlscan Pro
103.140.249.50 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s3.us-west-2.amazonaws.com/eh46g4eh564f56h4e6fh/4az65g4z56g4zd56gdzgzdg.html#/agagadjlk.html?od=1syo61f856e067bc3_vl_trendv...
Effective URL:
https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city...
Submission: On February 05 via api (February 5th 2022, 2:47:05 am UTC) from BE — Scanned from US

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 10 domains to perform 22 HTTP transactions. The main IP is 103.140.249.50, located in Viet Nam and belongs to HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN. The main domain is tsebreward.com.
TLS certificate: Issued by R3 on January 2nd 2022. Valid for: 3 months.

This is the only time tsebreward.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	52.218.220.232 52.218.220.232	16509 (AMAZON-02) (AMAZON-02)
1 1	51.15.182.12 51.15.182.12	12876 (Online SAS) (Online SAS)
2 2	185.221.134.12 185.221.134.12	35913 (DEDIPATH-LLC) (DEDIPATH-LLC)
1 1	103.140.249.49 103.140.249.49	24088 (HTCHCMC-A...) (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch)
7	103.140.249.50 103.140.249.50	24088 (HTCHCMC-A...) (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch)
1	69.16.175.10 69.16.175.10	20446 (HIGHWINDS3) (HIGHWINDS3)
5	13.225.231.99 13.225.231.99	16509 (AMAZON-02) (AMAZON-02)
3	142.251.32.106 142.251.32.106	15169 (GOOGLE) (GOOGLE)
5	172.217.165.131 172.217.165.131	15169 (GOOGLE) (GOOGLE)
22	6

1 52.218.220.232 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com

s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.15.182.12 (France) 1 redirects

ASN12876 (Online SAS, FR)
PTR: 51-15-182-12.rev.sectele.com

daigou.approvedib.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.221.134.12 (Los Angeles, United States) 2 redirects

ASN35913 (DEDIPATH-LLC, US)

ppvined.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
atothezzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.140.249.49 (Viet Nam) 1 redirects

ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn

lpstrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 103.140.249.50 (Viet Nam)

ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN)
PTR: static-ptr.vndata.vn

tsebreward.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.225.231.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-231-99.jfk51.r.cloudfront.net

d3e1y4kxkqljcb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.32.106 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.165.131 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s70-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	tsebreward.com tsebreward.com	23 KB
5	gstatic.com fonts.gstatic.com	87 KB
5	cloudfront.net d3e1y4kxkqljcb.cloudfront.net	145 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	2 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 584	33 KB
1	lpstrk.com 1 redirects lpstrk.com — Cisco Umbrella Rank: 537169	1 KB
1	atothezzz.com 1 redirects atothezzz.com — Cisco Umbrella Rank: 471847	793 B
1	ppvined.com 1 redirects ppvined.com — Cisco Umbrella Rank: 456436	423 B
1	approvedib.de 1 redirects daigou.approvedib.de	494 B
1	amazonaws.com s3.us-west-2.amazonaws.com — Cisco Umbrella Rank: 2740	464 B
22	10

	Domain	Requested by
7	tsebreward.com	s3.us-west-2.amazonaws.com tsebreward.com code.jquery.com
5	fonts.gstatic.com	fonts.googleapis.com
5	d3e1y4kxkqljcb.cloudfront.net	tsebreward.com
3	fonts.googleapis.com	tsebreward.com
1	code.jquery.com	tsebreward.com
1	lpstrk.com	1 redirects
1	atothezzz.com	1 redirects
1	ppvined.com	1 redirects
1	daigou.approvedib.de	1 redirects
1	s3.us-west-2.amazonaws.com
22	10

This site contains no links.

Subject Issuer	Validity	Valid
*.s3-us-west-2.amazonaws.com Amazon	`2021-12-17` - `2022-11-29`	a year	crt.sh
tsebreward.com R3	`2022-01-02` - `2022-04-02`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Frame ID: 9BF1A3CFEBA0E1C2652CA8E1E033D43C
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

[1] Reward Pending!

Page URL History Show full URLs

https://s3.us-west-2.amazonaws.com/eh46g4eh564f56h4e6fh/4az65g4z56g4zd56gdzgzdg.html Page URL
http://daigou.approvedib.de//agagadjlk.html?od=1syo61f856e067bc3_vl_trendvl_0zx4.620dp2o.C0000rh52bs1b5n... HTTP 302
https://ppvined.com/?E=o5yDNDQ9xDagJT27rOBGocE1MRDnMpSZ&s1=Runaway31__929a0572z8b3x3f0b6f42&s2=y... HTTP 302
https://atothezzz.com/?E=o5yDNDQ9xDagJT27rOBGocE1MRDnMpSZ&s1=Runaway31__929a0572z8b3x3f0b6f42&s2=y... HTTP 302
https://lpstrk.com/10qefe8pfeyoqpgjj13s&target=lw&externalid=363387616&offer_id=5776&subid1=702... HTTP 302
https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

6
IPs

3
Countries

291 kB
Transfer

431 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s3.us-west-2.amazonaws.com/eh46g4eh564f56h4e6fh/4az65g4z56g4zd56gdzgzdg.html Page URL
http://daigou.approvedib.de//agagadjlk.html?od=1syo61f856e067bc3_vl_trendvl_0zx4.620dp2o.C0000rh52bs1b5n03e_x11293.h52bsMjR5MGxrLTMwZTc2Zm00w6t3k HTTP 302
https://ppvined.com/?E=o5yDNDQ9xDagJT27rOBGocE1MRDnMpSZ&s1=Runaway31__929a0572z8b3x3f0b6f42&s2=yo0zx|M21unJj=|h52bs|24y0lk|30e76fm|61115|0000rh52bs|C|oTI2pzSxo3V=|PC|inh2m3&s3=p3yiAwSzBQH2MGN2A2WwZ192oS90pzIhMUMfKmO6rQD= HTTP 302
https://atothezzz.com/?E=o5yDNDQ9xDagJT27rOBGocE1MRDnMpSZ&s1=Runaway31__929a0572z8b3x3f0b6f42&s2=yo0zx|M21unJj=|h52bs|24y0lk|30e76fm|61115|0000rh52bs|C|oTI2pzSxo3V=|PC|inh2m3&s3=p3yiAwSzBQH2MGN2A2WwZ192oS90pzIhMUMfKmO6rQD=&ckmguid=d044f514-d437-48ee-89a8-2d2aaeb6daec HTTP 302
https://lpstrk.com/10qefe8pfeyoqpgjj13s&target=lw&externalid=363387616&offer_id=5776&subid1=702907&subid2=Runaway31__929a0572z8b3x3f0b6f42 HTTP 302
https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 4az65g4z56g4zd56gdzgzdg.html Show response
s3.us-west-2.amazonaws.com/eh46g4eh564f56h4e6fh/ 108 B
464 B 354ms
114ms Document
text/html 52.218.220.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.us-west-2.amazonaws.com/eh46g4eh564f56h4e6fh/4az65g4z56g4zd56gdzgzdg.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.232 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: a064ed66ac31fa268dbf64e2a71a1ee1ff0770393c3958cf40282b28b2c896df

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

x-amz-id-2: ZMdKxyJv+ibaGHXq6+wbfTzBcz6m4V2Y1OEHFDvzC1bOuUo29Fp9uPwjHoCZHVoixvUhYZ50x98=
x-amz-request-id: RX18SJWSE8BE65YH
Date: Sat, 05 Feb 2022 02:46:56 GMT
Last-Modified: Mon, 31 Jan 2022 16:49:50 GMT
ETag: "95ccb3722d5eb5df68fd57deffbd9f63"
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 108

GET
H/1.1

200
OK

Primary Request index_5_d.php Show response
tsebreward.com/visitoronline_us_nonbr/
Redirect Chain

http://daigou.approvedib.de//agagadjlk.html?od=1syo61f856e067bc3_vl_trendvl_0zx4.620dp2o.C0000rh52bs1b5n03e_x11293.h52bsMjR5MGxrLTMwZTc2Zm00w6t3k
https://ppvined.com/?E=o5yDNDQ9xDagJT27rOBGocE1MRDnMpSZ&s1=Runaway31__929a0572z8b3x3f0b6f42&s2=yo0zx|M21unJj=|h52bs|24y0lk|30e76fm|61115|0000rh52bs|C|oTI2pzSxo3V=|PC|inh2m3&s3=p3yiAwSzBQH2MGN2A2WwZ...
https://atothezzz.com/?E=o5yDNDQ9xDagJT27rOBGocE1MRDnMpSZ&s1=Runaway31__929a0572z8b3x3f0b6f42&s2=yo0zx|M21unJj=|h52bs|24y0lk|30e76fm|61115|0000rh52bs|C|oTI2pzSxo3V=|PC|inh2m3&s3=p3yiAwSzBQH2MGN2A2W...
https://lpstrk.com/10qefe8pfeyoqpgjj13s&target=lw&externalid=363387616&offer_id=5776&subid1=702907&subid2=Runaway31__929a0572z8b3x3f0b6f42
https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lande...

36 KB
8 KB

877ms
291ms

Document
text/html

103.140.249.50
HCMC Branch

General

Check archive.org

Show headers Download Go to

Full URL: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Requested by: Host: s3.us-west-2.amazonaws.com
URL: https://s3.us-west-2.amazonaws.com/eh46g4eh564f56h4e6fh/4az65g4z56g4zd56gdzgzdg.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS: static-ptr.vndata.vn
Software: nginx /
Resource Hash: bd8214888dc8911b6d79c548cce9679d93f5684a2440da67c8a0b2a621eab118

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://s3.us-west-2.amazonaws.com/eh46g4eh564f56h4e6fh/4az65g4z56g4zd56gdzgzdg.html#/agagadjlk.html?od=1syo61f856e067bc3_vl_trendvl_0zx4.620dp2o.C0000rh52bs1b5n03e_x11293.h52bsMjR5MGxrLTMwZTc2Zm00w6t3k

Response headers

Server: nginx
Date: Sat, 05 Feb 2022 02:46:59 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 7501
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

Redirect headers

Server: nginx/1.20.0
Date: Sat, 05 Feb 2022 02:46:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Strict-Transport-Security: max-age=31536000

GET
H/1.1 200
OK main_1_d.css
tsebreward.com/visitoronline_us_nonbr/css/ 20 KB
5 KB 286ms
285ms Stylesheet
text/css 103.140.249.50
HCMC Branch

General

Check archive.org

Show headers Download Go to

Full URL: https://tsebreward.com/visitoronline_us_nonbr/css/main_1_d.css
Requested by: Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS: static-ptr.vndata.vn
Software: nginx /
Resource Hash: 54fd3bda9421f5b009ef51984a7c555c4d89c332adee26549a847143d1d0367b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 05 Feb 2022 02:46:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Nov 2021 12:50:51 GMT
Server: nginx
ETag: W/"61979dab-4f34"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-1.11.1.min.js Show response
code.jquery.com/ 94 KB
33 KB 321ms
7ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.1.min.js
Requested by: Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 02:46:59 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-1762a"
vary: Accept-Encoding
x-hw: 1644029219.dop140.ny3.t,1644029219.cds134.ny3.hn,1644029219.cds144.ny3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 33202

GET
H/1.1 200
OK script_5_d.js Show response
tsebreward.com/visitoronline_us_nonbr/js/ 36 KB
6 KB 274ms
274ms Script
application/javascript 103.140.249.50
HCMC Branch

General

Check archive.org

Show headers Download Go to

Full URL: https://tsebreward.com/visitoronline_us_nonbr/js/script_5_d.js
Requested by: Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS: static-ptr.vndata.vn
Software: nginx /
Resource Hash: c079c8211069a2a954620b32996ac23ebf653adcb3bb1625a0da42342629a520

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 05 Feb 2022 02:46:59 GMT
Content-Encoding: gzip
Last-Modified: Mon, 24 Jan 2022 12:51:14 GMT
Server: nginx
ETag: W/"61eea0c2-91ab"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 giphy.gif
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/nn_survey/ 15 KB
16 KB 343ms
5ms Image
image/gif 13.225.231.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/nn_survey/giphy.gif
Requested by: Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.231.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-231-99.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 04 Feb 2022 05:35:31 GMT
via: 1.1 d9d5880faa1278f1716f3a60dd93de56.cloudfront.net (CloudFront)
last-modified: Mon, 26 Oct 2020 15:58:58 GMT
server: AmazonS3
age: 76290
etag: "45f10d30ce7014885a2d438941a16d3a"
x-cache: Hit from cloudfront
x-amz-version-id: null
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: image/gif
content-length: 15537
x-amz-cf-id: SLVqfjiDmZgJtzzoKMC3BCohSRbLM3DjFMwmUa4zi_sY6xeHQhLI-Q==

GET
H/1.1 200
OK redirect_bin.js Show response
tsebreward.com/ 551 B
869 B 281ms
281ms Script
application/javascript 103.140.249.50
HCMC Branch

General

Check archive.org

Show headers Download Go to

Full URL: https://tsebreward.com/redirect_bin.js
Requested by: Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS: static-ptr.vndata.vn
Software: nginx /
Resource Hash: 595fc9d77aaa41cb01936f11d16d156a8c571faace86be0e10634aeaf3e924ce

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 05 Feb 2022 02:46:59 GMT
Last-Modified: Sat, 20 Nov 2021 11:31:15 GMT
Server: nginx
ETag: "6198dc83-227"
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 551
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 8 KB
1 KB 353ms
36ms Stylesheet
text/css 142.251.32.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap

Requested by

Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/css/main_1_d.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f10.1e100.net

Software

ESF /

Resource Hash

33284fe633022dc52abfaa8f476c0642cc34d552861bdd2924b60a3edd68b882

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 05 Feb 2022 02:35:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 05 Feb 2022 02:46:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 05 Feb 2022 02:46:59 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
545 B 353ms
37ms Stylesheet
text/css 142.251.32.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:wght@400;700&display=swap

Requested by

Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/css/main_1_d.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f10.1e100.net

Software

ESF /

Resource Hash

0eddb348ebcdcf34164bf539f7a5e5f204f99067bf1f915705078316efb80ae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 05 Feb 2022 02:32:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 05 Feb 2022 02:46:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 05 Feb 2022 02:46:59 GMT

GET
H2 200 new_sprite_8.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 22 KB
23 KB 333ms
17ms Image
image/png 13.225.231.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/new_sprite_8.png
Requested by: Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/css/main_1_d.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.231.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-231-99.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 703b205caa6038e17c88e792100955746b321bd0497970bc9c6b2f967749f8ec

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 04 Feb 2022 08:52:03 GMT
via: 1.1 d9d5880faa1278f1716f3a60dd93de56.cloudfront.net (CloudFront)
last-modified: Fri, 19 Nov 2021 12:44:09 GMT
server: AmazonS3
age: 64498
etag: "070a2d22130ab75690b701c22a1e2974"
x-cache: Hit from cloudfront
x-amz-version-id: 9ej7nRvFwrLI5itWKzvrD34ghG5wlzfS
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: image/png
content-length: 22737
x-amz-cf-id: cNHjlAV2u14AcTLL435U3RiapnFMh4heJT5PGgp23zA65YPtWBfZ5g==

GET
H2 200 line_background4.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 61 KB
62 KB 324ms
8ms Image
image/png 13.225.231.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/line_background4.png
Requested by: Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.231.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-231-99.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9144afcf99db928e2f67372c78684c5e4d37352700f47abb00992fe60155fae7

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 04 Feb 2022 12:55:41 GMT
via: 1.1 d9d5880faa1278f1716f3a60dd93de56.cloudfront.net (CloudFront)
last-modified: Mon, 23 Aug 2021 15:43:45 GMT
server: AmazonS3
age: 49880
etag: "375e3524d7f8353cb120bb59e9b66c05"
x-cache: Hit from cloudfront
x-amz-version-id: MhoF05G5kGnYWTDTNUZnmaMztuyzUHC3
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: image/png
content-length: 62543
x-amz-cf-id: G3B-jM6zoXeveR6jp8c6vM9A1YwV4gKQLozV9AUZeTloh8ZuOwo42w==

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 323ms
4ms Font
font/woff2 172.217.165.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.165.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f3.1e100.net

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tsebreward.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 08:30:30 GMT
x-content-type-options: nosniff
age: 152190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 03 Feb 2023 08:30:30 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 324ms
5ms Font
font/woff2 172.217.165.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.165.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f3.1e100.net

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tsebreward.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 07:38:42 GMT
x-content-type-options: nosniff
age: 587298
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 29 Jan 2023 07:38:42 GMT

GET
H2 200 7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v11/ 21 KB
21 KB 327ms
8ms Font
font/woff2 172.217.165.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v11/7cHqv4kjgoGqM7E3t-4s51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.165.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f3.1e100.net

Software

sffe /

Resource Hash

65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tsebreward.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 20:03:46 GMT
x-content-type-options: nosniff
age: 196994
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21724
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:06:16 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Feb 2023 20:03:46 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ 17 KB
17 KB 327ms
10ms Font
font/woff2 172.217.165.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,300;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.165.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f3.1e100.net

Software

sffe /

Resource Hash

4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tsebreward.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 08:05:11 GMT
x-content-type-options: nosniff
age: 153709
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17484
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 03 Feb 2023 08:05:11 GMT

GET
H2 200 new_footer2.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ 8 KB
9 KB 298ms
10ms Image
image/png 13.225.231.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/new_footer2.png
Requested by: Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.231.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-231-99.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38698bd6030ccf4376df80dc1080041bad75f3ea78d7aae8482c190398f36efc

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 05 Feb 2022 02:35:01 GMT
via: 1.1 d9d5880faa1278f1716f3a60dd93de56.cloudfront.net (CloudFront)
last-modified: Thu, 16 Dec 2021 14:42:21 GMT
server: AmazonS3
age: 720
etag: "619490af4a1c1203e96f1971f8c5a754"
x-cache: Hit from cloudfront
x-amz-version-id: yBLYCULXABmGaPHdCaVR884WdkPQwV4V
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: image/png
content-length: 8408
x-amz-cf-id: YsiXLtggtE7fNgNNgv7zy41kORzJCBnJCoKbSwGgYI8O0BrwDgzWxg==

GET
H/1.1 200
OK gift.css
tsebreward.com/visitoronline_us_nonbr/css/ 790 B
1 KB 282ms
282ms Stylesheet
text/css 103.140.249.50
HCMC Branch

General

Check archive.org

Show headers Download Go to

Full URL: https://tsebreward.com/visitoronline_us_nonbr/css/gift.css
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS: static-ptr.vndata.vn
Software: nginx /
Resource Hash: bd1acc174c163ada5660f8d2ebd24a6d3cefea2728ba12d3e712c1b25eef5672

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 05 Feb 2022 02:47:00 GMT
Last-Modified: Wed, 24 Nov 2021 12:33:18 GMT
Server: nginx
ETag: "619e310e-316"
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 790
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK lw.css
tsebreward.com/visitoronline_us_nonbr/css/ 3 KB
1 KB 270ms
270ms Stylesheet
text/css 103.140.249.50
HCMC Branch

General

Check archive.org

Show headers Download Go to

Full URL: https://tsebreward.com/visitoronline_us_nonbr/css/lw.css
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS: static-ptr.vndata.vn
Software: nginx /
Resource Hash: fad36c29dfdabf338ff8920f8d307e9c5ea12d2d29a78a457ae5db1b1924e473

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 05 Feb 2022 02:47:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Jan 2022 08:36:11 GMT
Server: nginx
ETag: W/"61e91efb-a67"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK lw.json Show response
tsebreward.com/visitoronline_us_nonbr/datas/ 883 B
1 KB 540ms
271ms XHR
application/json 103.140.249.50
HCMC Branch

General

Check archive.org

Show headers Download Go to

Full URL: https://tsebreward.com/visitoronline_us_nonbr/datas/lw.json
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.140.249.50 , Viet Nam, ASN24088 (HTCHCMC-AS-VN Hanoi Telecom Joint Stock Company - HCMC Branch, VN),
Reverse DNS: static-ptr.vndata.vn
Software: nginx /
Resource Hash: 4026184fb4096358113d7718bf75520f2de835f9190de8f640ce6e6d8d7ed4f1

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
X-Requested-With: XMLHttpRequest
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 05 Feb 2022 02:47:00 GMT
Last-Modified: Mon, 12 Jul 2021 15:14:09 GMT
Server: nginx
ETag: "373-5c6ee92b2c7c0"
Content-Type: application/json
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 883

GET
H2 200 gift_card_lw.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/gift_card/ 36 KB
37 KB 285ms
11ms Image
image/png 13.225.231.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3e1y4kxkqljcb.cloudfront.net/survey_us_d/gift_card/gift_card_lw.png
Requested by: Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/index_5_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=New%20York&clickid=623afk27sa2a1f95&campaign=1745&user_id=1&clickcost=0&lander=1441&time=1643986018&browser_version=97.0.4692.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Secure%20Data%20Systems%20SRL&ip=37.120.138.195&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&lpkey=16f344a10224959e18&target=lw&device=DESKTOP&country=US&ts={t9}&trafficsource=68&uclick=k27sa2a1&uclickhash=k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.231.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-231-99.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a0f5b3ad9a90ac26aabe085fc9db6a361a70ce5ec760758be46e9583199f4569

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 04 Feb 2022 20:05:54 GMT
via: 1.1 d9d5880faa1278f1716f3a60dd93de56.cloudfront.net (CloudFront)
last-modified: Mon, 22 Nov 2021 15:29:05 GMT
server: AmazonS3
age: 24067
etag: "1c560428130cd63de12ae258211ad10e"
x-cache: Hit from cloudfront
x-amz-version-id: kd5Lj_YmV_C2BC4aZiUYnLzL1_DGdrUU
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-type: image/png
content-length: 37232
x-amz-cf-id: aIZV8FovQ3UPvnEnBEBdg_nJz-MwX039RTTOwZX-3_qnQWwZXX6BFQ==

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
518 B 22ms
21ms Stylesheet
text/css 142.251.32.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Anton&display=swap

Requested by

Host: tsebreward.com
URL: https://tsebreward.com/visitoronline_us_nonbr/css/lw.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f10.1e100.net

Software

ESF /

Resource Hash

7a375777aae066633f2fe9c9308034473f90f6ef57e951ff7a5f78eb5a74accb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tsebreward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 05 Feb 2022 02:44:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 05 Feb 2022 02:47:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 05 Feb 2022 02:47:00 GMT

GET
H2 200 1Ptgg87LROyAm3Kz-C8.woff2
fonts.gstatic.com/s/anton/v22/ 17 KB
17 KB 5ms
4ms Font
font/woff2 172.217.165.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/anton/v22/1Ptgg87LROyAm3Kz-C8.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Anton&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.165.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f3.1e100.net

Software

sffe /

Resource Hash

feb9617bd3fcda1a52cbf8539985fddac2aaab0e6df8dbdac21ec3e9a179a4be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://tsebreward.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 19:39:01 GMT
x-content-type-options: nosniff
age: 198479
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17020
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:18:15 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Feb 2023 19:39:01 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.atothezzz.com/	1969-12-31 23:59:59	Name: sq Value: k1qSspYeHWqO4ZEIGk/jYBukEqssmZ0Bxb3gMWHuFN+CSx1kop6pyw==
.atothezzz.com/	1970-01-20 18:11:23	Name: ti Value: 8upr/6dhfyuy+WGLPtcUZhukEqssmZ0Bxb3gMWHuFN+CSx1kop6pyw==
.atothezzz.com/	1970-01-20 01:23:41	Name: c5776 Value: k1qSspYeHWq4+Q51C16j86H4sLPUt38yl/9IR+KGmGBbFhZNe+7t5g==
lpstrk.com/	1970-01-20 00:41:55	Name: uclick Value: k27sa2a1
lpstrk.com/	1970-01-20 00:41:55	Name: uclickhash Value: k27sa2a1-k27sa2a1-xsyd-168n-2ta7-pm3vbl-xs3zfe-945ebe

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

atothezzz.com
code.jquery.com
d3e1y4kxkqljcb.cloudfront.net
daigou.approvedib.de
fonts.googleapis.com
fonts.gstatic.com
lpstrk.com
ppvined.com
s3.us-west-2.amazonaws.com
tsebreward.com
103.140.249.49
103.140.249.50
13.225.231.99
142.251.32.106
172.217.165.131
185.221.134.12
51.15.182.12
52.218.220.232
69.16.175.10
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0eddb348ebcdcf34164bf539f7a5e5f204f99067bf1f915705078316efb80ae2
33284fe633022dc52abfaa8f476c0642cc34d552861bdd2924b60a3edd68b882
38698bd6030ccf4376df80dc1080041bad75f3ea78d7aae8482c190398f36efc
4026184fb4096358113d7718bf75520f2de835f9190de8f640ce6e6d8d7ed4f1
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54fd3bda9421f5b009ef51984a7c555c4d89c332adee26549a847143d1d0367b
595fc9d77aaa41cb01936f11d16d156a8c571faace86be0e10634aeaf3e924ce
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
703b205caa6038e17c88e792100955746b321bd0497970bc9c6b2f967749f8ec
7a375777aae066633f2fe9c9308034473f90f6ef57e951ff7a5f78eb5a74accb
9144afcf99db928e2f67372c78684c5e4d37352700f47abb00992fe60155fae7
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
a064ed66ac31fa268dbf64e2a71a1ee1ff0770393c3958cf40282b28b2c896df
a0f5b3ad9a90ac26aabe085fc9db6a361a70ce5ec760758be46e9583199f4569
bd1acc174c163ada5660f8d2ebd24a6d3cefea2728ba12d3e712c1b25eef5672
bd8214888dc8911b6d79c548cce9679d93f5684a2440da67c8a0b2a621eab118
c079c8211069a2a954620b32996ac23ebf653adcb3bb1625a0da42342629a520
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
fad36c29dfdabf338ff8920f8d307e9c5ea12d2d29a78a457ae5db1b1924e473
feb9617bd3fcda1a52cbf8539985fddac2aaab0e6df8dbdac21ec3e9a179a4be

tsebreward.com Open in urlscan Pro 103.140.249.50 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

0 %IPv6

10 Domains

10 Subdomains

6 IPs

3 Countries

291 kBTransfer

431 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

34 JavaScript Global Variables

5 Cookies

Indicators

tsebreward.com Open in urlscan Pro
103.140.249.50 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

6
IPs

3
Countries

291 kB
Transfer

431 kB
Size

5
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!