urlscan.io logo urlscan.io
SecurityTrails logo

download-update-qwa.com Open in urlscan Pro
134.209.253.159  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mobutrafsrcms.com/c/a979c0cc-9806-11e5-b565-02f6361de079?clickid=1534791565mb21084509381&pubid=cf1a3fda0&pubid2=cf...
Effective URL: https://download-update-qwa.com/down/index1.html
Submission: On November 15 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 5 countries across 9 domains to perform 8 HTTP transactions. The main IP is 134.209.253.159, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is download-update-qwa.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 30th 2019. Valid for: 3 months.
This is the only time download-update-qwa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.26.10.26 13335 (CLOUDFLAR...)
2 2 94.23.206.47 16276 (OVH)
1 1 52.76.0.236 16509 (AMAZON-02)
1 1 137.74.217.110 16276 (OVH)
1 4 198.143.165.221 32475 (SINGLEHOP...)
2 3 78.46.60.142 24940 (HETZNER-AS)
1 1 142.93.107.242 14061 (DIGITALOC...)
2 134.209.253.159 14061 (DIGITALOC...)
8 5
1    104.26.10.26 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
mobutrafsrcms.com
2    94.23.206.47 (France)

ASN16276 (OVH, FR)
PTR: ns3099792.ip-94-23-206.eu
go-rillatrack.com
1    52.76.0.236 (Singapore, Singapore)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-76-0-236.ap-southeast-1.compute.amazonaws.com
go-rilla.offerstrack.net
1    137.74.217.110 (Spain)

ASN16276 (OVH, FR)
PTR: ip110.ip-137-74-217.eu
goobtain.com
4    198.143.165.221 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: server04.com-2.mobi
get.classicgift.download
3    78.46.60.142 (Nuremberg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.142.60.46.78.clients.your-server.de
trcfadw.com
trackerforadw.com
1    142.93.107.242 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
databasecash.com
2    134.209.253.159 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
download-update-qwa.com
Domain Requested by
4 get.classicgift.download 1 redirects mobutrafsrcms.com
get.classicgift.download
2 download-update-qwa.com download-update-qwa.com
2 trcfadw.com 1 redirects get.classicgift.download
2 go-rillatrack.com mobutrafsrcms.com
1 trackerforadw.com 1 redirects
1 databasecash.com 1 redirects
1 goobtain.com 1 redirects
1 go-rilla.offerstrack.net 1 redirects
1 mobutrafsrcms.com
8 9

This site contains links to these domains. Also see Links.

Domain
findher2date.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-04-24 -
2020-04-24		 a year crt.sh
get.classicgift.download
Let's Encrypt Authority X3		 2019-10-11 -
2020-01-09		 3 months crt.sh
trcfadw.com
Let's Encrypt Authority X3		 2019-10-20 -
2020-01-18		 3 months crt.sh
download-update-qwa.com
Let's Encrypt Authority X3		 2019-10-30 -
2020-01-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://download-update-qwa.com/down/index1.html
Frame ID: B1F034C407C076840FC1DB08D3675993
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://mobutrafsrcms.com/c/a979c0cc-9806-11e5-b565-02f6361de079?clickid=1534791565mb21084509381&pubid... Page URL
  2. http://go-rillatrack.com/b.php?trf=m&p=custom_105t14y752&d=5cd042df98142940333186ff&pid=lNL209TGZ090c... HTTP 302
    http://go-rilla.offerstrack.net/smartlink.php?sl_id=4&aff_id=468&aff_sub1=5dce067c9814294e5e0ea992 HTTP 302
    http://go-rillatrack.com/b.php?trf=m&p=custom_go_rilla_content&d=5c6b13fe1e26dc53c63e00c1&pid=click_id HTTP 302
    https://goobtain.com/l.php?trf=m&p=custom_gorilla&d=5cc888db77d7d3542c5b53c8&pid=5dce067d98142953... HTTP 302
    https://get.classicgift.download/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_F... Page URL
  3. https://get.classicgift.download/?utm_term=6759347233310638183&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
  4. https://get.classicgift.download/proc.php?7d0fea72dec09dd352d3b5301c56f717678a543b HTTP 302
    https://trcfadw.com/click.php?key=fa065o7lu9w9gza0cfe7&clickid=6759347233310638183&partner_id=50... HTTP 302
    https://trcfadw.com/nlp/index.php?zoneid=3308&clickid=417732tvcuqa1h9ea4&url_bnm_redirect=https:... Page URL
  5. https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php?zoneid=3308&clickid=417732tvcuqa1h9ea4 HTTP 302
    https://trackerforadw.com/click.php?key=wiboaztegiiexxzwd8ls&from=mac&zoneid=3308&clickid=417732tvcuqa... HTTP 302
    https://download-update-qwa.com/down/index1.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

5
IPs

5
Countries

31 kB
Transfer

60 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mobutrafsrcms.com/c/a979c0cc-9806-11e5-b565-02f6361de079?clickid=1534791565mb21084509381&pubid=cf1a3fda0&pubid2=cf1a3fda0&device_id= Page URL
  2. http://go-rillatrack.com/b.php?trf=m&p=custom_105t14y752&d=5cd042df98142940333186ff&pid=lNL209TGZ090ccb0007PS00EBC0XHIX0470YIW03PK0470Y00000000&source=195730&data1=25ayWUkWXWXBkCva2EgE HTTP 302
    http://go-rilla.offerstrack.net/smartlink.php?sl_id=4&aff_id=468&aff_sub1=5dce067c9814294e5e0ea992 HTTP 302
    http://go-rillatrack.com/b.php?trf=m&p=custom_go_rilla_content&d=5c6b13fe1e26dc53c63e00c1&pid=click_id HTTP 302
    https://goobtain.com/l.php?trf=m&p=custom_gorilla&d=5cc888db77d7d3542c5b53c8&pid=5dce067d981429533e18af17 HTTP 302
    https://get.classicgift.download/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_FALL&cid=5dce067e11b07a5f4867a030 Page URL
  3. https://get.classicgift.download/?utm_term=6759347233310638183&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f097979b8790cacbf9c9fff9fcfdc2f2f2f1f6c7c4c5f9 Page URL
  4. https://get.classicgift.download/proc.php?7d0fea72dec09dd352d3b5301c56f717678a543b HTTP 302
    https://trcfadw.com/click.php?key=fa065o7lu9w9gza0cfe7&clickid=6759347233310638183&partner_id=5079&pid=5079-3e5afd7z&cat=mainstream HTTP 302
    https://trcfadw.com/nlp/index.php?zoneid=3308&clickid=417732tvcuqa1h9ea4&url_bnm_redirect=https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php Page URL
  5. https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php?zoneid=3308&clickid=417732tvcuqa1h9ea4 HTTP 302
    https://trackerforadw.com/click.php?key=wiboaztegiiexxzwd8ls&from=mac&zoneid=3308&clickid=417732tvcuqa1h9ea4&qwert=151573783167 HTTP 302
    https://download-update-qwa.com/down/index1.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://go-rillatrack.com/b.php?trf=m&p=custom_105t14y752&d=5cd042df98142940333186ff&pid=lNL209TGZ090ccb0007PS00EBC0XHIX0470YIW03PK0470Y00000000&source=195730&data1=25ayWUkWXWXBkCva2EgE HTTP 302
  • http://go-rilla.offerstrack.net/smartlink.php?sl_id=4&aff_id=468&aff_sub1=5dce067c9814294e5e0ea992 HTTP 302
  • http://go-rillatrack.com/b.php?trf=m&p=custom_go_rilla_content&d=5c6b13fe1e26dc53c63e00c1&pid=click_id HTTP 302
  • https://goobtain.com/l.php?trf=m&p=custom_gorilla&d=5cc888db77d7d3542c5b53c8&pid=5dce067d981429533e18af17 HTTP 302
  • https://get.classicgift.download/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_FALL&cid=5dce067e11b07a5f4867a030
Request Chain 4
  • https://get.classicgift.download/proc.php?7d0fea72dec09dd352d3b5301c56f717678a543b HTTP 302
  • https://trcfadw.com/click.php?key=fa065o7lu9w9gza0cfe7&clickid=6759347233310638183&partner_id=5079&pid=5079-3e5afd7z&cat=mainstream HTTP 302
  • https://trcfadw.com/nlp/index.php?zoneid=3308&clickid=417732tvcuqa1h9ea4&url_bnm_redirect=https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
a979c0cc-9806-11e5-b565-02f6361de079
mobutrafsrcms.com/c/ 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mobutrafsrcms.com/c/a979c0cc-9806-11e5-b565-02f6361de079?clickid=1534791565mb21084509381&pubid=cf1a3fda0&pubid2=cf1a3fda0&device_id=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.10.26 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce1735411faa08090e35a4dd958bc12d914b93c41ac4990130b3a5a11b54ff69

Request headers

:method
GET
:authority
mobutrafsrcms.com
:scheme
https
:path
/c/a979c0cc-9806-11e5-b565-02f6361de079?clickid=1534791565mb21084509381&pubid=cf1a3fda0&pubid2=cf1a3fda0&device_id=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Fri, 15 Nov 2019 01:59:24 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=d8a0246fd784895957f6616b6661737d41573783163; expires=Sat, 14-Nov-20 01:59:23 GMT; path=/; domain=.mobutrafsrcms.com; HttpOnly; Secure sgShhK3%2FQp6kL4WG7i99wcaHV12SCdiw9kKzByUH7U0%3D=3c1d7cfa5690da302cf4dd322ff70e41_1573783163.9576; domain=mobutrafsrcms.com; path=/; expires=Mon, 12-Nov-2029 01:59:23 UTC lAYY2woPcaA4%2BPVC%2Fe%2B659tHGbXbbG%2BJcmvM5e3MOEg%3D=1573783163.969; domain=mobutrafsrcms.com; path=/; expires=Mon, 12-Nov-2029 01:59:23 UTC TPxG%2FAKHTh2RPqy9PydLweWvrGU3jpOvbLbbXmWV3xA%3D=WHlvZ1RKeTY5eW1UQkpKSmh1Sjl3VWpCVHBSL29sMXhPSGJCbnYvL1VScE9ST21hVG9IcERqK3hUTGprb3JQTQ%3D%3D; domain=mobutrafsrcms.com; path=/; expires=Mon, 12-Nov-2029 01:59:23 UTC 3c1d7cfa5690da302cf4dd322ff70e41_1573783163.9576_ck=bnZuQlZabk1wejduR09MS2cxOCtUY2tRLzRVUjFGbnM0LytvT0FzS2Y2dVFwNWVTOUFTSTBYSWxFZVJLZnpTRDd0VlBBQmhYcWdLNXNTeHBodFl4aVJsWDh0d2VBcVN3Y0hwNjhYZ1dncTFMWXMvbUwvR1NXZUUvdFhkckRrTS9DNVhqYUhCck8vOGRISDc0YUR4Zi9JOU4xT1VoUXV4TzlKSjdmLzl5QzlxTUpnYmtuUVBrYkZrTGlPMzV1UTQ1bVk2TWhJM3I3MzZMVE0vSllUamNnTFJnK0JUK2l2TGVsVEpmZVIvVE5sVTRHdW9jTllDMGcwMGljVXVvVUpEUDMwcU1VcWovNE5sRjVjTDdXS00vNGwwc3poTXkyd0N5bkFoaWFReUswdU40K2tkdmlRTzdKdis2OFRaK1NPZnBVSmc0b3VvNk9hVzVna3hQM2RGWkEzbjE5UjJjVGZHWDBDYUVwemtyKzBtckJ2QkpveXRRR0szaEk1eTRqQnRTSGMxOTJMVHdhQmJhOXJaSUFBR3QySFhrcmJ2K2ZCbEhIWUtsUG93Z0VDTElSUUJqenZPMWdWWTNtbitHVE5vV0Z6RXNJUkRLdUlTZFZuSXlLMWdBY3Z0Z0k3bzhDSWpyRHMyTkNvZWJTSUp5aHU4aDNxRS90VmkrSXBPZFJ5eE4ybXdnNFBMdExvOUZiYmhweFpMRXRUbUw0OTNrK1FEbDFyZldNRDhMcU0xcklaNWNnYnNscWc1YmEzQWhKd2tsemc3SjRuMVcwcTkrN3lsMDhqNENTRVFDUEh4eEhYUG9vYjZtaCtaVEYySXdHZDVCU0pWVFN5ZFFTZGdDQytYcG1QZm00Zm1ZWFJ4ZVV2S0NUTEVIaW9IWEZrK050YXN6M3UwS2pmUGI2TktKWmpaWUd2aFVkUDA1eUxORFVCWS9qcyt0dWpla2NkUTNRdlFHQkRoSllqeC8vS2VJeEtBMUQ3ckFQaXQxWG9VLzdWd0c1N0RDSG9TMk1aTWUwN3h2dW1LQzYwRWxZSThPdGQxdEhOdEVuZ282VEtTZlBNZEJ1RUZhNFhzWnF6WFp6WEVxa1d1dWcrSFJyZjk0YzZZNlA4a3VFd1pGYXVxUzlQb25jSC9PdS9ZcE1MZDN5MldmUmsxTUxPOHRmKzFUc0JXTUN0V3JZb1hrMld6NG9zWkdscWRjMXFzdGcyQjI2UDFuOUJreDAzeWUraVoyQ3owajYrWUNnNkh1bUU4UlZJa1d5S1pFOXJnMXoxRmRWMDFYSEUwV1YwMjJZV0M5a0c2QWxhVFcvV3lVZFEwa2tzZms0SDEwMk9DeFpOaz0%3D; domain=mobutrafsrcms.com; path=/; expires=Mon, 12-Nov-2029 01:59:23 UTC tHet2tCzmxWWA8HM4K%2FJr4KSuGBbWnC09pzPb4wEu8w%3D=eitBNENKS1hpZzA4Y1pIOHJnUmhiazJBWnZ6VXlZdk9hcGVQY3c3TVVoU1BOelRHb1N1SDBmdmpKM0NoNEFwdTFOQkVONFV4SzlPWWVUYW5ISGdybEJ5cC90N2VWZElPQjRZWkNGOEY4YWs9; domain=mobutrafsrcms.com; path=/; expires=Fri, 15-Nov-2019 03:04:24 UTC SERVERID=sfc4; path=/
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
535da0268c9e9d12-AMS
b.php
go-rillatrack.com/ 		0
0
/
get.classicgift.download/
Redirect Chain
  • http://go-rillatrack.com/b.php?trf=m&p=custom_105t14y752&d=5cd042df98142940333186ff&pid=lNL209TGZ090ccb0007PS00EBC0XHIX0470YIW03PK0470Y00000000&source=195730&data1=25ayWUkWXWXBkCva2EgE
  • http://go-rilla.offerstrack.net/smartlink.php?sl_id=4&aff_id=468&aff_sub1=5dce067c9814294e5e0ea992
  • http://go-rillatrack.com/b.php?trf=m&p=custom_go_rilla_content&d=5c6b13fe1e26dc53c63e00c1&pid=click_id
  • https://goobtain.com/l.php?trf=m&p=custom_gorilla&d=5cc888db77d7d3542c5b53c8&pid=5dce067d981429533e18af17
  • https://get.classicgift.download/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_FALL&cid=5dce067e11b07a5f4867a030
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://get.classicgift.download/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_FALL&cid=5dce067e11b07a5f4867a030
Requested by
Host: mobutrafsrcms.com
URL: https://mobutrafsrcms.com/c/a979c0cc-9806-11e5-b565-02f6361de079?clickid=1534791565mb21084509381&pubid=cf1a3fda0&pubid2=cf1a3fda0&device_id=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.221 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.3.4
Resource Hash
50455c6bb34ad2b8932d2b7391e3f618c502628d2614413256fc2d25f4c981df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
get.classicgift.download
:scheme
https
:path
/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_FALL&cid=5dce067e11b07a5f4867a030
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://mobutrafsrcms.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://mobutrafsrcms.com/

Response headers

status
200
server
nginx
date
Fri, 15 Nov 2019 01:59:27 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=996a4f68fff3dc36e78ddd20f8c341a1; expires=Sat, 14-Nov-2020 01:59:27 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip

Redirect headers

Server
nginx
Date
Fri, 15 Nov 2019 01:59:26 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
Round
5cb57c7977d7d31ef76248b0
Raund
106qne34wv-106vx9o1nd
Location
https://get.classicgift.download/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_FALL&cid=5dce067e11b07a5f4867a030
/
get.classicgift.download/ 		14 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://get.classicgift.download/?utm_term=6759347233310638183&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f097979b8790cacbf9c9fff9fcfdc2f2f2f1f6c7c4c5f9
Requested by
Host: get.classicgift.download
URL: https://get.classicgift.download/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_FALL&cid=5dce067e11b07a5f4867a030
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.221 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.3.4
Resource Hash
9a2ca68531cca1b78bef6680673d82eaa1bfbf00df6d8c2804dc29bd59de88e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
get.classicgift.download
:scheme
https
:path
/?utm_term=6759347233310638183&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f097979b8790cacbf9c9fff9fcfdc2f2f2f1f6c7c4c5f9
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
referer
https://get.classicgift.download/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_FALL&cid=5dce067e11b07a5f4867a030
accept-encoding
gzip, deflate, br
cookie
u=996a4f68fff3dc36e78ddd20f8c341a1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://get.classicgift.download/?utm_medium=a5f5da530b821b4bc632b96478ccf56d2f081c05&utm_campaign=WW_SMART_FALL&cid=5dce067e11b07a5f4867a030

Response headers

status
200
server
nginx
date
Fri, 15 Nov 2019 01:59:27 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
index.php
trcfadw.com/nlp/
Redirect Chain
  • https://get.classicgift.download/proc.php?7d0fea72dec09dd352d3b5301c56f717678a543b
  • https://trcfadw.com/click.php?key=fa065o7lu9w9gza0cfe7&clickid=6759347233310638183&partner_id=5079&pid=5079-3e5afd7z&cat=mainstream
  • https://trcfadw.com/nlp/index.php?zoneid=3308&clickid=417732tvcuqa1h9ea4&url_bnm_redirect=https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php
145 B
272 B 		Document
General
Check archive.org
Download Go to
Full URL
https://trcfadw.com/nlp/index.php?zoneid=3308&clickid=417732tvcuqa1h9ea4&url_bnm_redirect=https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php
Requested by
Host: get.classicgift.download
URL: https://get.classicgift.download/?utm_term=6759347233310638183&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f097979b8790cacbf9c9fff9fcfdc2f2f2f1f6c7c4c5f9
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
78.46.60.142 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.142.60.46.78.clients.your-server.de
Software
nginx/1.14.0 /
Resource Hash
f60273cfaa75e0f57c6998ba2e0e7a30db1c451977ff885a808b352ab2178d0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
trcfadw.com
:scheme
https
:path
/nlp/index.php?zoneid=3308&clickid=417732tvcuqa1h9ea4&url_bnm_redirect=https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://get.classicgift.download/?utm_term=6759347233310638183&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f097979b8790cacbf9c9fff9fcfdc2f2f2f1f6c7c4c5f9
accept-encoding
gzip, deflate, br
cookie
uclick=2tvcuqa1h9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://get.classicgift.download/?utm_term=6759347233310638183&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f097979b8790cacbf9c9fff9fcfdc2f2f2f1f6c7c4c5f9

Response headers

status
200
server
nginx/1.14.0
date
Fri, 15 Nov 2019 01:59:27 GMT
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=31536000
content-encoding
gzip

Redirect headers

status
302
server
nginx/1.14.0
date
Fri, 15 Nov 2019 01:59:27 GMT
content-type
text/html; charset=UTF-8
location
https://trcfadw.com/nlp/index.php?zoneid=3308&clickid=417732tvcuqa1h9ea4&url_bnm_redirect=https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php
set-cookie
uclick=2tvcuqa1h9; expires=Sat, 16-Nov-2019 01:59:27 GMT; Max-Age=86400; path=/
strict-transport-security
max-age=31536000
skip-button.jpg
get.classicgift.download/20190821/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.classicgift.download/20190821/skip-button.jpg
Requested by
Host: get.classicgift.download
URL: https://get.classicgift.download/?utm_term=6759347233310638183&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f097979b8790cacbf9c9fff9fcfdc2f2f2f1f6c7c4c5f9
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.221 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://get.classicgift.download/?utm_term=6759347233310638183&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f097979b8790cacbf9c9fff9fcfdc2f2f2f1f6c7c4c5f9
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 15 Nov 2019 01:59:27 GMT
last-modified
Wed, 21 Aug 2019 12:57:11 GMT
server
nginx
etag
"5d5d3fa7-2e32"
strict-transport-security
max-age=31536000; includeSubdomains;
content-type
image/jpeg
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
11826
expires
Sat, 16 Nov 2019 01:59:27 GMT
Primary Request index1.html
download-update-qwa.com/down/
Redirect Chain
  • https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php?zoneid=3308&clickid=417732tvcuqa1h9ea4
  • https://trackerforadw.com/click.php?key=wiboaztegiiexxzwd8ls&from=mac&zoneid=3308&clickid=417732tvcuqa1h9ea4&qwert=151573783167
  • https://download-update-qwa.com/down/index1.html
24 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://download-update-qwa.com/down/index1.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
134.209.253.159 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx /
Resource Hash
8a158bcb46050b08cdb8439bb61cb01b145914683e12357b8b80a50ce2445f55

Request headers

Host
download-update-qwa.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://trcfadw.com/nlp/index.php?zoneid=3308&clickid=417732tvcuqa1h9ea4&url_bnm_redirect=https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://trcfadw.com/nlp/index.php?zoneid=3308&clickid=417732tvcuqa1h9ea4&url_bnm_redirect=https://databasecash.com/e26ebbcda9dd539d35aada2948020550.php

Response headers

Server
nginx
Date
Fri, 15 Nov 2019 01:59:28 GMT
Content-Type
text/html
Last-Modified
Wed, 03 Jul 2019 17:56:19 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
ETag
W/"5d1cec43-5f29"
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control
max-age=315360000
Content-Encoding
gzip

Redirect headers

status
302
server
nginx/1.14.0
date
Fri, 15 Nov 2019 01:59:28 GMT
content-type
text/html; charset=UTF-8
location
https://download-update-qwa.com/down/index1.html
set-cookie
uclick=2tvcuqa1he; expires=Sat, 16-Nov-2019 01:59:28 GMT; Max-Age=86400; path=/
strict-transport-security
max-age=31536000
18a.png
download-update-qwa.com/down/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://download-update-qwa.com/down/18a.png
Requested by
Host: download-update-qwa.com
URL: https://download-update-qwa.com/down/index1.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
134.209.253.159 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx /
Resource Hash
7fa6d4139bb3320d4621fddd7614bb48190b6d09e8e155843f8585f7c9d765c5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://download-update-qwa.com/down/index1.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 15 Nov 2019 01:59:28 GMT
Last-Modified
Wed, 03 Jul 2019 17:56:19 GMT
Server
nginx
ETag
"5d1cec43-ae6"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2790
Expires
Thu, 31 Dec 2037 23:55:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
go-rillatrack.com
URL
http://go-rillatrack.com/b.php?trf=m&p=custom_105t14y752&d=5cd042df98142940333186ff&pid=lNL209TGZ090ccb0007PS00EBC0XHIX0470YIW03PK0470Y00000000&source=195730&data1=25ayWUkWXWXBkCva2EgE&

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| lang

0 Cookies