howtoupdate.getgreatandsecurecontent.club Open in urlscan Pro
163.172.127.186 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://lionstigersbears.org/
Effective URL:
https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&...
Submission: On November 28 via api (November 28th 2018, 2:53:19 pm UTC) from DE

Summary HTTP 37 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 5 countries across 14 domains to perform 37 HTTP transactions. The main IP is 163.172.127.186, located in United Kingdom and belongs to AS12876, FR. The main domain is howtoupdate.getgreatandsecurecontent.club.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 28th 2018. Valid for: 3 months.

This is the only time howtoupdate.getgreatandsecurecontent.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fake Adobe Update Apple Software Update (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	103.224.182.244 103.224.182.244	133618 (TRELLIAN-...) (TRELLIAN-AS-AP Trellian Pty. Limited)
1 10	199.59.242.151 199.59.242.151	395082 (BODIS-NJ) (BODIS-NJ - Bodis)
3	2a00:1450:400... 2a00:1450:4001:81f::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81f::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:820::2011	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:815::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	199.59.242.155 199.59.242.155	395082 (BODIS-NJ) (BODIS-NJ - Bodis)
2	52.204.142.163 52.204.142.163	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	18.195.174.160 18.195.174.160	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	195.154.41.240 195.154.41.240	12876 (AS12876) (AS12876)
1 1	163.172.125.151 163.172.125.151	12876 (AS12876) (AS12876)
1	163.172.127.186 163.172.127.186	12876 (AS12876) (AS12876)
8	2600:9000:204... 2600:9000:2047:2800:0:1c7c:cc80:21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
37	13

1 103.224.182.244 (Australia) 1 redirects

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-182-244.above.com

lionstigersbears.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 199.59.242.151 (New York, United States) 1 redirects

ASN395082 (BODIS-NJ - Bodis, LLC, US)

ww25.lionstigersbears.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81f::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::2011 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

survey.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81f::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.59.242.155 (New York, United States)

ASN395082 (BODIS-NJ - Bodis, LLC, US)

tracking.bodis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.204.142.163 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-204-142-163.compute-1.amazonaws.com

usd.xanthos-alf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.174.160 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com

wait.contenthostload.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pereams-pubstees.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.154.41.240 (France) 2 redirects

ASN12876 (AS12876, FR)
PTR: 195-154-41-240.rev.poneytelecom.eu

redirect8.admedit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.172.125.151 (United Kingdom) 1 redirects

ASN12876 (AS12876, FR)
PTR: 163-172-125-151.rev.poneytelecom.eu

www.getgreatandsecurelinksstable.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.172.127.186 (United Kingdom)

ASN12876 (AS12876, FR)
PTR: 163-172-127-186.rev.poneytelecom.eu

howtoupdate.getgreatandsecurecontent.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2047:2800:0:1c7c:cc80:21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

d3pkjdk5khxwdu.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	lionstigersbears.org 2 redirects lionstigersbears.org ww25.lionstigersbears.org	34 KB
8	cloudfront.net d3pkjdk5khxwdu.cloudfront.net	97 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	31 KB
4	google.com www.google.com adservice.google.com	109 KB
3	doubleclick.net survey.g.doubleclick.net	150 KB
2	admedit.net 2 redirects redirect8.admedit.net	720 B
2	xanthos-alf.com usd.xanthos-alf.com	3 KB
2	googleapis.com fonts.googleapis.com	1 KB
1	getgreatandsecurecontent.club howtoupdate.getgreatandsecurecontent.club	7 KB
1	getgreatandsecurelinksstable.club 1 redirects www.getgreatandsecurelinksstable.club	467 B
1	pereams-pubstees.com pereams-pubstees.com	665 B
1	contenthostload.com wait.contenthostload.com	1 KB
1	bodis.com tracking.bodis.com	341 B
1	google.de adservice.google.de	171 B
37	14

	Domain	Requested by
10	ww25.lionstigersbears.org	1 redirects ww25.lionstigersbears.org
8	d3pkjdk5khxwdu.cloudfront.net	howtoupdate.getgreatandsecurecontent.club
3	fonts.gstatic.com
3	survey.g.doubleclick.net	www.google.com survey.g.doubleclick.net
3	www.google.com	ww25.lionstigersbears.org www.google.com
2	redirect8.admedit.net	2 redirects
2	usd.xanthos-alf.com	ww25.lionstigersbears.org usd.xanthos-alf.com
2	fonts.googleapis.com	ww25.lionstigersbears.org
1	howtoupdate.getgreatandsecurecontent.club
1	www.getgreatandsecurelinksstable.club	1 redirects
1	pereams-pubstees.com
1	wait.contenthostload.com	usd.xanthos-alf.com
1	tracking.bodis.com	ww25.lionstigersbears.org
1	adservice.google.com	survey.g.doubleclick.net
1	adservice.google.de	survey.g.doubleclick.net
1	www.gstatic.com
1	lionstigersbears.org	1 redirects
37	17

This site contains no links.

Subject Issuer	Validity	Valid
*.googleapis.com Google Internet Authority G3	`2018-10-30` - `2019-01-22`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2018-10-30` - `2019-01-22`	3 months	crt.sh
howtoupdate.getgreatandsecurecontent.club Let's Encrypt Authority X3	`2018-11-28` - `2019-02-26`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2018-10-08` - `2019-10-09`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Frame ID: 92B55B7E5BED2539E481C0D8DC11060A
Requests: 37 HTTP requests in this frame

Frame: http://www.google.com/dp/ads?max_radlink_len=60&r=m&client=dp-bodis31_3ph&channel=pid-bodis-gtest36%2Cpid-bodis-gcontrol114&hl=en&adsafe=low&type=3&swp=as-drid-2886761221644809&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404&format=r7&num=0&output=afd_ads&domain_name=ww25.lionstigersbears.org&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=0&dt=1543416783981&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=781&frm=0&uio=ff6fa6st24sa11lt36as1sl1sr1-&jsv=11712&rurl=http%3A%2F%2Fww25.lionstigersbears.org%2F
Frame ID: CB37C594959BF057238B9936ADFD68EE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://lionstigersbears.org/ HTTP 302
http://ww25.lionstigersbears.org/ Page URL
http://ww25.lionstigersbears.org/?z Page URL
http://ww25.lionstigersbears.org/rz?u=http%3A%2F%2Fusd.xanthos-alf.com%2Fzcvisitor%2F4fb36c41-f31d-11e8-8923-... HTTP 302
http://usd.xanthos-alf.com/zcvisitor/4fb36c41-f31d-11e8-8923-12e462bb42de?campaignid=f7077790-f18b-11e8... Page URL
http://usd.xanthos-alf.com/zcredirect?visitid=4fb36c41-f31d-11e8-8923-12e462bb42de&type=js&browserWidth... Page URL
http://wait.contenthostload.com/zp-redirect?target=https%3A%2F%2Fredirect8.admedit.net%2Fadvertise%2F%3Fadow... Page URL
http://pereams-pubstees.com/redirect?target=BASE64aHR0cHM6Ly9yZWRpcmVjdDguYWRtZWRpdC5uZXQvYWR2ZXJ0aXNlLz... Page URL
https://redirect8.admedit.net/advertise/?adown=8851&cmp=576&ctrack=w7SVODUAPDU9T6IIH2A8O59M&ptrack=950d4c9... HTTP 302
https://redirect8.admedit.net/advertise/refine.php?adown=8851&ptrack=950d4c92-e418-48ee-9215-ece2aef9679ew... HTTP 302
https://www.getgreatandsecurelinksstable.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ.&cid=w7SVODUAPDU9T6IIH2A8... HTTP 302
https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE... Page URL

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

37
Requests

43 %
HTTPS

47 %
IPv6

14
Domains

17
Subdomains

13
IPs

5
Countries

435 kB
Transfer

921 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://lionstigersbears.org/ HTTP 302
http://ww25.lionstigersbears.org/ Page URL
http://ww25.lionstigersbears.org/?z Page URL
http://ww25.lionstigersbears.org/rz?u=http%3A%2F%2Fusd.xanthos-alf.com%2Fzcvisitor%2F4fb36c41-f31d-11e8-8923-12e462bb42de%3Fcampaignid%3Df7077790-f18b-11e8-9600-0ebb138d3962&notadsafe HTTP 302
http://usd.xanthos-alf.com/zcvisitor/4fb36c41-f31d-11e8-8923-12e462bb42de?campaignid=f7077790-f18b-11e8-9600-0ebb138d3962 Page URL
http://usd.xanthos-alf.com/zcredirect?visitid=4fb36c41-f31d-11e8-8923-12e462bb42de&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false Page URL
http://wait.contenthostload.com/zp-redirect?target=https%3A%2F%2Fredirect8.admedit.net%2Fadvertise%2F%3Fadown%3D8851%26cmp%3D576%26ctrack%3Dw7SVODUAPDU9T6IIH2A8O59M%26ptrack%3D950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&caid=2f245b4f-6c53-4236-b3dc-16f87bf7671f&zpid=4fb36c41-f31d-11e8-8923-12e462bb42de&cid=w7SVODUAPDU9T6IIH2A8O59M&rt=D Page URL
http://pereams-pubstees.com/redirect?target=BASE64aHR0cHM6Ly9yZWRpcmVjdDguYWRtZWRpdC5uZXQvYWR2ZXJ0aXNlLz9hZG93bj04ODUxJmNtcD01NzYmY3RyYWNrPXc3U1ZPRFVBUERVOVQ2SUlIMkE4TzU5TSZwdHJhY2s9OTUwZDRjOTItZTQxOC00OGVlLTkyMTUtZWNlMmFlZjk2NzlldzdTVk9EVUFQRFU5VDZJSUgyQThPNTlN&ts=1543416786774&hash=bgY3vhFceQN9y4fSdw6Emswqlk0aeekmSrv0J2STaaM&rm=D Page URL
https://redirect8.admedit.net/advertise/?adown=8851&cmp=576&ctrack=w7SVODUAPDU9T6IIH2A8O59M&ptrack=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M HTTP 302
https://redirect8.admedit.net/advertise/refine.php?adown=8851&ptrack=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&ctrack=w7SVODUAPDU9T6IIH2A8O59M&cmp=576&t=1543416787&rh=6&avs=avs3&utm_src=9&sids=7 HTTP 302
https://www.getgreatandsecurelinksstable.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ.&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M HTTP 302
https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE. Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://lionstigersbears.org/ HTTP 302
http://ww25.lionstigersbears.org/

Request Chain 25

http://ww25.lionstigersbears.org/rz?u=http%3A%2F%2Fusd.xanthos-alf.com%2Fzcvisitor%2F4fb36c41-f31d-11e8-8923-12e462bb42de%3Fcampaignid%3Df7077790-f18b-11e8-9600-0ebb138d3962&notadsafe HTTP 302
http://usd.xanthos-alf.com/zcvisitor/4fb36c41-f31d-11e8-8923-12e462bb42de?campaignid=f7077790-f18b-11e8-9600-0ebb138d3962

37 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
ww25.lionstigersbears.org/
Redirect Chain

http://lionstigersbears.org/
http://ww25.lionstigersbears.org/

4 KB
4 KB

554ms
119ms

Document
text/html

199.59.242.151
Bodis

General

Check archive.org

Show headers Download Go to

Full URL: http://ww25.lionstigersbears.org/
Protocol: HTTP/1.1
Server: 199.59.242.151 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash: cc96f13863dc0a724a693c7a7cd50f77d7a1fbc963fa57e059319d1a4886a29d

Request headers

Host: ww25.lionstigersbears.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server: openresty
Date: Wed, 28 Nov 2018 14:53:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hQ/z4kZy66LypgSadAhy+bUm70qnb5lBtYsnKh0PxNEOHYowssVT5ypx5qavI9XC/dG/gykpKGfGcsd/TKNvXg==

Redirect headers

Date: Wed, 28 Nov 2018 14:53:02 GMT
Server: Apache
X-Powered-By: PHP/5.6.38-0+deb8u1
Set-Cookie: __tad=1543416782.1160426; expires=Sat, 25-Nov-2028 14:53:02 GMT; Max-Age=315360000
Location: http://ww25.lionstigersbears.org/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK caf.js Show response
www.google.com/adsense/domains/ 156 KB
55 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:81f::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/adsense/domains/caf.js

Requested by

Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/

Protocol

HTTP/1.1

Server

2a00:1450:4001:81f::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

2d8a7ae80b76143aace36a81db0ad616bef8e9815a884b267c4328a6b641c7e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 28 Nov 2018 14:53:03 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "11712256586222599261"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: private, max-age=3600
Transfer-Encoding: chunked
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Nov 2018 14:53:03 GMT

GET
H/1.1 200
OK px.gif
ww25.lionstigersbears.org/ 42 B
275 B 120ms
119ms Image
image/gif 199.59.242.151
Bodis

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ww25.lionstigersbears.org/px.gif?ch=1&rn=1.8559474805313967
Requested by: Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/
Protocol: HTTP/1.1
Server: 199.59.242.151 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ww25.lionstigersbears.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://ww25.lionstigersbears.org/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 28 Nov 2018 14:53:03 GMT
Last-Modified: Thu, 22 Nov 2018 19:53:34 GMT
Server: openresty
ETag: "5bf7093e-2a"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42

GET
H/1.1 200
OK px.gif
ww25.lionstigersbears.org/ 42 B
275 B 239ms
119ms Image
image/gif 199.59.242.151
Bodis

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ww25.lionstigersbears.org/px.gif?ch=2&rn=1.8559474805313967
Requested by: Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/
Protocol: HTTP/1.1
Server: 199.59.242.151 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ww25.lionstigersbears.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://ww25.lionstigersbears.org/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 28 Nov 2018 14:53:03 GMT
Last-Modified: Thu, 22 Nov 2018 19:53:34 GMT
Server: openresty
ETag: "5bf7093e-2a"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42

GET
H/1.1 200
OK glp Show response
ww25.lionstigersbears.org/ 14 KB
14 KB 145ms
144ms Script
text/javascript 199.59.242.151
Bodis

General

Check archive.org

Show headers Download Go to

Full URL: http://ww25.lionstigersbears.org/glp?r=&u=http%3A%2F%2Fww25.lionstigersbears.org%2F&rw=1600&rh=1200&ww=1600&wh=1200
Requested by: Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/
Protocol: HTTP/1.1
Server: 199.59.242.151 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash: 906d9a64aeec0b3040d9f995c5bdbd37a9ad6904da209d9b23a6c5ad19d51f93

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ww25.lionstigersbears.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://ww25.lionstigersbears.org/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Nov 2018 14:53:03 GMT
Server: openresty
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
S 200 css
fonts.googleapis.com/ 1 KB
532 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:81f::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Quicksand

Requested by

Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/glp?r=&u=http%3A%2F%2Fww25.lionstigersbears.org%2F&rw=1600&rh=1200&ww=1600&wh=1200

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81f::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

dd9d44ccd6e4efcef9a508434c79fb5fbafc7f331aa0a8be5721bc1bcb308f2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
last-modified: Wed, 28 Nov 2018 14:53:03 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Wed, 28 Nov 2018 14:53:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection: 1; mode=block
expires: Wed, 28 Nov 2018 14:53:03 GMT

GET
DATA 200
OK truncated
/ 850 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 813c5f8bedbc7bfe27afb8458a86643539754dcf0756320fa144e67af48229b7

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
H/1.1 200
OK Cookie set ads
www.google.com/dp/ Frame CB37 0
0 87ms
86ms Document
text/html 2a00:1450:4001:81f::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/dp/ads?max_radlink_len=60&r=m&client=dp-bodis31_3ph&channel=pid-bodis-gtest36%2Cpid-bodis-gcontrol114&hl=en&adsafe=low&type=3&swp=as-drid-2886761221644809&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404&format=r7&num=0&output=afd_ads&domain_name=ww25.lionstigersbears.org&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=0&dt=1543416783981&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=781&frm=0&uio=ff6fa6st24sa11lt36as1sl1sr1-&jsv=11712&rurl=http%3A%2F%2Fww25.lionstigersbears.org%2F

Requested by

Host: www.google.com
URL: http://www.google.com/adsense/domains/caf.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:81f::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

gws /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Host: www.google.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://ww25.lionstigersbears.org/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://ww25.lionstigersbears.org/

Response headers

Content-Type: text/html; charset=UTF-8
Content-Disposition: inline
Date: Wed, 28 Nov 2018 14:53:04 GMT
Expires: Wed, 28 Nov 2018 14:53:04 GMT
Cache-Control: private, max-age=3600
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Encoding: gzip
Server: gws
Content-Length: 6156
X-XSS-Protection: 1; mode=block
Set-Cookie: 1P_JAR=2018-11-28-14; expires=Fri, 28-Dec-2018 14:53:04 GMT; path=/; domain=.google.com NID=148=edPGAqG_laRk706WMBT2N3lFvohW7okZiidx3Z-U8ftmFnU9Xo1EqvjICBBS-zlRNd4vmFWEQRxvcXUV1wEpXKGbSRZeOcLNr4gIP_E1d0iTZUQweIryD4B3indagjgXDAjBSRrMDRDqCJmm-x_fKXPHaVsx_PaxI_dGZb1-XLY; expires=Thu, 30-May-2019 14:53:04 GMT; path=/; domain=.google.com; HttpOnly CONSENT=WP.274049; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com

GET
H/1.1 200
OK async_survey Show response
survey.g.doubleclick.net/ 49 KB
18 KB 42ms
21ms Script
text/javascript 2a00:1450:4001:820::2011
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://survey.g.doubleclick.net/async_survey?site=kv4ic6olrzkr6

Requested by

Host: www.google.com
URL: http://www.google.com/adsense/domains/caf.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:820::2011 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Resource Hash

4bdeee24d4ee95e1eef57b1c0f2aa5b188b18c0f6817edd290b57b5afba5f0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Nov 2018 14:53:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Cache-Control: private, no-cache, must-revalidate, no-store
Transfer-Encoding: chunked
Content-Disposition: attachment; filename="f.txt"
Vary: *
X-Xss-Protection: 1; mode=block
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK caf.gif
www.gstatic.com/domainads/tracking/ 43 B
392 B 59ms
58ms Image
image/gif 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.gstatic.com/domainads/tracking/caf.gif?ts=1543416783975&rid=6637761

Protocol

HTTP/1.1

Server

2a00:1450:4001:81f::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Nov 2018 14:53:04 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
Server: sffe
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Accept-Ranges: bytes
Content-Length: 43
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2
fonts.gstatic.com/s/quicksand/v8/ 13 KB
13 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/quicksand/v8/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81f::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

477d1b38d53ab3df4d259898b74cbd6d9aca136f074a901d3458edcaf7ff7a09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Quicksand
Origin: http://ww25.lionstigersbears.org

Response headers

date: Tue, 27 Nov 2018 16:13:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 08 Oct 2018 20:50:42 GMT
server: sffe
age: 81576
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 13596
x-xss-protection: 1; mode=block
expires: Wed, 27 Nov 2019 16:13:28 GMT

GET
H/1.1 200
OK prompt_embed_static.js Show response
survey.g.doubleclick.net/insights/consumersurveys/static/414294050368453443/ 353 KB
132 KB 8ms
7ms Script
application/javascript 2a00:1450:4001:820::2011
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://survey.g.doubleclick.net/insights/consumersurveys/static/414294050368453443/prompt_embed_static.js
Requested by: Host: survey.g.doubleclick.net
URL: http://survey.g.doubleclick.net/async_survey?site=kv4ic6olrzkr6
Protocol: HTTP/1.1
Server: 2a00:1450:4001:820::2011 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 612ed4ee0c8f190d943543f4d1cf57fd082857b9ca77e6169c721235bcd7dc41

Request headers

Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 28 Nov 2018 00:58:12 GMT
Content-Encoding: gzip
Server: Google Frontend
Age: 50092
ETag: "0NXotg"
Content-Type: application/javascript
X-Cloud-Trace-Context: 1d5d3c351e4ee5871ec6ea538844f50f
Cache-Control: public, max-age=2592000
Content-Length: 134656
Expires: Fri, 28 Dec 2018 00:58:12 GMT

GET
S 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 19ms
19ms Script
application/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ww25.lionstigersbears.org

Requested by

Host: survey.g.doubleclick.net
URL: http://survey.g.doubleclick.net/async_survey?site=kv4ic6olrzkr6

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 28 Nov 2018 14:53:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 19ms
18ms Script
application/javascript 2a00:1450:4001:815::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ww25.lionstigersbears.org

Requested by

Host: survey.g.doubleclick.net
URL: http://survey.g.doubleclick.net/async_survey?site=kv4ic6olrzkr6

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:815::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 28 Nov 2018 14:53:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK prompt Show response
survey.g.doubleclick.net/gk/ 0
410 B 18ms
18ms Script
text/javascript 2a00:1450:4001:820::2011
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://survey.g.doubleclick.net/gk/prompt?t=a&site=kv4ic6olrzkr6&random=1543416784092&ref&token=NT

Requested by

Host: survey.g.doubleclick.net
URL: http://survey.g.doubleclick.net/async_survey?site=kv4ic6olrzkr6

Protocol

HTTP/1.1

Server

2a00:1450:4001:820::2011 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ww25.lionstigersbears.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Why: UserPrivacyInfo does not meet requirements to be served (LAT and/or OPT_OUT modifier).
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Wed, 28 Nov 2018 14:53:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Content-Disposition: attachment; filename="f.txt"
Content-Length: 23
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK rigd
tracking.bodis.com/ 0
341 B 284ms
150ms XHR
image/png 199.59.242.155
Bodis

General

Check archive.org

Show headers Download Go to

Full URL: http://tracking.bodis.com/rigd?d=lionstigersbears.org&dr=as-drid-2886761221644809&h=f709b07b6c7c4532b6c301d6698d9bb0
Requested by: Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/glp?r=&u=http%3A%2F%2Fww25.lionstigersbears.org%2F&rw=1600&rh=1200&ww=1600&wh=1200
Protocol: HTTP/1.1
Server: 199.59.242.155 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://ww25.lionstigersbears.org/
Origin: http://ww25.lionstigersbears.org

Response headers

Pragma: no-cache
Date: Wed, 28 Nov 2018 14:53:04 GMT
Server: openresty
Transfer-Encoding: chunked
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK / Show response
ww25.lionstigersbears.org/ 4 KB
4 KB 119ms
119ms Document
text/html 199.59.242.151
Bodis

General

Check archive.org

Show headers Download Go to

Full URL: http://ww25.lionstigersbears.org/?z
Requested by: Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/glp?r=&u=http%3A%2F%2Fww25.lionstigersbears.org%2F&rw=1600&rh=1200&ww=1600&wh=1200
Protocol: HTTP/1.1
Server: 199.59.242.151 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash: b965c556292c0e094811e05db58487d1d844c4bd8ff1538823a7bdccbfe73e89

Request headers

Host: ww25.lionstigersbears.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://ww25.lionstigersbears.org/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://ww25.lionstigersbears.org/

Response headers

Server: openresty
Date: Wed, 28 Nov 2018 14:53:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_d5cFHW7o4/UOJkhAO3vhZ6BV+jI/69/TE/I/A2pbJ6wFAHSSTYdmJ3bm0UNZbef1bL/n9AA7+KEH6pKOj0kEZw==

GET
H/1.1 200
OK caf.js Show response
www.google.com/adsense/domains/ 156 KB
55 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:81f::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google.com/adsense/domains/caf.js

Requested by

Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/?z

Protocol

HTTP/1.1

Server

2a00:1450:4001:81f::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

2f7c909d711e4afcb601f20c9c336bcc85be25ef374fef536a2bc8ffe2185869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ww25.lionstigersbears.org/?z
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 28 Nov 2018 14:53:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "11712256586222599261"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: private, max-age=3600
Transfer-Encoding: chunked
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Nov 2018 14:53:04 GMT

GET
H/1.1 200
OK px.gif
ww25.lionstigersbears.org/ 42 B
275 B 119ms
119ms Image
image/gif 199.59.242.151
Bodis

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ww25.lionstigersbears.org/px.gif?ch=1&rn=4.302314989548066
Requested by: Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/?z
Protocol: HTTP/1.1
Server: 199.59.242.151 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ww25.lionstigersbears.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://ww25.lionstigersbears.org/?z
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ww25.lionstigersbears.org/?z
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 28 Nov 2018 14:53:04 GMT
Last-Modified: Thu, 22 Nov 2018 19:53:34 GMT
Server: openresty
ETag: "5bf7093e-2a"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42

GET
H/1.1 200
OK px.gif
ww25.lionstigersbears.org/ 42 B
275 B 119ms
119ms Image
image/gif 199.59.242.151
Bodis

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ww25.lionstigersbears.org/px.gif?ch=2&rn=4.302314989548066
Requested by: Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/?z
Protocol: HTTP/1.1
Server: 199.59.242.151 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ww25.lionstigersbears.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://ww25.lionstigersbears.org/?z
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ww25.lionstigersbears.org/?z
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 28 Nov 2018 14:53:04 GMT
Last-Modified: Thu, 22 Nov 2018 19:53:40 GMT
Server: openresty
ETag: "5bf70944-2a"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42

GET
H/1.1 200
OK glp Show response
ww25.lionstigersbears.org/ 9 KB
9 KB 144ms
143ms Script
text/javascript 199.59.242.151
Bodis

General

Check archive.org

Show headers Download Go to

Full URL: http://ww25.lionstigersbears.org/glp?r=http%3A%2F%2Fww25.lionstigersbears.org%2F&u=http%3A%2F%2Fww25.lionstigersbears.org%2F&z&rw=1600&rh=1200&ww=1600&wh=1200
Requested by: Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/?z
Protocol: HTTP/1.1
Server: 199.59.242.151 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash: c5f4cf8329ffa86e296cdd3fae45184740c46bd8d30d8eaa80d6d33e502fbf7e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: ww25.lionstigersbears.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://ww25.lionstigersbears.org/?z
Connection: keep-alive
Cache-Control: no-cache
Referer: http://ww25.lionstigersbears.org/?z
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Nov 2018 14:53:04 GMT
Server: openresty
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
S 200 css
fonts.googleapis.com/ 5 KB
760 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:81f::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400

Requested by

Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/glp?r=http%3A%2F%2Fww25.lionstigersbears.org%2F&u=http%3A%2F%2Fww25.lionstigersbears.org%2F&z&rw=1600&rh=1200&ww=1600&wh=1200

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81f::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

b433fff5919be961f970430072a831557793a468074cd8aaf30427dc6209dc3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ww25.lionstigersbears.org/?z
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
last-modified: Wed, 28 Nov 2018 14:53:05 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Wed, 28 Nov 2018 14:53:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection: 1; mode=block
expires: Wed, 28 Nov 2018 14:53:05 GMT

POST
H/1.1 200
OK gzb
ww25.lionstigersbears.org/ 198 B
515 B 776ms
776ms XHR
text/javascript 199.59.242.151
Bodis

General

Check archive.org

Show headers Download Go to

Full URL: http://ww25.lionstigersbears.org/gzb
Requested by: Host: ww25.lionstigersbears.org
URL: http://ww25.lionstigersbears.org/glp?r=http%3A%2F%2Fww25.lionstigersbears.org%2F&u=http%3A%2F%2Fww25.lionstigersbears.org%2F&z&rw=1600&rh=1200&ww=1600&wh=1200
Protocol: HTTP/1.1
Server: 199.59.242.151 New York, United States, ASN395082 (BODIS-NJ - Bodis, LLC, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://ww25.lionstigersbears.org
Accept-Encoding: gzip, deflate
Host: ww25.lionstigersbears.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Cache-Control: no-cache
Referer: http://ww25.lionstigersbears.org/?z
Connection: keep-alive
Content-Length: 282
Referer: http://ww25.lionstigersbears.org/?z
Origin: http://ww25.lionstigersbears.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 28 Nov 2018 14:53:05 GMT
Server: openresty
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 198
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
S 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81f::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400
Origin: http://ww25.lionstigersbears.org

Response headers

date: Tue, 27 Nov 2018 14:49:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:38 GMT
server: sffe
age: 86607
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8732
x-xss-protection: 1; mode=block
expires: Wed, 27 Nov 2019 14:49:38 GMT

GET
S 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81f::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400
Origin: http://ww25.lionstigersbears.org

Response headers

date: Wed, 14 Nov 2018 18:00:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:46 GMT
server: sffe
age: 1198370
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8892
x-xss-protection: 1; mode=block
expires: Thu, 14 Nov 2019 18:00:15 GMT

GET
H/1.1

200
OK

4fb36c41-f31d-11e8-8923-12e462bb42de
usd.xanthos-alf.com/zcvisitor/
Redirect Chain

http://ww25.lionstigersbears.org/rz?u=http%3A%2F%2Fusd.xanthos-alf.com%2Fzcvisitor%2F4fb36c41-f31d-11e8-8923-12e462bb42de%3Fcampaignid%3Df7077790-f18b-11e8-9600-0ebb138d3962&notadsafe
http://usd.xanthos-alf.com/zcvisitor/4fb36c41-f31d-11e8-8923-12e462bb42de?campaignid=f7077790-f18b-11e8-9600-0ebb138d3962

1008 B
2 KB

254ms
123ms

Document
text/html

52.204.142.163
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

http://usd.xanthos-alf.com/zcvisitor/4fb36c41-f31d-11e8-8923-12e462bb42de?campaignid=f7077790-f18b-11e8-9600-0ebb138d3962

Requested by

Protocol

HTTP/1.1

Server

52.204.142.163 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-204-142-163.compute-1.amazonaws.com

Software

ZeroPark-Traffic /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host: usd.xanthos-alf.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://ww25.lionstigersbears.org/?z
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://ww25.lionstigersbears.org/?z

Response headers

Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Type: text/html;charset=UTF-8
Date: Wed, 28 Nov 2018 14:53:05 GMT
Server: ZeroPark-Traffic
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
transfer-encoding: chunked
Connection: keep-alive

Redirect headers

Server: openresty
Date: Wed, 28 Nov 2018 14:53:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma: no-cache
Location: http://usd.xanthos-alf.com/zcvisitor/4fb36c41-f31d-11e8-8923-12e462bb42de?campaignid=f7077790-f18b-11e8-9600-0ebb138d3962

GET
H/1.1 200
OK zcredirect Show response
usd.xanthos-alf.com/ 890 B
2 KB 122ms
122ms Document
text/html 52.204.142.163
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

http://usd.xanthos-alf.com/zcredirect?visitid=4fb36c41-f31d-11e8-8923-12e462bb42de&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Requested by

Host: usd.xanthos-alf.com
URL: http://usd.xanthos-alf.com/zcvisitor/4fb36c41-f31d-11e8-8923-12e462bb42de?campaignid=f7077790-f18b-11e8-9600-0ebb138d3962

Protocol

HTTP/1.1

Server

52.204.142.163 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-204-142-163.compute-1.amazonaws.com

Software

ZeroPark-Traffic /

Resource Hash

deaad0f9b72c996a2d0038cd44cb0f508c001fc59a34849e1848ab7b940b4607

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host: usd.xanthos-alf.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://usd.xanthos-alf.com/zcvisitor/4fb36c41-f31d-11e8-8923-12e462bb42de?campaignid=f7077790-f18b-11e8-9600-0ebb138d3962
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://usd.xanthos-alf.com/zcvisitor/4fb36c41-f31d-11e8-8923-12e462bb42de?campaignid=f7077790-f18b-11e8-9600-0ebb138d3962

Response headers

Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Type: text/html;charset=UTF-8
Date: Wed, 28 Nov 2018 14:53:06 GMT
redirected: JS
Server: ZeroPark-Traffic
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
transfer-encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK Cookie set zp-redirect
wait.contenthostload.com/ 548 B
1 KB 305ms
27ms Document
text/html 18.195.174.160
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://wait.contenthostload.com/zp-redirect?target=https%3A%2F%2Fredirect8.admedit.net%2Fadvertise%2F%3Fadown%3D8851%26cmp%3D576%26ctrack%3Dw7SVODUAPDU9T6IIH2A8O59M%26ptrack%3D950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&caid=2f245b4f-6c53-4236-b3dc-16f87bf7671f&zpid=4fb36c41-f31d-11e8-8923-12e462bb42de&cid=w7SVODUAPDU9T6IIH2A8O59M&rt=D
Requested by: Host: usd.xanthos-alf.com
URL: http://usd.xanthos-alf.com/zcredirect?visitid=4fb36c41-f31d-11e8-8923-12e462bb42de&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Protocol: HTTP/1.1
Server: 18.195.174.160 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Host: wait.contenthostload.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://usd.xanthos-alf.com/zcredirect?visitid=4fb36c41-f31d-11e8-8923-12e462bb42de&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://usd.xanthos-alf.com/zcredirect?visitid=4fb36c41-f31d-11e8-8923-12e462bb42de&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Response headers

Server: nginx
Date: Wed, 28 Nov 2018 14:53:06 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 548
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: 2f245b4f-6c53-4236-b3dc-16f87bf7671f-v4=2f245b4f-6c53-4236-b3dc-16f87bf7671f;domain=wait.contenthostload.com;path=/;HttpOnly cc-v4=MPtMy4Pzlh1YDqZ1MNmWTzy9IEwYmIKHKfACr6pvntXowIFQk8lIsfI43AAHX388tg8L3jsH6VEIdg3zi4kK6o%2Bun4vrDPqsQR4wVtoT0LyNlUrJcTfc%2FRBtPoNfoJ12A%2FYPAHOxcZ2go2MvuiBYag%3D%3D;Max-Age=31536000;Expires=Thu, 28-Nov-2019 14:53:06 GMT;domain=wait.contenthostload.com;path=/;HttpOnly

GET
H/1.1 200
OK redirect
pereams-pubstees.com/ 371 B
665 B 71ms
26ms Document
text/html 18.195.174.160
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://pereams-pubstees.com/redirect?target=BASE64aHR0cHM6Ly9yZWRpcmVjdDguYWRtZWRpdC5uZXQvYWR2ZXJ0aXNlLz9hZG93bj04ODUxJmNtcD01NzYmY3RyYWNrPXc3U1ZPRFVBUERVOVQ2SUlIMkE4TzU5TSZwdHJhY2s9OTUwZDRjOTItZTQxOC00OGVlLTkyMTUtZWNlMmFlZjk2NzlldzdTVk9EVUFQRFU5VDZJSUgyQThPNTlN&ts=1543416786774&hash=bgY3vhFceQN9y4fSdw6Emswqlk0aeekmSrv0J2STaaM&rm=D
Protocol: HTTP/1.1
Server: 18.195.174.160 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Host: pereams-pubstees.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://wait.contenthostload.com/zp-redirect?target=https%3A%2F%2Fredirect8.admedit.net%2Fadvertise%2F%3Fadown%3D8851%26cmp%3D576%26ctrack%3Dw7SVODUAPDU9T6IIH2A8O59M%26ptrack%3D950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&caid=2f245b4f-6c53-4236-b3dc-16f87bf7671f&zpid=4fb36c41-f31d-11e8-8923-12e462bb42de&cid=w7SVODUAPDU9T6IIH2A8O59M&rt=D
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://wait.contenthostload.com/zp-redirect?target=https%3A%2F%2Fredirect8.admedit.net%2Fadvertise%2F%3Fadown%3D8851%26cmp%3D576%26ctrack%3Dw7SVODUAPDU9T6IIH2A8O59M%26ptrack%3D950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&caid=2f245b4f-6c53-4236-b3dc-16f87bf7671f&zpid=4fb36c41-f31d-11e8-8923-12e462bb42de&cid=w7SVODUAPDU9T6IIH2A8O59M&rt=D

Response headers

Server: nginx
Date: Wed, 28 Nov 2018 14:53:06 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
howtoupdate.getgreatandsecurecontent.club/
Redirect Chain

https://redirect8.admedit.net/advertise/?adown=8851&cmp=576&ctrack=w7SVODUAPDU9T6IIH2A8O59M&ptrack=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M
https://redirect8.admedit.net/advertise/refine.php?adown=8851&ptrack=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&ctrack=w7SVODUAPDU9T6IIH2A8O59M&cmp=576&t=1543416787&rh=6&avs=avs3&...
https://www.getgreatandsecurelinksstable.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ.&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M
https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee...

42 KB
7 KB

170ms
48ms

Document
text/html

163.172.127.186
AS12876

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 163.172.127.186 , United Kingdom, ASN12876 (AS12876, FR),
Reverse DNS: 163-172-127-186.rev.poneytelecom.eu
Software: nginx /
Resource Hash: 0922bedbd38f17c97c1a356f7880d11cbcc17dec549f2d4dd6f004a06df0939a

Request headers

Host: howtoupdate.getgreatandsecurecontent.club
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://pereams-pubstees.com/redirect?target=BASE64aHR0cHM6Ly9yZWRpcmVjdDguYWRtZWRpdC5uZXQvYWR2ZXJ0aXNlLz9hZG93bj04ODUxJmNtcD01NzYmY3RyYWNrPXc3U1ZPRFVBUERVOVQ2SUlIMkE4TzU5TSZwdHJhY2s9OTUwZDRjOTItZTQxOC00OGVlLTkyMTUtZWNlMmFlZjk2NzlldzdTVk9EVUFQRFU5VDZJSUgyQThPNTlN&ts=1543416786774&hash=bgY3vhFceQN9y4fSdw6Emswqlk0aeekmSrv0J2STaaM&rm=D
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://pereams-pubstees.com/redirect?target=BASE64aHR0cHM6Ly9yZWRpcmVjdDguYWRtZWRpdC5uZXQvYWR2ZXJ0aXNlLz9hZG93bj04ODUxJmNtcD01NzYmY3RyYWNrPXc3U1ZPRFVBUERVOVQ2SUlIMkE4TzU5TSZwdHJhY2s9OTUwZDRjOTItZTQxOC00OGVlLTkyMTUtZWNlMmFlZjk2NzlldzdTVk9EVUFQRFU5VDZJSUgyQThPNTlN&ts=1543416786774&hash=bgY3vhFceQN9y4fSdw6Emswqlk0aeekmSrv0J2STaaM&rm=D

Response headers

Server: nginx
Date: Wed, 28 Nov 2018 14:53:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: channel=sofi2_mac_soupertrouper; expires=Wed, 28-Nov-2018 15:13:07 GMT; Max-Age=1200; path=/ dist_id=7090; expires=Wed, 28-Nov-2018 15:13:07 GMT; Max-Age=1200; path=/ lp_id=2733; expires=Wed, 28-Nov-2018 15:13:07 GMT; Max-Age=1200; path=/
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Wed, 28 Nov 2018 14:53:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.

GET
S 200 flash_circle.png
d3pkjdk5khxwdu.cloudfront.net/lps/flash_worldcup/ 17 KB
18 KB 90ms
14ms Image
image/png 2600:9000:2047:2800:0:1c7c:cc80:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3pkjdk5khxwdu.cloudfront.net/lps/flash_worldcup/flash_circle.png
Requested by: Host: howtoupdate.getgreatandsecurecontent.club
URL: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:2800:0:1c7c:cc80:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 74942ecaad9f6671c7243934b3a2027834e777d361a136550aee3195e0606f3c

Request headers

Referer: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Oct 2018 21:43:54 GMT
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
last-modified: Sun, 24 Jun 2018 19:45:06 GMT
server: AmazonS3
age: 73496
etag: "2874daca7db827df1e95a589c3985c88"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 17639
x-amz-cf-id: AKoMRocj7Dk89q4u419O3j65epNkil8dlgHshzCKrNiSbRNYkf_vqg==

GET
S 200 commands_3.png
d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/ 14 KB
15 KB 96ms
20ms Image
image/png 2600:9000:2047:2800:0:1c7c:cc80:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/commands_3.png
Requested by: Host: howtoupdate.getgreatandsecurecontent.club
URL: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:2800:0:1c7c:cc80:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5377ef31bb10d31f7c6d96dd13f32bcdef03e1fb41f81f3eb3a73808d94d9842

Request headers

Referer: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Oct 2018 21:34:00 GMT
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jul 2018 12:08:19 GMT
server: AmazonS3
age: 74046
etag: "ccf7c636dc17d4e8adcbbf78e72e13d4"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 14740
x-amz-cf-id: 49_Mkf48cp0ohtzYSoUfag5_bgiE-fzjqXmwwciJ9DC1MByzNZK4MA==

GET
S 200 logo_f.png
d3pkjdk5khxwdu.cloudfront.net/lps/fadein_f/ 7 KB
7 KB 90ms
19ms Image
image/png 2600:9000:2047:2800:0:1c7c:cc80:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3pkjdk5khxwdu.cloudfront.net/lps/fadein_f/logo_f.png
Requested by: Host: howtoupdate.getgreatandsecurecontent.club
URL: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:2800:0:1c7c:cc80:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f4c14d0156315e5c1655e51cf2478e5e350772b1bf3ec62f17e01fe18ea01cbe

Request headers

Referer: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Oct 2018 21:43:54 GMT
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
last-modified: Wed, 04 Jul 2018 09:21:40 GMT
server: AmazonS3
age: 73496
etag: "089384438a3c66815ea1d30edf2d282a"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 7308
x-amz-cf-id: 4XWUw_S8cKn3h3KBdaw0ledD1TwHVIWVElrkCV9_jgxqASdt9ok2hA==

GET
S 200 arrow__blue.png
d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/ 2 KB
3 KB 93ms
24ms Image
image/png 2600:9000:2047:2800:0:1c7c:cc80:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/arrow__blue.png
Requested by: Host: howtoupdate.getgreatandsecurecontent.club
URL: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:2800:0:1c7c:cc80:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a

Request headers

Referer: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 15 Oct 2018 12:41:48 GMT
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
last-modified: Wed, 30 May 2018 18:11:30 GMT
server: AmazonS3
age: 73524
etag: "6d26faedbdd557f7dcd86e9060de347f"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 2266
x-amz-cf-id: FkGWZ3Q-34tj30wBUKTGnMcFmMmCpeEI7-ykEXned5bIHIHkv5RTlA==

GET
S 200 pattern__safari1.jpg
d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/ 25 KB
25 KB 87ms
18ms Image
image/jpeg 2600:9000:2047:2800:0:1c7c:cc80:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/pattern__safari1.jpg
Requested by: Host: howtoupdate.getgreatandsecurecontent.club
URL: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:2800:0:1c7c:cc80:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe

Request headers

Referer: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 15 Oct 2018 12:41:48 GMT
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
last-modified: Wed, 30 May 2018 18:11:28 GMT
server: AmazonS3
age: 73524
etag: "918dfef192de7b99284e969e75d6cc29"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 25293
x-amz-cf-id: kHPYk-8F4IaL698dFheqy6wp7hYt6cWDK8M2a_Unw8WnWhslhqQJqg==

GET
S 200 pattern__safari-arrow.png
d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/ 3 KB
4 KB 83ms
15ms Image
image/png 2600:9000:2047:2800:0:1c7c:cc80:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3pkjdk5khxwdu.cloudfront.net/lps/flash_mac/images/pattern__safari-arrow.png
Requested by: Host: howtoupdate.getgreatandsecurecontent.club
URL: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:2800:0:1c7c:cc80:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12

Request headers

Referer: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 15 Oct 2018 12:41:48 GMT
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
last-modified: Wed, 30 May 2018 18:10:05 GMT
server: AmazonS3
age: 73574
etag: "496171f7f5272b0c3b8ae1d526110caf"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 3478
x-amz-cf-id: aI-lZ_lTgjcAHleWUoME6eGup9pGXfzqngECG79KaspJugqJjL5IpQ==

GET
S 200 chrome.png
d3pkjdk5khxwdu.cloudfront.net/lps/FlashPlayer2_T/images/ 16 KB
16 KB 11ms
10ms Image
image/png 2600:9000:2047:2800:0:1c7c:cc80:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3pkjdk5khxwdu.cloudfront.net/lps/FlashPlayer2_T/images/chrome.png
Requested by: Host: howtoupdate.getgreatandsecurecontent.club
URL: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:2800:0:1c7c:cc80:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e81b841678d4407b3c7f41c00b6c0bec3a21484adef370a6a3deefb0da1c95a

Request headers

Referer: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 18 Oct 2018 12:12:03 GMT
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
last-modified: Wed, 30 May 2018 18:15:13 GMT
server: AmazonS3
age: 80283
etag: "bd91b66f4a6fe261c321eab7b694054a"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 15912
x-amz-cf-id: D7OvGE3xWWAplqTTgNx9UhayUqMmF4901POrN82NTW2RmbTdeTSXIQ==

GET
S 200 shadow.png
d3pkjdk5khxwdu.cloudfront.net/lps/newLPs/ 10 KB
10 KB 9ms
9ms Image
image/png 2600:9000:2047:2800:0:1c7c:cc80:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3pkjdk5khxwdu.cloudfront.net/lps/newLPs/shadow.png
Requested by: Host: howtoupdate.getgreatandsecurecontent.club
URL: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:2800:0:1c7c:cc80:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25b13e2e8af4969b966c36d6700b019e506dc5151ea6d63224e8827ac318de91

Request headers

Referer: https://howtoupdate.getgreatandsecurecontent.club/?b9zd1=aFDEo1W3qcjpym4Vud7AWjxq5TSBvQ8LDzjFhQ9_9uQ_iBL5gSVfGfaoz95vlnYheSPLE-KjSr8-Mi1F7OIVzA..&cid=w7SVODUAPDU9T6IIH2A8O59M&sid=950d4c92-e418-48ee-9215-ece2aef9679ew7SVODUAPDU9T6IIH2A8O59M&v_id=VgUANEu0U9ERacb0TWERA1-yQEUD4_rr8Hjx3qiBNBE.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Oct 2018 21:34:00 GMT
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
last-modified: Wed, 30 May 2018 18:02:31 GMT
server: AmazonS3
age: 73574
etag: "fdc87cbc7a3a305aae8ed3db8eee2488"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 10049
x-amz-cf-id: cVYfoEKZvzAkzI-0tp0bJOfh0bG2d6GaJR4hg_xBgEAs5C_VNrpG1w==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fake Adobe Update Apple Software Update (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
d3pkjdk5khxwdu.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
howtoupdate.getgreatandsecurecontent.club
lionstigersbears.org
pereams-pubstees.com
redirect8.admedit.net
survey.g.doubleclick.net
tracking.bodis.com
usd.xanthos-alf.com
wait.contenthostload.com
ww25.lionstigersbears.org
www.getgreatandsecurelinksstable.club
www.google.com
www.gstatic.com
103.224.182.244
163.172.125.151
163.172.127.186
18.195.174.160
195.154.41.240
199.59.242.151
199.59.242.155
2600:9000:2047:2800:0:1c7c:cc80:21
2a00:1450:4001:815::2002
2a00:1450:4001:81b::2002
2a00:1450:4001:81f::2003
2a00:1450:4001:81f::2004
2a00:1450:4001:81f::200a
2a00:1450:4001:820::2011
52.204.142.163
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0922bedbd38f17c97c1a356f7880d11cbcc17dec549f2d4dd6f004a06df0939a
25b13e2e8af4969b966c36d6700b019e506dc5151ea6d63224e8827ac318de91
2d8a7ae80b76143aace36a81db0ad616bef8e9815a884b267c4328a6b641c7e0
2f7c909d711e4afcb601f20c9c336bcc85be25ef374fef536a2bc8ffe2185869
35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976
3e81b841678d4407b3c7f41c00b6c0bec3a21484adef370a6a3deefb0da1c95a
477d1b38d53ab3df4d259898b74cbd6d9aca136f074a901d3458edcaf7ff7a09
4bdeee24d4ee95e1eef57b1c0f2aa5b188b18c0f6817edd290b57b5afba5f0c4
5377ef31bb10d31f7c6d96dd13f32bcdef03e1fb41f81f3eb3a73808d94d9842
5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a
612ed4ee0c8f190d943543f4d1cf57fd082857b9ca77e6169c721235bcd7dc41
74942ecaad9f6671c7243934b3a2027834e777d361a136550aee3195e0606f3c
7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe
7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12
813c5f8bedbc7bfe27afb8458a86643539754dcf0756320fa144e67af48229b7
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
906d9a64aeec0b3040d9f995c5bdbd37a9ad6904da209d9b23a6c5ad19d51f93
b433fff5919be961f970430072a831557793a468074cd8aaf30427dc6209dc3d
b965c556292c0e094811e05db58487d1d844c4bd8ff1538823a7bdccbfe73e89
c5f4cf8329ffa86e296cdd3fae45184740c46bd8d30d8eaa80d6d33e502fbf7e
cc96f13863dc0a724a693c7a7cd50f77d7a1fbc963fa57e059319d1a4886a29d
dd9d44ccd6e4efcef9a508434c79fb5fbafc7f331aa0a8be5721bc1bcb308f2e
deaad0f9b72c996a2d0038cd44cb0f508c001fc59a34849e1848ab7b940b4607
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4c14d0156315e5c1655e51cf2478e5e350772b1bf3ec62f17e01fe18ea01cbe

howtoupdate.getgreatandsecurecontent.club Open in urlscan Pro 163.172.127.186 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

43 %HTTPS

47 %IPv6

14 Domains

17 Subdomains

13 IPs

5 Countries

435 kBTransfer

921 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

howtoupdate.getgreatandsecurecontent.club Open in urlscan Pro
163.172.127.186 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

43 %
HTTPS

47 %
IPv6

14
Domains

17
Subdomains

13
IPs

5
Countries

435 kB
Transfer

921 kB
Size

0
Cookies

37 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!