watchvideo.pro Open in urlscan Pro
178.132.6.250 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://broadsafegaming.com/caa/
Effective URL:
https://watchvideo.pro/click.php?key=gp3unhy34pi93is2vpxz&click_id=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-6...
Submission: On July 26 via manual (July 26th 2022, 3:33:48 pm UTC) from IN — Scanned from DE

Summary HTTP 25 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 7 countries across 7 domains to perform 25 HTTP transactions. The main IP is 178.132.6.250, located in Naaldwijk, Netherlands and belongs to WORLDSTREAM, NL. The main domain is watchvideo.pro.
TLS certificate: Issued by R3 on May 25th 2022. Valid for: 3 months.

This is the only time watchvideo.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 13	162.241.123.137 162.241.123.137	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a00:1450:400... 2a00:1450:400e:80f::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
2	101.99.95.147 101.99.95.147	201133 (VERDINA) (VERDINA)
1 2	91.211.91.104 91.211.91.104	206638 (HOSTFORY) (HOSTFORY)
1 3	188.166.68.96 188.166.68.96	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 2	2001:978:2:1a... 2001:978:2:1a::30:134	174 (COGENT-174) (COGENT-174)
2	178.132.6.250 178.132.6.250	49981 (WORLDSTREAM) (WORLDSTREAM)
25	9

13 162.241.123.137 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-123-137.unifiedlayer.com

broadsafegaming.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:80f::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 101.99.95.147 (Malaysia)

ASN201133 (VERDINA, BZ)
PTR: vps.euromeds.to

trick.cofounderspecials.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.211.91.104 (Ukraine) 1 redirects

ASN206638 (HOSTFORY, UA)

door.cofounderspecials.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.166.68.96 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

redstringline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.redstringline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:978:2:1a::30:134 (France) 1 redirects

ASN174 (COGENT-174, US)

eu.pushnow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.132.6.250 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 178-132-6-250.hosted-by-worldstream.net

watchvideo.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	broadsafegaming.com 1 redirects broadsafegaming.com	130 KB
4	cofounderspecials.com 1 redirects trick.cofounderspecials.com door.cofounderspecials.com Failed	5 KB
3	redstringline.com redstringline.com Failed 0.redstringline.com	102 KB
2	watchvideo.pro watchvideo.pro	10 KB
2	pushnow.net 1 redirects eu.pushnow.net — Cisco Umbrella Rank: 108210	3 KB
2	gstatic.com fonts.gstatic.com	91 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 72	2 KB
25	7

	Domain	Requested by
13	broadsafegaming.com	1 redirects broadsafegaming.com
2	watchvideo.pro	watchvideo.pro
2	eu.pushnow.net	1 redirects broadsafegaming.com
2	0.redstringline.com	1 redirects broadsafegaming.com
2	door.cofounderspecials.com	trick.cofounderspecials.com
2	trick.cofounderspecials.com	broadsafegaming.com trick.cofounderspecials.com
2	fonts.gstatic.com	fonts.googleapis.com
1	redstringline.com	door.cofounderspecials.com
1	fonts.googleapis.com	broadsafegaming.com
25	9

This site contains no links.

Subject Issuer	Validity	Valid
*.broadsafegaming.com R3	`2022-07-01` - `2022-09-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
trick.cofounderspecials.com R3	`2022-07-24` - `2022-10-22`	3 months	crt.sh
door.cofounderspecials.com R3	`2022-07-25` - `2022-10-23`	3 months	crt.sh
redstringline.com R3	`2022-06-30` - `2022-09-28`	3 months	crt.sh
*.pushnow.net R3	`2022-07-02` - `2022-09-30`	3 months	crt.sh
watchvideo.pro R3	`2022-05-25` - `2022-08-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://watchvideo.pro/click.php?key=gp3unhy34pi93is2vpxz&click_id=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761&price=0.0023&sub1=9578f40cd8241042318326d5cc5936e9&sub2=8914&sub3=0.0023&sub4=DEU&sub5=dd1e23175e1aeb0400e8ed25cfec4f76&mcount=0&type=direct
Frame ID: 4781776A71CB069B8488C0CEB68611C0
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Warning

Page URL History Show full URLs

https://broadsafegaming.com/caa/ HTTP 302
https://broadsafegaming.com/caa/region.php Page URL
https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332 HTTP 302
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433 Page URL
https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
https://0.redstringline.com/?auf=miygmmjwgu5diojygyxtomzyg4xtembpge3dkobygq4tmmrv&s=1&sub1=&sub2=coolhea... HTTP 302
https://eu.pushnow.net/postback/click?key=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-2... Page URL
https://eu.pushnow.net/postback/click?key=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-2... HTTP 302
https://watchvideo.pro/click.php?key=gp3unhy34pi93is2vpxz&click_id=v2-1658849626001-4-8914-1138639-... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

92 %
HTTPS

38 %
IPv6

7
Domains

9
Subdomains

9
IPs

7
Countries

341 kB
Transfer

883 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://broadsafegaming.com/caa/ HTTP 302
https://broadsafegaming.com/caa/region.php Page URL
https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332 HTTP 302
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433 Page URL
https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
https://0.redstringline.com/?auf=miygmmjwgu5diojygyxtomzyg4xtembpge3dkobygq4tmmrv&s=1&sub1=&sub2=coolheart&sub3=&sub4=&cpc=0&cpm=0 HTTP 302
https://eu.pushnow.net/postback/click?key=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761 Page URL
https://eu.pushnow.net/postback/click?key=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761&token=42b4e9da81827f048d5d5ba37ac7cf44&timezone=0&iframe_test=false&webdriver_test=false HTTP 302
https://watchvideo.pro/click.php?key=gp3unhy34pi93is2vpxz&click_id=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761&price=0.0023&sub1=9578f40cd8241042318326d5cc5936e9&sub2=8914&sub3=0.0023&sub4=DEU&sub5=dd1e23175e1aeb0400e8ed25cfec4f76&mcount=0&type=direct Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://broadsafegaming.com/caa/ HTTP 302
https://broadsafegaming.com/caa/region.php

Request Chain 18

https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332 HTTP 302
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433

Request Chain 28

https://0.redstringline.com/?auf=miygmmjwgu5diojygyxtomzyg4xtembpge3dkobygq4tmmrv&s=1&sub1=&sub2=coolheart&sub3=&sub4=&cpc=0&cpm=0 HTTP 302
https://eu.pushnow.net/postback/click?key=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761

25 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

region.php Show response
broadsafegaming.com/caa/
Redirect Chain

https://broadsafegaming.com/caa/
https://broadsafegaming.com/caa/region.php

5 KB
2 KB

280ms
279ms

Document
text/html

162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash: 504577970207b1107bd8c44b3de89f7ac948bd5a8b7fe7dae81dc9b4830fa307

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 1785
content-type: text/html; charset=UTF-8
date: Tue, 26 Jul 2022 15:33:41 GMT
server: Apache
vary: Accept-Encoding
x-server-cache: false

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 26 Jul 2022 15:33:41 GMT
location: region.php
server: Apache
x-server-cache: false

GET
H2 200 bootstrap.min.css
broadsafegaming.com/caa/assets/css/ 138 KB
31 KB 295ms
294ms Stylesheet
text/css 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/assets/css/bootstrap.min.css
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash: 3beb48429a842d5c330b9b4cc0a518652e1eca16121f40bdc1d4c41e4ff1a08c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
content-encoding: gzip
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 helpers.css
broadsafegaming.com/caa/assets/css/ 40 KB
5 KB 153ms
152ms Stylesheet
text/css 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/assets/css/helpers.css
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash: 47ea6017315e75d765459d0a7cddb6b19e7b63555b7c75d97558b7e5638a9a73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
content-encoding: gzip
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 5292

GET
H2 200 fonts.css
broadsafegaming.com/caa/assets/css/ 1 KB
346 B 152ms
151ms Stylesheet
text/css 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/assets/css/fonts.css
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash: 98b62b715000035bde65a6ada525f27da578202c9996ef4acfd8bcd725a7374c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
content-encoding: gzip
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 279

GET
H2 200 main.css
broadsafegaming.com/caa/assets/css/ 10 KB
3 KB 152ms
152ms Stylesheet
text/css 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/assets/css/main.css
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash: 5c083d4c6576b761dc9d0f9685323f602cb37fc62ea757be08a2afa5e0467234

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
content-encoding: gzip
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 3048

GET
H2 200 calogo.png
broadsafegaming.com/caa/assets/images/ 18 KB
19 KB 423ms
423ms Image
image/png 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://broadsafegaming.com/caa/assets/images/calogo.png
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash: f8e9befa13e3ff93d974729ae3c727461555d582bb63bb388a4bd497619ef20b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
accept-ranges: bytes
content-length: 18782
content-type: image/png

GET
H2 200 jquery.min.js Show response
broadsafegaming.com/caa/assets/js/ 89 KB
39 KB 428ms
427ms Script
application/javascript 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/assets/js/jquery.min.js
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash: 2c5136bf79eeb8b62d5e6be34dc1c81e9b14797ac056fd991c4fce3b46ad328d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
content-encoding: gzip
last-modified: Sun, 24 Jul 2022 18:10:32 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 popper.min.js Show response
broadsafegaming.com/caa/assets/js/ 20 KB
8 KB 427ms
426ms Script
application/javascript 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/assets/js/popper.min.js
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash: 315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
content-encoding: gzip
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 8611

GET
H2 200 bootstrap.min.js Show response
broadsafegaming.com/caa/assets/js/ 58 KB
23 KB 428ms
427ms Script
application/javascript 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/assets/js/bootstrap.min.js
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash: 306ab8dd287ef041231a510b7e4c027a11e28b20c3408a9185d895c091dc72a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
content-encoding: gzip
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 fontawesome.js
broadsafegaming.com/caa/assets/js/ 137 KB
0 428ms
427ms Script
application/javascript 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/assets/js/fontawesome.js
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
content-encoding: gzip
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 main.js
broadsafegaming.com/caa/assets/js/ 0
0 427ms
426ms Script
application/javascript 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://broadsafegaming.com/caa/assets/js/main.js
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/region.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:41 GMT
content-encoding: gzip
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1016

GET
H2 200 css
fonts.googleapis.com/ 23 KB
2 KB 78ms
31ms Stylesheet
text/css 2a00:1450:400e:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800

Requested by

Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/assets/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80f::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6d04b8a2da34d3d02f01e37864968ef2dde04863e5e3c931cb6e6b7b767ef97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 26 Jul 2022 15:33:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 26 Jul 2022 15:33:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 26 Jul 2022 15:33:41 GMT

GET
H2 200 particuliers.jpg
broadsafegaming.com/caa/assets/images/ 63 KB
0 879ms
879ms Image
image/jpeg 162.241.123.137
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://broadsafegaming.com/caa/assets/images/particuliers.jpg
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/assets/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.123.137 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-123-137.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/caa/assets/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:33:42 GMT
last-modified: Sun, 24 Jan 2021 02:53:00 GMT
server: Apache
accept-ranges: bytes
content-length: 171158
content-type: image/jpeg

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/ 44 KB
44 KB 57ms
15ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://broadsafegaming.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 23:32:09 GMT
x-content-type-options: nosniff
age: 57693
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Jul 2023 23:32:09 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v29/ 47 KB
47 KB 79ms
37ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c0b68ea789d4bc6705f42dd6c44eb38306b965df01f9409eb4a941370e3b158

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://broadsafegaming.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 10:55:16 GMT
x-content-type-options: nosniff
age: 103106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47924
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Jul 2023 10:55:16 GMT

GET
H/1.1 200
OK track.js Show response
trick.cofounderspecials.com/ 6 KB
2 KB 842ms
44ms Script
application/javascript 101.99.95.147
VERDINA

General

Check archive.org

Show headers Download Go to

Full URL: https://trick.cofounderspecials.com/track.js?v=5.555
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ),
Reverse DNS: vps.euromeds.to
Software: nginx /
Resource Hash: 13092800253619e1ce13ad7e28673e40452f3fed09037e2058166273fbaf434d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 15:33:43 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Jul 2022 11:30:23 GMT
Server: nginx
ETag: W/"62de7ecf-176b"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK way.js Show response
trick.cofounderspecials.com/ 3 KB
1 KB 40ms
40ms Script
application/javascript 101.99.95.147
VERDINA

General

Check archive.org

Show headers Download Go to

Full URL: https://trick.cofounderspecials.com/way.js?v=0.5.8
Requested by: Host: trick.cofounderspecials.com
URL: https://trick.cofounderspecials.com/track.js?v=5.555
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ),
Reverse DNS: vps.euromeds.to
Software: nginx /
Resource Hash: 4df8cca6c99a24a33c327873b74c3e7b2a0fa1e40b83808448167e094fba73aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://broadsafegaming.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 15:33:43 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Jul 2022 11:37:24 GMT
Server: nginx
ETag: W/"62de8074-aef"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET way.php
door.cofounderspecials.com/ 0
0

GET
H2

200

way.php
door.cofounderspecials.com/
Redirect Chain

https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433

820 B
554 B

67ms
67ms

Document
text/html

91.211.91.104
HOSTFORY

General

Check archive.org

Show headers Download Go to

Full URL

https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433

Requested by

Host: trick.cofounderspecials.com
URL: https://trick.cofounderspecials.com/way.js?v=0.5.8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.211.91.104 , Ukraine, ASN206638 (HOSTFORY, UA),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

Referer: https://broadsafegaming.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 412
content-type: text/html; charset=UTF-8
date: Tue, 26 Jul 2022 15:33:44 GMT
server: nginx
strict-transport-security: max-age=15768000;
vary: Accept-Encoding

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 26 Jul 2022 15:33:44 GMT
location: https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433
server: nginx
strict-transport-security: max-age=15768000;

GET /
redstringline.com/ 0
0

GET
H2 200 / Show response
redstringline.com/ 50 KB
51 KB 419ms
45ms Document
text/html 188.166.68.96
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart

Requested by

Host: door.cofounderspecials.com
URL: https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

188.166.68.96 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

e78724b3c2ede2f086f48aa3a80b81c8d8840acc3191ed6c278bee83fd6c1413

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://door.cofounderspecials.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 26 Jul 2022 15:33:44 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
DATA 200
OK truncated
/ 24 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a72fd7760f623c9fd5fee0bd98df809a347471902fc479bcdae38681c1a071d1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca7a07233506b5529a951fd2c4580757f5606d874b8a2b0a153d14a418b201ef

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
0.redstringline.com/ 50 KB
51 KB 981ms
35ms Document
text/html 188.166.68.96
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart

Requested by

Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

188.166.68.96 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

4a2bcebcc48d35d1aec8d7336648935ef2fd8ef9dce08fab3b07f721bca57e4d

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://redstringline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 26 Jul 2022 15:33:45 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
DATA 200
OK truncated
/ 24 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

click Show response
eu.pushnow.net/postback/
Redirect Chain

https://0.redstringline.com/?auf=miygmmjwgu5diojygyxtomzyg4xtembpge3dkobygq4tmmrv&s=1&sub1=&sub2=coolheart&sub3=&sub4=&cpc=0&cpm=0
https://eu.pushnow.net/postback/click?key=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761

2 KB
2 KB

111ms
34ms

Document
text/html

2001:978:2:1a::30:134
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://eu.pushnow.net/postback/click?key=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761
Requested by: Host: broadsafegaming.com
URL: https://broadsafegaming.com/caa/region.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 2001:978:2:1a::30:134 , France, ASN174 (COGENT-174, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 75da8fa259c5ae5c8ace1681dd5497cd3205378a4272a9871d28ee618342ae96

Request headers

Referer: https://0.redstringline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 2089
content-type: text/html;charset=UTF-8
date: Tue, 26 Jul 2022 15:33:46 GMT
server: openresty/1.15.8.3

Redirect headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 26 Jul 2022 15:33:46 GMT
location: https://eu.pushnow.net/postback/click?key=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761
server: nginx
strict-transport-security: max-age=31536000

GET
H/1.1

200
OK

Primary Request click.php Show response
watchvideo.pro/
Redirect Chain

https://eu.pushnow.net/postback/click?key=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761&token=42b4e9da81827f048d5d5ba37ac7cf44&timezone=0&iframe_test=false&webdriver_test=false
https://watchvideo.pro/click.php?key=gp3unhy34pi93is2vpxz&click_id=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761&price=0.0023&sub1=9578f40cd8241042318326d5cc5936e9&sub2=8914&...

13 KB
10 KB

220ms
120ms

Document
text/html

178.132.6.250
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL

https://watchvideo.pro/click.php?key=gp3unhy34pi93is2vpxz&click_id=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761&price=0.0023&sub1=9578f40cd8241042318326d5cc5936e9&sub2=8914&sub3=0.0023&sub4=DEU&sub5=dd1e23175e1aeb0400e8ed25cfec4f76&mcount=0&type=direct

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

178.132.6.250 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),

Reverse DNS

178-132-6-250.hosted-by-worldstream.net

Software

nginx/1.20.2 /

Resource Hash

8fa98ecda66b4eaa25b46e473d3ab28f10b675cf758639fcb702e00005b5aa71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://eu.pushnow.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Tue, 26 Jul 2022 15:33:46 GMT
Server: nginx/1.20.2
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked

Redirect headers

content-length: 0
date: Tue, 26 Jul 2022 15:33:46 GMT
location: https://watchvideo.pro/click.php?key=gp3unhy34pi93is2vpxz&click_id=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761&price=0.0023&sub1=9578f40cd8241042318326d5cc5936e9&sub2=8914&sub3=0.0023&sub4=DEU&sub5=dd1e23175e1aeb0400e8ed25cfec4f76&mcount=0&type=direct
server: openresty/1.15.8.3

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6aec7ffafe5f95cac8294e762c850a65219b74953237cbf1cb0939f7d551e91

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK bg.gif
watchvideo.pro/sk_pre/9/img/ 0
270 B 33ms
33ms Image
text/html 178.132.6.250
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://watchvideo.pro/sk_pre/9/img/bg.gif

Requested by

Host: watchvideo.pro
URL: https://watchvideo.pro/click.php?key=gp3unhy34pi93is2vpxz&click_id=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761&price=0.0023&sub1=9578f40cd8241042318326d5cc5936e9&sub2=8914&sub3=0.0023&sub4=DEU&sub5=dd1e23175e1aeb0400e8ed25cfec4f76&mcount=0&type=direct

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

178.132.6.250 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),

Reverse DNS

178-132-6-250.hosted-by-worldstream.net

Software

nginx/1.20.2 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://watchvideo.pro/click.php?key=gp3unhy34pi93is2vpxz&click_id=v2-1658849626001-4-8914-1138639-c5aa7de3-8ddc-2867-69c8-297770f6b761&price=0.0023&sub1=9578f40cd8241042318326d5cc5936e9&sub2=8914&sub3=0.0023&sub4=DEU&sub5=dd1e23175e1aeb0400e8ed25cfec4f76&mcount=0&type=direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 15:33:46 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: nginx/1.20.2
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: door.cofounderspecials.com
URL: https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332

Domain: redstringline.com
URL: https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
eu.pushnow.net/postback	1969-12-31 23:59:59	Name: platform_user_id Value: desktop:db029ef459bd400597763e9d61134d92
eu.pushnow.net/postback	1970-01-20 13:33:26	Name: platform_user_id_3rd_party Value: desktop:db029ef459bd400597763e9d61134d92
broadsafegaming.com/	1970-01-20 04:48:12	Name: servicewaysss Value: yes
.redstringline.com/	1970-01-20 05:30:41	Name: uuid Value: d3d5e89a-86e6-45b0-9df1-9b0da105aabf
.0.redstringline.com/	1970-01-20 05:30:41	Name: uuid Value: d3d5e89a-86e6-45b0-9df1-9b0da105aabf
0.redstringline.com/	1970-01-20 05:30:41	Name: uuid Value: d3d5e89a-86e6-45b0-9df1-9b0da105aabf
watchvideo.pro/	1970-01-20 04:48:56	Name: uclick Value: 3ze2a9a2
watchvideo.pro/	1970-01-20 04:48:56	Name: uclickhash Value: 3ze2a9a2-3ze2a9a2-fv-7si4-fti4-17a7-17a6-b174aa

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.redstringline.com
broadsafegaming.com
door.cofounderspecials.com
eu.pushnow.net
fonts.googleapis.com
fonts.gstatic.com
redstringline.com
trick.cofounderspecials.com
watchvideo.pro
door.cofounderspecials.com
redstringline.com
101.99.95.147
162.241.123.137
178.132.6.250
188.166.68.96
2001:978:2:1a::30:134
2a00:1450:4001:801::2003
2a00:1450:400e:80f::200a
91.211.91.104
13092800253619e1ce13ad7e28673e40452f3fed09037e2058166273fbaf434d
2c5136bf79eeb8b62d5e6be34dc1c81e9b14797ac056fd991c4fce3b46ad328d
306ab8dd287ef041231a510b7e4c027a11e28b20c3408a9185d895c091dc72a4
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58
3beb48429a842d5c330b9b4cc0a518652e1eca16121f40bdc1d4c41e4ff1a08c
3c0b68ea789d4bc6705f42dd6c44eb38306b965df01f9409eb4a941370e3b158
47ea6017315e75d765459d0a7cddb6b19e7b63555b7c75d97558b7e5638a9a73
4a2bcebcc48d35d1aec8d7336648935ef2fd8ef9dce08fab3b07f721bca57e4d
4df8cca6c99a24a33c327873b74c3e7b2a0fa1e40b83808448167e094fba73aa
504577970207b1107bd8c44b3de89f7ac948bd5a8b7fe7dae81dc9b4830fa307
5c083d4c6576b761dc9d0f9685323f602cb37fc62ea757be08a2afa5e0467234
6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0
6d04b8a2da34d3d02f01e37864968ef2dde04863e5e3c931cb6e6b7b767ef97e
75da8fa259c5ae5c8ace1681dd5497cd3205378a4272a9871d28ee618342ae96
8fa98ecda66b4eaa25b46e473d3ab28f10b675cf758639fcb702e00005b5aa71
98b62b715000035bde65a6ada525f27da578202c9996ef4acfd8bcd725a7374c
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
a72fd7760f623c9fd5fee0bd98df809a347471902fc479bcdae38681c1a071d1
b6aec7ffafe5f95cac8294e762c850a65219b74953237cbf1cb0939f7d551e91
ca7a07233506b5529a951fd2c4580757f5606d874b8a2b0a153d14a418b201ef
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e78724b3c2ede2f086f48aa3a80b81c8d8840acc3191ed6c278bee83fd6c1413
f8e9befa13e3ff93d974729ae3c727461555d582bb63bb388a4bd497619ef20b

watchvideo.pro Open in urlscan Pro 178.132.6.250 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

92 %HTTPS

38 %IPv6

7 Domains

9 Subdomains

9 IPs

7 Countries

341 kBTransfer

883 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

watchvideo.pro Open in urlscan Pro
178.132.6.250 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

92 %
HTTPS

38 %
IPv6

7
Domains

9
Subdomains

9
IPs

7
Countries

341 kB
Transfer

883 kB
Size

8
Cookies

25 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!