Submitted URL: https://www.google.com/url?rct=j&sa=t&url=http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.html&ct=ga&cd=CAEYAi...
Effective URL: http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Submission: On September 25 via manual from US

Summary

This website contacted 7 IPs in 5 countries across 11 domains to perform 14 HTTP transactions. The main IP is 2.16.186.112, located in Ascension Island and belongs to AKAMAI-ASN1, US. The main domain is akdwo.pastacharlie.icu.
This is the only time akdwo.pastacharlie.icu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2606:4700:30:... 13335 (CLOUDFLAR...)
1 1 198.134.112.241 27257 (WEBAIR-IN...)
1 1 149.202.65.142 16276 (OVH)
1 78.140.165.10 35415 (WEBZILLA)
2 2 52.200.81.9 14618 (AMAZON-AES)
2 104.18.22.5 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 3.17.158.232 16509 (AMAZON-02)
1 1 50.56.53.23 19994 (RACKSPACE)
2 7 2.16.186.112 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
14 7
Domain Requested by
7 akdwo.pastacharlie.icu 2 redirects arletrewhasi.pro
akdwo.pastacharlie.icu
3 ajax.googleapis.com akdwo.pastacharlie.icu
2 arletrewhasi.pro mob1ledev1ces.com
arletrewhasi.pro
2 reroplittrewheck.pro 2 redirects
1 fonts.gstatic.com
1 wyyeccvstfau.exceptmega.com 1 redirects
1 update2now.bestfreesite2contenting.info 1 redirects
1 fonts.googleapis.com arletrewhasi.pro
1 mob1ledev1ces.com www.google.com
1 ladsblue.com 1 redirects
1 nbzj.zaegel-espacesverts.fr 1 redirects
1 www.google.com
14 12

This site contains links to these domains. Also see Links.

Domain
lgehnxmrk.metalarchive.pw
Subject Issuer Validity Valid
www.google.com
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2019-09-09 -
2020-09-08
a year crt.sh
*.googleapis.com
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh
*.google.com
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh

This page contains 1 frames:

Primary Page: http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Frame ID: EAC01521DF602C9F6C873A1A8C133C6B
Requests: 14 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://www.google.com/url?rct=j&sa=t&url=http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.... Page URL
  2. http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.html HTTP 302
    https://ladsblue.com/j3j2ek3n?key=76fbb293d1159a250669b2ce2471769b HTTP 302
    http://149.202.65.142/6SQ1p72g HTTP 302
    http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword= Page URL
  3. https://reroplittrewheck.pro/redirect?tid=754576&subid=24717&puid=AHmBi12NYAAAV-cBAEdCNAASAOxSGvkA&utm_so... HTTP 302
    https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423... Page URL
  4. https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=24717 HTTP 302
    https://update2now.bestfreesite2contenting.info/?jxyj=Vn8pJO1_pJ0Rk1Cb9Tr-AHcRB2SMAYjBF_-OxaViJTs.&cid=755066962004044101&su... HTTP 302
    http://wyyeccvstfau.exceptmega.com/pr/?ci=8016&subid=mem_mavo_macchrome_15694237391904FOJE4xbIcU HTTP 302
    http://akdwo.pastacharlie.icu/hyllkjit/?clickid=25230573736873563&q= HTTP 302
    http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a?n=886374468 HTTP 301
    http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /gws/i

Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /([\d.]+)\/jquery-ui(?:\.min)?\.js/i
  • script /jquery-ui.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /([\d.]+)\/jquery-ui(?:\.min)?\.js/i
  • script /jquery-ui.*\.js/i

Page Statistics

14
Requests

36 %
HTTPS

38 %
IPv6

11
Domains

12
Subdomains

7
IPs

5
Countries

157 kB
Transfer

447 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.google.com/url?rct=j&sa=t&url=http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.html&ct=ga&cd=CAEYAioTMTIxNDE2NjQxODE1MDk0NDM3NzIaOTBjMDlkOGYyYTM3YzExMjpjb206ZW46VVM&usg=AFQjCNGAorYDQLrgzPWTH6w_9P06EkZQlw Page URL
  2. http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.html HTTP 302
    https://ladsblue.com/j3j2ek3n?key=76fbb293d1159a250669b2ce2471769b HTTP 302
    http://149.202.65.142/6SQ1p72g HTTP 302
    http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword= Page URL
  3. https://reroplittrewheck.pro/redirect?tid=754576&subid=24717&puid=AHmBi12NYAAAV-cBAEdCNAASAOxSGvkA&utm_source=30532d69d916258a&utm_term= HTTP 302
    https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7 Page URL
  4. https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=24717 HTTP 302
    https://update2now.bestfreesite2contenting.info/?jxyj=Vn8pJO1_pJ0Rk1Cb9Tr-AHcRB2SMAYjBF_-OxaViJTs.&cid=755066962004044101&sub=801790 HTTP 302
    http://wyyeccvstfau.exceptmega.com/pr/?ci=8016&subid=mem_mavo_macchrome_15694237391904FOJE4xbIcU HTTP 302
    http://akdwo.pastacharlie.icu/hyllkjit/?clickid=25230573736873563&q= HTTP 302
    http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a?n=886374468 HTTP 301
    http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.html HTTP 302
  • https://ladsblue.com/j3j2ek3n?key=76fbb293d1159a250669b2ce2471769b HTTP 302
  • http://149.202.65.142/6SQ1p72g HTTP 302
  • http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=
Request Chain 2
  • https://reroplittrewheck.pro/redirect?tid=754576&subid=24717&puid=AHmBi12NYAAAV-cBAEdCNAASAOxSGvkA&utm_source=30532d69d916258a&utm_term= HTTP 302
  • https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
url
www.google.com/
985 B
880 B
Document
General
Full URL
https://www.google.com/url?rct=j&sa=t&url=http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.html&ct=ga&cd=CAEYAioTMTIxNDE2NjQxODE1MDk0NDM3NzIaOTBjMDlkOGYyYTM3YzExMjpjb206ZW46VVM&usg=AFQjCNGAorYDQLrgzPWTH6w_9P06EkZQlw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
gws /
Resource Hash
b3df79589f429bce34c3c00c086142fe1845c86a890b1c97bea15439a371543b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/url?rct=j&sa=t&url=http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.html&ct=ga&cd=CAEYAioTMTIxNDE2NjQxODE1MDk0NDM3NzIaOTBjMDlkOGYyYTM3YzExMjpjb206ZW46VVM&usg=AFQjCNGAorYDQLrgzPWTH6w_9P06EkZQlw
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Wed, 25 Sep 2019 15:02:16 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=31536000
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding
br
server
gws
content-length
501
x-xss-protection
0
set-cookie
NID=188=O95id23z5l4P2GyE4tDOvCqkvNplqjkfv9NjoOu9VFqy1ND1_lc5wqGjg5GmOOny9PnAPJCSOYh_nnpknwGr5ZJz53rECvtitOFSj4_nFhH5aG-pgMdyn_z4bzDD3IBkc-THmBnvGZfg3-MG-jtwH5joq3dGLaw-gQxr0CKt3rY; expires=Thu, 26-Mar-2020 15:02:16 GMT; path=/; domain=.google.com; HttpOnly CONSENT=WP.27e99a; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com
alt-svc
quic=":443"; ma=2592000; v="46,43"
Cookie set /
mob1ledev1ces.com/r/
Redirect Chain
  • http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.html
  • https://ladsblue.com/j3j2ek3n?key=76fbb293d1159a250669b2ce2471769b
  • http://149.202.65.142/6SQ1p72g
  • http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=
7 KB
8 KB
Document
General
Full URL
http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=
Requested by
Host: www.google.com
URL: https://www.google.com/url?rct=j&sa=t&url=http://nbzj.zaegel-espacesverts.fr/fidelity-layoffs-2019.html&ct=ga&cd=CAEYAioTMTIxNDE2NjQxODE1MDk0NDM3NzIaOTBjMDlkOGYyYTM3YzExMjpjb206ZW46VVM&usg=AFQjCNGAorYDQLrgzPWTH6w_9P06EkZQlw
Protocol
HTTP/1.1
Server
78.140.165.10 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash
65e89a8e247cf6531232974f78c6ed853a24b6dbe6056a08e33563e8acee58ca

Request headers

Host
mob1ledev1ces.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://www.google.com/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.google.com/

Response headers

Server
nginx/1.14.0
Date
Wed, 25 Sep 2019 15:02:17 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
bd_context=dOPe550IUZvLaA21s4qUq71sqlMNxf7LbQLMO3JHU8HkSPv9BQTuTofo9dxcoXB6NALt9y2DLxzjTJcvT7ZXde1kUhHwpLx2GSlnB9HYjwaiAiHZIP+P+zVMouQ75QrveyBXbLmLANKkU7VFToIQ6jOtpbzseT7ZgMRQy0W0iDUOQm+gInLv5bFhudE7jyazPRQjqn77mVPDgVY/ouDPzO5+RbN4t5By3cN9xc20EFAEdibPROU1tKrXS4iBOVSZIKnI7G8zd0hU8CYPAngxePcD3lSvvMse0AcyDTxeBLU/NvE+lqTlriScfbFqubGp4t9rs8Afk+mrauo=; Expires=Fri, 25 Sep 2020 15:02:17 GMT

Redirect headers

Server
nginx
Date
Wed, 25 Sep 2019 15:02:17 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Cache-Control
no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires
0
Last-Modified
Wed, 25 Sep 2019 15:02:17 GMT
Location
http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=
Pragma
no-cache
Set-Cookie
_subid=233s43bgb1bhtmic4lbdo1;Expires=Saturday, 26-Oct-2019 15:02:17 GMT;Max-Age=2678400;Path=/ 2a2af=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc0XCI6MTU2OTQyMzczN30sXCJjYW1wYWlnbnNcIjp7XCIyNVwiOjE1Njk0MjM3Mzd9LFwidGltZVwiOjE1Njk0MjM3Mzd9In0.O6rW8Vgu5AACwFBb2x0qZX45IdrO_D8C9Y_abiXGJwI;Expires=Saturday, 26-Oct-2019 15:02:17 GMT;Max-Age=2678400;Path=/
X-Content-Type-Options
nosniff
GEL
arletrewhasi.pro/
Redirect Chain
  • https://reroplittrewheck.pro/redirect?tid=754576&subid=24717&puid=AHmBi12NYAAAV-cBAEdCNAASAOxSGvkA&utm_source=30532d69d916258a&utm_term=
  • https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=red...
12 KB
5 KB
Document
General
Full URL
https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7
Requested by
Host: mob1ledev1ces.com
URL: http://mob1ledev1ces.com/r/?token=a9d91ead6744d1c12e98c5e97ac49fc83702ec77&q=&keyword=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4dc5fde9a7ba76a1fbd03c167fe2af1b2b8a274fa9bb76cc7488bfe03ce30214

Request headers

:method
GET
:authority
arletrewhasi.pro
:scheme
https
:path
/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
http://mob1ledev1ces.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
http://mob1ledev1ces.com/

Response headers

status
200
date
Wed, 25 Sep 2019 15:02:18 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d738874cf2300d82ef009e3d054f23b8e1569423738; expires=Thu, 24-Sep-20 15:02:18 GMT; path=/; domain=.arletrewhasi.pro; HttpOnly; Secure
x-powered-by
Express
access-control-allow-origin
*
access-control-allow-methods
GET, POST
access-control-allow-headers
X-Requested-With,content-type
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
51bde0dcb909dc37-LHR
content-encoding
br

Redirect headers

status
302
date
Wed, 25 Sep 2019 15:02:18 GMT
content-type
text/plain
content-length
0
location
https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7
cache-control
no-store, no-cache, must-revalidate, no-transform
pragma
no-cache
p3p
CP="NID DSP ALL COR"
set-cookie
csu=54c423d0-1a43-4f34-b286-264fde147ae0 fv=rjk7pjnGrHCHpcEFqjg4qdsHqHr5vdw=; Expires=Thu, 24 Sep 2020 15:02:18 GMT; Max-Age=31536000; Domain=.reroplittrewheck.pro; Path=/; Version=1
dlp
arletrewhasi.pro/
38 KB
13 KB
XHR
General
Full URL
https://arletrewhasi.pro/dlp?st=1&lp=stanley
Requested by
Host: arletrewhasi.pro
URL: https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
9c1efe500a4421b56d10eb7fe742359fe848232752b97cee0660fee1bd31f85c

Request headers

Sec-Fetch-Mode
cors
Referer
https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 25 Sep 2019 15:02:18 GMT
content-encoding
br
server
cloudflare
status
200
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cf-ray
51bde0ddcbf5dc37-LHR
access-control-allow-headers
X-Requested-With,content-type
css
fonts.googleapis.com/
2 KB
581 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: arletrewhasi.pro
URL: https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
e5b09ae4f391ccd8e04977e2330f1e533a2a507d95c609a3fd437a7ffc7cddfa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 25 Sep 2019 15:02:18 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
date
Wed, 25 Sep 2019 15:02:18 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
expires
Wed, 25 Sep 2019 15:02:18 GMT
Primary Request /
akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/
Redirect Chain
  • https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=24717
  • https://update2now.bestfreesite2contenting.info/?jxyj=Vn8pJO1_pJ0Rk1Cb9Tr-AHcRB2SMAYjBF_-OxaViJTs.&cid=755066962004044101&sub=801790
  • http://wyyeccvstfau.exceptmega.com/pr/?ci=8016&subid=mem_mavo_macchrome_15694237391904FOJE4xbIcU
  • http://akdwo.pastacharlie.icu/hyllkjit/?clickid=25230573736873563&q=
  • http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a?n=886374468
  • http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
7 KB
2 KB
Document
General
Full URL
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Requested by
Host: arletrewhasi.pro
URL: https://arletrewhasi.pro/GEL?tag_id=754576&sub_id1=24717&sub_id2=7827295554677445172&cookie_id=54c423d0-1a43-4f34-b286-264fde147ae0&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3D24717&hop=7
Protocol
HTTP/1.1
Server
2.16.186.112 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-112.deploy.static.akamaitechnologies.com
Software
nginx/1.6.3 /
Resource Hash
d32915757b3857fc47337240a646235868be5e6208c0e85cf7de0dd7d752ecb8

Request headers

Host
akdwo.pastacharlie.icu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Cookie
rvis8016=2; clickid=25230573736873563
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate

Response headers

Server
nginx/1.6.3
Content-Type
text/html
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Wed, 25 Sep 2019 15:02:21 GMT
Content-Length
2272
Connection
keep-alive

Redirect headers

Server
nginx/1.6.3
Content-Type
text/html
Location
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Content-Length
184
Date
Wed, 25 Sep 2019 15:02:20 GMT
Connection
keep-alive
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Roboto
Origin
https://arletrewhasi.pro
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 27 Aug 2019 20:33:18 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
2485740
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
11016
x-xss-protection
0
expires
Wed, 26 Aug 2020 20:33:18 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/
90 KB
33 KB
Script
General
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: akdwo.pastacharlie.icu
URL: http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Protocol
HTTP/1.1
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 02 Sep 2019 14:53:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
1987734
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
33018
X-XSS-Protection
0
Expires
Tue, 01 Sep 2020 14:53:27 GMT
jquery-ui.css
ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/
34 KB
8 KB
Stylesheet
General
Full URL
http://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/jquery-ui.css
Requested by
Host: akdwo.pastacharlie.icu
URL: http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Protocol
HTTP/1.1
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
95d5b67a78f81f3c071b01f888c9a468c13c8288597b64c99ff829e35b51a012
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 25 Aug 2019 01:22:51 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
2727570
Vary
Accept-Encoding
Content-Type
text/css; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
8060
X-XSS-Protection
0
Expires
Mon, 24 Aug 2020 01:22:51 GMT
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/
223 KB
60 KB
Script
General
Full URL
http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js
Requested by
Host: akdwo.pastacharlie.icu
URL: http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Protocol
HTTP/1.1
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 24 Aug 2019 15:07:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
2764481
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
60529
X-XSS-Protection
0
Expires
Sun, 23 Aug 2020 15:07:40 GMT
style.css
akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/
7 KB
2 KB
Stylesheet
General
Full URL
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/style.css
Requested by
Host: akdwo.pastacharlie.icu
URL: http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Protocol
HTTP/1.1
Server
2.16.186.112 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-112.deploy.static.akamaitechnologies.com
Software
nginx/1.6.3 /
Resource Hash
083aa0ff5a7ca1af28602325af9913dfe2364ced32aae47badc8462990e70c7c

Request headers

Referer
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Sep 2019 15:02:21 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Jun 2018 08:06:36 GMT
Server
nginx/1.6.3
ETag
"5b1e2d8c-1c9a"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1520
2.png
akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/images/
2 KB
2 KB
Image
General
Full URL
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/images/2.png
Requested by
Host: akdwo.pastacharlie.icu
URL: http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Protocol
HTTP/1.1
Server
2.16.186.112 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-112.deploy.static.akamaitechnologies.com
Software
nginx/1.6.3 /
Resource Hash
857ea14f2c3dd61b977dd5e6c3359c80c0a1a0470f3381e98803d31da206c419

Request headers

Referer
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Sep 2019 15:02:21 GMT
Last-Modified
Mon, 11 Jun 2018 05:53:40 GMT
Server
nginx/1.6.3
ETag
"5b1e0e64-72b"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1835
chrome.png
akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/images/
11 KB
11 KB
Image
General
Full URL
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/images/chrome.png
Requested by
Host: akdwo.pastacharlie.icu
URL: http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Protocol
HTTP/1.1
Server
2.16.186.112 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-112.deploy.static.akamaitechnologies.com
Software
nginx/1.6.3 /
Resource Hash
fcf736deea693a6d71babc6359a3e717317cbed312c3bb7f0d7a26d1c8c64d53

Request headers

Referer
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Sep 2019 15:02:21 GMT
Last-Modified
Mon, 11 Jun 2018 06:37:46 GMT
Server
nginx/1.6.3
ETag
"5b1e18ba-2ab1"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10929
box.js
akdwo.pastacharlie.icu/common/control/
2 KB
2 KB
Script
General
Full URL
http://akdwo.pastacharlie.icu/common/control/box.js
Requested by
Host: akdwo.pastacharlie.icu
URL: http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
Protocol
HTTP/1.1
Server
2.16.186.112 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-112.deploy.static.akamaitechnologies.com
Software
nginx/1.6.3 /
Resource Hash
ae9ba7eca88660236ea3f590fb97bd01e25370518a7cc9f4d1e0a9d6bff98e0d

Request headers

Referer
http://akdwo.pastacharlie.icu/hyllkjit/9ba9b92a/?n=886374468
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Sep 2019 15:02:21 GMT
Last-Modified
Thu, 04 Jan 2018 07:56:06 GMT
Server
nginx/1.6.3
ETag
"5a4dde16-609"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1545

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| hideBrowserInstructionsOverlay function| showBrowserInstructionsOverlay function| imagesLazyLoad string| width string| height function| addIframe function| showModal number| clickOnDownload number| iframeAdded number| excludePopLP

2 Cookies

Domain/Path Name / Value
akdwo.pastacharlie.icu/ Name: clickid
Value: 25230573736873563
akdwo.pastacharlie.icu/hyllkjit Name: rvis8016
Value: 2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
akdwo.pastacharlie.icu
arletrewhasi.pro
fonts.googleapis.com
fonts.gstatic.com
ladsblue.com
mob1ledev1ces.com
nbzj.zaegel-espacesverts.fr
reroplittrewheck.pro
update2now.bestfreesite2contenting.info
www.google.com
wyyeccvstfau.exceptmega.com
104.18.22.5
149.202.65.142
198.134.112.241
2.16.186.112
2606:4700:30::681c:690
2a00:1450:4001:806::200a
2a00:1450:4001:808::200a
2a00:1450:4001:818::2004
2a00:1450:4001:825::2003
3.17.158.232
50.56.53.23
52.200.81.9
78.140.165.10
083aa0ff5a7ca1af28602325af9913dfe2364ced32aae47badc8462990e70c7c
4dc5fde9a7ba76a1fbd03c167fe2af1b2b8a274fa9bb76cc7488bfe03ce30214
65e89a8e247cf6531232974f78c6ed853a24b6dbe6056a08e33563e8acee58ca
857ea14f2c3dd61b977dd5e6c3359c80c0a1a0470f3381e98803d31da206c419
95d5b67a78f81f3c071b01f888c9a468c13c8288597b64c99ff829e35b51a012
9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1
9c1efe500a4421b56d10eb7fe742359fe848232752b97cee0660fee1bd31f85c
ae9ba7eca88660236ea3f590fb97bd01e25370518a7cc9f4d1e0a9d6bff98e0d
b3df79589f429bce34c3c00c086142fe1845c86a890b1c97bea15439a371543b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
d32915757b3857fc47337240a646235868be5e6208c0e85cf7de0dd7d752ecb8
e5b09ae4f391ccd8e04977e2330f1e533a2a507d95c609a3fd437a7ffc7cddfa
fcf736deea693a6d71babc6359a3e717317cbed312c3bb7f0d7a26d1c8c64d53