friend.candyteens.xyz Open in urlscan Pro
77.222.40.43 Public Scan

URL:
http://friend.candyteens.xyz/
Submission: On May 02 via manual (May 2nd 2019, 8:29:13 am UTC) from SG

Summary HTTP 18 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 4 domains to perform 18 HTTP transactions. The main IP is 77.222.40.43, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is friend.candyteens.xyz.

This is the only time friend.candyteens.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	77.222.40.43 77.222.40.43	44112 (SWEB-AS) (SWEB-AS)
6 12	216.104.34.226 216.104.34.226	32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC)
1	2001:1aa8:185... 2001:1aa8:185::212:100	24642 (NL-CAVEO) (NL-CAVEO)
1	2001:1aa8:185... 2001:1aa8:185::212:102	24642 (NL-CAVEO) (NL-CAVEO)
1 2	185.94.236.21 185.94.236.21	42567 (MOJHOST-EU) (MOJHOST-EU)
1	151.139.236.208 151.139.236.208	33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group)
1	2001:1aa8:185... 2001:1aa8:185::212:101	24642 (NL-CAVEO) (NL-CAVEO)
18	8

6 77.222.40.43 (Russian Federation)

ASN44112 (SWEB-AS, RU)
PTR: vh265.sweb.ru

friend.candyteens.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 216.104.34.226 (Chicago, United States) 6 redirects

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: db.inorbitad.com

inorbitad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
admin.inorbitad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:1aa8:185::212:100 (Netherlands)

ASN24642 (NL-CAVEO, NL)

go.ero-advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:1aa8:185::212:102 (Netherlands)

ASN24642 (NL-CAVEO, NL)

data.ero-advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.236.21 (Netherlands) 1 redirects

ASN42567 (MOJHOST-EU, NL)

adserver.juicyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.236.208 (Dallas, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)

js.juicyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:1aa8:185::212:101 (Netherlands)

ASN24642 (NL-CAVEO, NL)

go.ero-advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	inorbitad.com 6 redirects inorbitad.com admin.inorbitad.com	10 KB
6	candyteens.xyz friend.candyteens.xyz	612 KB
3	juicyads.com 1 redirects adserver.juicyads.com js.juicyads.com	2 KB
3	ero-advertising.com go.ero-advertising.com data.ero-advertising.com	187 KB
18	4

	Domain	Requested by
6	admin.inorbitad.com	friend.candyteens.xyz
6	inorbitad.com	6 redirects
6	friend.candyteens.xyz	friend.candyteens.xyz
2	adserver.juicyads.com	1 redirects js.juicyads.com
2	go.ero-advertising.com	friend.candyteens.xyz data.ero-advertising.com
1	js.juicyads.com	friend.candyteens.xyz
1	data.ero-advertising.com	friend.candyteens.xyz
18	7

This site contains links to these domains. Also see Links.

Domain
inorbitad.com

Subject Issuer	Validity	Valid
www.admin.inorbitad.com Sectigo RSA Domain Validation Secure Server CA	`2019-01-21` - `2020-02-20`	a year	crt.sh

This page contains 3 frames:

Primary Page: http://friend.candyteens.xyz/
Frame ID: 63E3FF830DDD53E5FDC21A562F5CAFBF
Requests: 16 HTTP requests in this frame

Frame: http://adserver.juicyads.com/adshow.php?adzone=665707
Frame ID: 219FB6B92DA7A10778D1A279E22926F6
Requests: 1 HTTP requests in this frame

Frame: http://adserver.juicyads.com/adshow.php?adzone=665707
Frame ID: C2A6AD8E37BACA66D7298B358B375479
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

18
Requests

33 %
HTTPS

43 %
IPv6

4
Domains

7
Subdomains

8
IPs

3
Countries

809 kB
Transfer

841 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://inorbitad.com/ads/www/delivery/ck.php?oaparams=2__bannerid=662__zoneid=2975__OXLCA=1__cb=e192b88947__request_id=5072334415____oadest=
Title: if (typeof eaCtrl =="undefined"){ var eaCtrlRecs=[]; var eaCtrl = {add:function(ag){eaCtrlRecs.push(ag)}}; var js = document.createElement('script'); js.setAttribute("src","//go.ero-advertising.com/loadeactrl.go?pid=111036&siteid=980702&spaceid=3996858"); document.head.appendChild(js); } eaCtrl.add({"plugin":"pop","sid":3996858,"traffic_type":"all","subid":""});

Search URL Search Domain Scan URL

URL: https://inorbitad.com/ads/www/delivery/ck.php?oaparams=2__bannerid=652__zoneid=2974__OXLCA=1__cb=8063144dfa__request_id=5072334498____oadest=
Title: (adsbyjuicy = window.adsbyjuicy || []).push({'adzone':665707});

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://inorbitad.com/ads/www/delivery/ads.js?zoneid=2975&width=0&height=0 HTTP 302
https://admin.inorbitad.com/ads/www/delivery/ads.js?zoneid=2975&width=0&height=0

Request Chain 5

https://inorbitad.com/ads/www/delivery/ads.js?zoneid=2974&width=0&height=0 HTTP 302
https://admin.inorbitad.com/ads/www/delivery/ads.js?zoneid=2974&width=0&height=0

Request Chain 6

https://inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2975&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux HTTP 302
https://admin.inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2975&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux

Request Chain 8

https://inorbitad.com/ads/www/delivery/lg.php?bannerid=662&campaignid=144&zoneid=2975&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=e192b88947&request_id=5072334415 HTTP 302
https://admin.inorbitad.com/ads/www/delivery/lg.php?bannerid=662&campaignid=144&zoneid=2975&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=e192b88947&request_id=5072334415

Request Chain 10

https://inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2974&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux HTTP 302
https://admin.inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2974&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux

Request Chain 12

http://adserver.juicyads.com/js/jads.js HTTP 301
http://js.juicyads.com/jads.js

Request Chain 13

https://inorbitad.com/ads/www/delivery/lg.php?bannerid=652&campaignid=138&zoneid=2974&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=8063144dfa&request_id=5072334498 HTTP 302
https://admin.inorbitad.com/ads/www/delivery/lg.php?bannerid=652&campaignid=138&zoneid=2974&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=8063144dfa&request_id=5072334498

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response friend.candyteens.xyz/	38 KB 2 KB	327ms 85ms	Document text/html	77.222.40.43 SWEB-AS
General Check archive.org Show headers Download Go to Full URL http://friend.candyteens.xyz/ Protocol HTTP/1.1 Server 77.222.40.43 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh265.sweb.ru Software nginx/1.15.8 / PHP/7.1.26 Resource Hash `ea6e13a7bab70e00d64440b35300d96697d395b4b41fb710cf77b1a41c734636` Request headers Host friend.candyteens.xyz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx/1.15.8 Date Thu, 02 May 2019 08:28:36 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=10 Vary Accept-Encoding X-Powered-By PHP/7.1.26 Content-Encoding gzip
GET H/1.1	200 OK	ads.js Show response admin.inorbitad.com/ads/www/delivery/ Redirect Chain https://inorbitad.com/ads/www/delivery/ads.js?zoneid=2975&width=0&height=0 https://admin.inorbitad.com/ads/www/delivery/ads.js?zoneid=2975&width=0&height=0	1 KB 1 KB	594ms 114ms	Script application/javascript	216.104.34.226 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://admin.inorbitad.com/ads/www/delivery/ads.js?zoneid=2975&width=0&height=0 Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.104.34.226 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS db.inorbitad.com Software nginx/1.10.2 / Resource Hash `b13b198fa2292679ac2b7d9a5abf29d2747ca82e2f365e66a78891ea88311aa0` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 May 2019 08:28:37 GMT Last-Modified Wed, 04 Jan 2017 10:44:54 GMT Server nginx/1.10.2 ETag "586cd226-43c" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 1084 Redirect headers Location https://admin.inorbitad.com/ads/www/delivery/ads.js?zoneid=2975&width=0&height=0 Date Thu, 02 May 2019 08:28:37 GMT Server nginx/1.10.2 Connection keep-alive Content-Length 161 Content-Type text/html
GET H/1.1	200 OK	logo.png friend.candyteens.xyz/	126 KB 126 KB	72ms 71ms	Image image/png	77.222.40.43 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://friend.candyteens.xyz/logo.png Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Server 77.222.40.43 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh265.sweb.ru Software nginx/1.15.8 / Resource Hash `d9f09754af1d91215803a83989b0ffe991b5738923c8400e19489feaf7246453` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 May 2019 08:28:36 GMT Last-Modified Wed, 13 Mar 2019 17:17:24 GMT Server nginx/1.15.8 ETag "2e0077-1f7ab-583fcfab68ce0" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 128939
GET H/1.1	200 OK	jpg-icon-13473.png friend.candyteens.xyz/	195 KB 195 KB	357ms 69ms	Image image/png	77.222.40.43 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://friend.candyteens.xyz/jpg-icon-13473.png Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Server 77.222.40.43 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh265.sweb.ru Software nginx/1.15.8 / Resource Hash `dc668f85ebb26ec6f8b24197a5c8561426d418c57236a081e7c2938108292ade` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 May 2019 08:28:36 GMT Last-Modified Wed, 13 Mar 2019 17:17:23 GMT Server nginx/1.15.8 ETag "2e0076-30c68-583fcfaa9466e" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 199784
GET H/1.1	200 OK	Compressed-File-RAR-icon.png friend.candyteens.xyz/	18 KB 18 KB	84ms 73ms	Image image/png	77.222.40.43 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://friend.candyteens.xyz/Compressed-File-RAR-icon.png Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Server 77.222.40.43 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh265.sweb.ru Software nginx/1.15.8 / Resource Hash `ceb3978cd8a58f60f6c0d5039da858f808087dcde1a76f458b6eb68da6e33ae5` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 May 2019 08:28:36 GMT Last-Modified Wed, 13 Mar 2019 17:17:19 GMT Server nginx/1.15.8 ETag "2e006a-465e-583fcfa605680" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 18014
GET H/1.1	200 OK	mpeg-icon.png friend.candyteens.xyz/	35 KB 35 KB	69ms 69ms	Image image/png	77.222.40.43 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://friend.candyteens.xyz/mpeg-icon.png Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Server 77.222.40.43 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh265.sweb.ru Software nginx/1.15.8 / Resource Hash `1620eab17bdbe93b2b05b3b21085ffd3b0eb0c2b2450bc9ce5ebfca2e85a68bc` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 May 2019 08:28:37 GMT Last-Modified Wed, 13 Mar 2019 17:17:25 GMT Server nginx/1.15.8 ETag "2e0078-8c34-583fcfac050e2" Content-Type image/png Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 35892
GET H/1.1	200 OK	ads.js Show response admin.inorbitad.com/ads/www/delivery/ Redirect Chain https://inorbitad.com/ads/www/delivery/ads.js?zoneid=2974&width=0&height=0 https://admin.inorbitad.com/ads/www/delivery/ads.js?zoneid=2974&width=0&height=0	1 KB 1 KB	600ms 115ms	Script application/javascript	216.104.34.226 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://admin.inorbitad.com/ads/www/delivery/ads.js?zoneid=2974&width=0&height=0 Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.104.34.226 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS db.inorbitad.com Software nginx/1.10.2 / Resource Hash `b13b198fa2292679ac2b7d9a5abf29d2747ca82e2f365e66a78891ea88311aa0` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 May 2019 08:28:37 GMT Last-Modified Wed, 04 Jan 2017 10:44:54 GMT Server nginx/1.10.2 ETag "586cd226-43c" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 1084 Redirect headers Location https://admin.inorbitad.com/ads/www/delivery/ads.js?zoneid=2974&width=0&height=0 Date Thu, 02 May 2019 08:28:37 GMT Server nginx/1.10.2 Connection keep-alive Content-Length 161 Content-Type text/html
GET H/1.1	200 OK	djax_mobileadserver.php Show response admin.inorbitad.com/ads/www/delivery/ Redirect Chain https://inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2975&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux https://admin.inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2975&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux	1 KB 2 KB	169ms 151ms	Script text/javascript	216.104.34.226 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://admin.inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2975&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.104.34.226 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS db.inorbitad.com Software nginx/1.10.2 / PHP/5.5.38 Resource Hash `25dc4e68af99b3eaff6f747cea0639e9a44558065047416a25bbbca45f7d6762` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 02 May 2019 08:28:38 GMT Server nginx/1.10.2 X-Powered-By PHP/5.5.38 Transfer-Encoding chunked P3P CP="CUR ADM OUR NOR STA NID" Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection keep-alive Content-Type text/javascript; charset=UTF-8 Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Location https://admin.inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2975&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux Date Thu, 02 May 2019 08:28:37 GMT Server nginx/1.10.2 Connection keep-alive Content-Length 161 Content-Type text/html
GET H/1.1	200 OK	loadeactrl.go Show response go.ero-advertising.com/	71 KB 72 KB	115ms 28ms	Script application/javascript	2001:1aa8:185::212:100 NL-CAVEO
General Check archive.org Show headers Download Go to Full URL http://go.ero-advertising.com/loadeactrl.go?pid=111036&siteid=980702&spaceid=3996858 Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Server 2001:1aa8:185::212:100 , Netherlands, ASN24642 (NL-CAVEO, NL), Reverse DNS Software nginx / Resource Hash `a5ac6d1ac6cdbff02911250ddc8b069baf308552e2e3672d6ef80b1ae300dfbd` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 02 May 2019 08:28:38 GMT Last-Modified Thu, 02 05 2019 08:28:38 GMT Server nginx Content-Type application/javascript Cache-Control no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0 Connection close X-Backend-Server nl1-web213-29 Content-Length 73180 Expires Mon, 03 Jul 2001 06:00:00 GMT
GET H/1.1	200 OK	lg.php admin.inorbitad.com/ads/www/delivery/ Redirect Chain https://inorbitad.com/ads/www/delivery/lg.php?bannerid=662&campaignid=144&zoneid=2975&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=e192b88947&request_id=5072334415 https://admin.inorbitad.com/ads/www/delivery/lg.php?bannerid=662&campaignid=144&zoneid=2975&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=e192b88947&request_id=5072334415	43 B 776 B	171ms 168ms	Image image/gif	216.104.34.226 SingleHop LLC
General Check archive.org Show headers Download Go to Show image Full URL https://admin.inorbitad.com/ads/www/delivery/lg.php?bannerid=662&campaignid=144&zoneid=2975&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=e192b88947&request_id=5072334415 Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.104.34.226 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS db.inorbitad.com Software nginx/1.10.2 / PHP/5.5.38 Resource Hash `4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 02 May 2019 08:28:38 GMT Server nginx/1.10.2 X-Powered-By PHP/5.5.38 P3P CP="CUR ADM OUR NOR STA NID" Cache-Control private, max-age=0, no-cache Connection keep-alive Content-Type image/gif Content-Length 43 Expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers Location https://admin.inorbitad.com/ads/www/delivery/lg.php?bannerid=662&campaignid=144&zoneid=2975&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=e192b88947&request_id=5072334415 Date Thu, 02 May 2019 08:28:38 GMT Server nginx/1.10.2 Connection keep-alive Content-Length 161 Content-Type text/html
GET H/1.1	200 OK	50-Beautiful-and-Minimalist-Presentation-Backgrounds-049.jpg friend.candyteens.xyz/	235 KB 235 KB	70ms 67ms	Image image/jpeg	77.222.40.43 SWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL http://friend.candyteens.xyz/50-Beautiful-and-Minimalist-Presentation-Backgrounds-049.jpg Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Server 77.222.40.43 , Russian Federation, ASN44112 (SWEB-AS, RU), Reverse DNS vh265.sweb.ru Software nginx/1.15.8 / Resource Hash `5a0bdd444f7475561d1e9b94f5cbf3fc078de61bd15e841ecab548c7112f0bf6` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 May 2019 08:28:38 GMT Last-Modified Wed, 13 Mar 2019 17:17:20 GMT Server nginx/1.15.8 ETag "2e0067-3aa17-583fcfa78764c" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 240151
GET H/1.1	200 OK	djax_mobileadserver.php Show response admin.inorbitad.com/ads/www/delivery/ Redirect Chain https://inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2974&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux https://admin.inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2974&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux	1 KB 2 KB	163ms 155ms	Script text/javascript	216.104.34.226 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://admin.inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2974&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.104.34.226 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS db.inorbitad.com Software nginx/1.10.2 / PHP/5.5.38 Resource Hash `3aa65733884eb6cc7b50960b713f355bfcdcb6dd6b176674c7e5ac63296c7e50` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 02 May 2019 08:28:38 GMT Server nginx/1.10.2 X-Powered-By PHP/5.5.38 Transfer-Encoding chunked P3P CP="CUR ADM OUR NOR STA NID" Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection keep-alive Content-Type text/javascript; charset=UTF-8 Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Location https://admin.inorbitad.com/ads/www/delivery/djax_mobileadserver.php?zoneid=2974&width=0&height=0&loc=http%3A//friend.candyteens.xyz/&screen_resolution=1600X1200&OS=Linux Date Thu, 02 May 2019 08:28:38 GMT Server nginx/1.10.2 Connection keep-alive Content-Length 161 Content-Type text/html
GET H/1.1	200 OK	jquery-min.js Show response data.ero-advertising.com/js/	94 KB 94 KB	101ms 17ms	Script application/javascript	2001:1aa8:185::212:102 NL-CAVEO
General Check archive.org Show headers Download Go to Full URL http://data.ero-advertising.com/js/jquery-min.js Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Server 2001:1aa8:185::212:102 , Netherlands, ASN24642 (NL-CAVEO, NL), Reverse DNS Software nginx/1.10.3 / Resource Hash `35251262e5e924b280972c416bb85360859129d74e32ce3cea88f36de673ed76` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 May 2019 08:28:38 GMT Last-Modified Thu, 05 Jul 2018 18:10:57 GMT Server nginx/1.10.3 ETag "5b3e5f31-1783f" X-Compressor static186 Cache-Control max-age=315360000 Connection close Accept-Ranges bytes Content-Type application/javascript Content-Length 96319 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	jads.js Show response js.juicyads.com/ Redirect Chain http://adserver.juicyads.com/js/jads.js http://js.juicyads.com/jads.js	4 KB 2 KB	35ms 14ms	Script application/javascript	151.139.236.208 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL http://js.juicyads.com/jads.js Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Server 151.139.236.208 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US), Reverse DNS Software NetDNA-cache/2.2 / Resource Hash `fee275c2cb40d5ce229d1fe7ce519689dc0baa1ecbf5c17d5d867b1136fcaff8` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 02 May 2019 08:28:39 GMT Content-Encoding gzip Last-Modified Wed, 10 Apr 2019 18:07:55 GMT Server NetDNA-cache/2.2 ETag W/"5cae30fb-eae" Transfer-Encoding chunked X-Cache HIT Content-Type application/javascript Connection keep-alive Redirect headers Location http://js.juicyads.com/jads.js Date Thu, 02 May 2019 08:28:39 GMT Server nginx Connection keep-alive Content-Length 178 Content-Type text/html
GET H/1.1	200 OK	lg.php admin.inorbitad.com/ads/www/delivery/ Redirect Chain https://inorbitad.com/ads/www/delivery/lg.php?bannerid=652&campaignid=138&zoneid=2974&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=8063144dfa&request_id=5072334498 https://admin.inorbitad.com/ads/www/delivery/lg.php?bannerid=652&campaignid=138&zoneid=2974&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=8063144dfa&request_id=5072334498	43 B 675 B	173ms 172ms	Image image/gif	216.104.34.226 SingleHop LLC
General Check archive.org Show headers Download Go to Show image Full URL https://admin.inorbitad.com/ads/www/delivery/lg.php?bannerid=652&campaignid=138&zoneid=2974&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=8063144dfa&request_id=5072334498 Requested by Host: friend.candyteens.xyz URL: http://friend.candyteens.xyz/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 216.104.34.226 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS db.inorbitad.com Software nginx/1.10.2 / PHP/5.5.38 Resource Hash `4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49` Request headers Referer http://friend.candyteens.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 02 May 2019 08:28:38 GMT Server nginx/1.10.2 X-Powered-By PHP/5.5.38 P3P CP="CUR ADM OUR NOR STA NID" Cache-Control private, max-age=0, no-cache Connection keep-alive Content-Type image/gif Content-Length 43 Expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers Location https://admin.inorbitad.com/ads/www/delivery/lg.php?bannerid=652&campaignid=138&zoneid=2974&OXLIA=1&loc=http%3A%2F%2Ffriend.candyteens.xyz%2F&cb=8063144dfa&request_id=5072334498 Date Thu, 02 May 2019 08:28:38 GMT Server nginx/1.10.2 Connection keep-alive Content-Length 161 Content-Type text/html
GET H/1.1	200 OK	eactrl.go Show response go.ero-advertising.com/	20 KB 21 KB	197ms 54ms	XHR application/json	2001:1aa8:185::212:101 NL-CAVEO
General Check archive.org Show headers Download Go to Full URL http://go.ero-advertising.com/eactrl.go?s=JnNpZFswXT17Mzk5Njg1ODo6OjpleUp6ZEhsd1pTSTZJbUZzYkNJc0ltbDBaVzFwWkNJNk1IMD19JnBsdWdpbnNbMF09cG9wJmFjdD1nZXQmZG9jPWh0dHAlM0EvL2ZyaWVuZC5jYW5keXRlZW5zLnh5ei8mZ2V0aW5pdD0xJnBsdWdpbnNhdj1beyJmIjoidmlkZW8iLCJ2IjoiNC4yIn1dJnRpbWU9MTU1Njc4NTcyMDcyNyZpc19zc2w9MCZmcHJpbnQ9NzQwOGU5MDM3OGM2YmY3Y2M3YTE0OGZhNzE0MTQ0MjMmY3RybG5hbWU9ZWFDdHJsJmN0cmxpZD03NzczODImdmVyc2lvbj00LjUmaXRpbWU9MCZkb2M9aHR0cDovL2ZyaWVuZC5jYW5keXRlZW5zLnh5ei8mcmVmPSZzaD0xMjAwJnN3PTE2MDAmdHo9MDAwMCZ3aD0yMTg4Jnd3PTE1ODUmZGg9MjE4OCZkdz0xNTg1 Requested by Host: data.ero-advertising.com URL: http://data.ero-advertising.com/js/jquery-min.js Protocol HTTP/1.1 Server 2001:1aa8:185::212:101 , Netherlands, ASN24642 (NL-CAVEO, NL), Reverse DNS Software nginx / Resource Hash `191f6084a605c35a57d8ca85ac2871202218f9381a552cb7d1723711d56a6a78` Request headers Accept application/json, text/javascript, /; q=0.01 Referer http://friend.candyteens.xyz/ Origin http://friend.candyteens.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Thu, 02 May 2019 08:28:40 GMT Last-Modified Thu, 02 05 2019 08:28:40 GMT Server nginx Access-Control-Allow-Headers Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization Access-Control-Allow-Methods POST, GET, OPTIONS Content-Type application/json Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0 Connection close X-Backend-Server nl1-web213-29 Content-Length 20955 Expires Mon, 03 Jul 2001 06:00:00 GMT
GET		adshow.php adserver.juicyads.com/ Frame 219F	0 0

GET H/1.1	200 OK	Cookie set adshow.php adserver.juicyads.com/ Frame C2A6	0 0	15084ms 2048ms	Document text/html	185.94.236.21 MOJHOST-EU
General Check archive.org Show headers Download Go to Full URL http://adserver.juicyads.com/adshow.php?adzone=665707 Requested by Host: js.juicyads.com URL: http://js.juicyads.com/jads.js Protocol HTTP/1.1 Server 185.94.236.21 , Netherlands, ASN42567 (MOJHOST-EU, NL), Reverse DNS Software nginx / PHP/5.4.20 Resource Hash Request headers Host adserver.juicyads.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://friend.candyteens.xyz/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://friend.candyteens.xyz/ Response headers Server nginx Date Thu, 02 May 2019 08:28:55 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection close X-Powered-By PHP/5.4.20 P3P policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA" Set-Cookie surferid=691b884f4bc901349430caada6054042; expires=Fri, 01-May-2020 08:28:53 GMT; path=/; domain=.juicyads.com imps78=1; expires=Fri, 03-May-2019 08:28:55 GMT; path=/; domain=.juicyads.com juicy_data_1=YToxOntpOjU4MDc1NjtpOjE1NTcwNDQ5MzM7fQ%3D%3D; expires=Sun, 05-May-2019 08:28:53 GMT; domain=juicyads.com juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 05-May-2019 08:28:53 GMT; domain=juicyads.com Content-Encoding gzip

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: adserver.juicyads.com
URL: http://adserver.juicyads.com/adshow.php?adzone=665707

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://go.ero-advertising.com/loadeactrl.go?pid=111036&siteid=980702&spaceid=3996858(Line 10) Message: eaCtrl Init from LoadeaCtrl
console-api	log	(Line 1) Message: Skipping WebGL fingerprinting because it is not supported in this browser

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admin.inorbitad.com
adserver.juicyads.com
data.ero-advertising.com
friend.candyteens.xyz
go.ero-advertising.com
inorbitad.com
js.juicyads.com
adserver.juicyads.com
151.139.236.208
185.94.236.21
2001:1aa8:185::212:100
2001:1aa8:185::212:101
2001:1aa8:185::212:102
216.104.34.226
77.222.40.43
1620eab17bdbe93b2b05b3b21085ffd3b0eb0c2b2450bc9ce5ebfca2e85a68bc
191f6084a605c35a57d8ca85ac2871202218f9381a552cb7d1723711d56a6a78
25dc4e68af99b3eaff6f747cea0639e9a44558065047416a25bbbca45f7d6762
35251262e5e924b280972c416bb85360859129d74e32ce3cea88f36de673ed76
3aa65733884eb6cc7b50960b713f355bfcdcb6dd6b176674c7e5ac63296c7e50
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5a0bdd444f7475561d1e9b94f5cbf3fc078de61bd15e841ecab548c7112f0bf6
a5ac6d1ac6cdbff02911250ddc8b069baf308552e2e3672d6ef80b1ae300dfbd
b13b198fa2292679ac2b7d9a5abf29d2747ca82e2f365e66a78891ea88311aa0
ceb3978cd8a58f60f6c0d5039da858f808087dcde1a76f458b6eb68da6e33ae5
d9f09754af1d91215803a83989b0ffe991b5738923c8400e19489feaf7246453
dc668f85ebb26ec6f8b24197a5c8561426d418c57236a081e7c2938108292ade
ea6e13a7bab70e00d64440b35300d96697d395b4b41fb710cf77b1a41c734636
fee275c2cb40d5ce229d1fe7ce519689dc0baa1ecbf5c17d5d867b1136fcaff8

friend.candyteens.xyz Open in urlscan Pro 77.222.40.43 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

18 Requests

33 %HTTPS

43 %IPv6

4 Domains

7 Subdomains

8 IPs

3 Countries

809 kBTransfer

841 kBSize

0 Cookies

2 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

friend.candyteens.xyz Open in urlscan Pro
77.222.40.43 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

33 %
HTTPS

43 %
IPv6

4
Domains

7
Subdomains

8
IPs

3
Countries

809 kB
Transfer

841 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions