signup.lipsmedia.net

Summary

This website contacted 4 IPs in 5 countries across 5 domains to perform 5 HTTP transactions. The main IP is 52.222.157.28, located in Seattle, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is signup.lipsmedia.net.
TLS certificate: Issued by Amazon on August 16th 2018. Valid for: a year.

This is the only time signup.lipsmedia.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700:30:... 2606:4700:30::6812:2073	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
1	198.27.80.143 198.27.80.143	16276 (OVH) (OVH)
1 1	54.195.242.193 54.195.242.193	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	18.185.235.46 18.185.235.46	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	52.54.52.189 52.54.52.189	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.222.157.28 52.222.157.28	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	4

2 2606:4700:30::6812:2073 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

download.read2.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.27.80.143 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns558056.ip-198-27-80.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.195.242.193 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-195-242-193.eu-west-1.compute.amazonaws.com

look.djfiln.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.185.235.46 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-185-235-46.eu-central-1.compute.amazonaws.com

titan.infra.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.54.52.189 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-54-52-189.compute-1.amazonaws.com

studcat.infra.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.157.28 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-157-28.fra53.r.cloudfront.net

signup.lipsmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	infra.systems 2 redirects titan.infra.systems studcat.infra.systems	2 KB
2	histats.com s10.histats.com s4.histats.com	5 KB
2	read2.fun download.read2.fun	48 KB
1	lipsmedia.net signup.lipsmedia.net	7 KB
1	djfiln.com 1 redirects look.djfiln.com	533 B
5	5

	Domain	Requested by
2	download.read2.fun	download.read2.fun
1	signup.lipsmedia.net
1	studcat.infra.systems	1 redirects
1	titan.infra.systems	1 redirects
1	look.djfiln.com	1 redirects
1	s4.histats.com	s10.histats.com
1	s10.histats.com	download.read2.fun
5	7

This site contains no links.

Subject Issuer	Validity	Valid
sni62161.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-06-24` - `2019-12-31`	6 months	crt.sh
histats.com Let's Encrypt Authority X3	`2019-04-16` - `2019-07-15`	3 months	crt.sh
*.lipsmedia.net Amazon	`2018-08-16` - `2019-09-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://signup.lipsmedia.net/signup/?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.fun%2FDownload.php%3Fgetting-file.pdf&adserver=1.3.7&m=books&sfv=11&lp=555&lid=5feafdeb-82e5-46e3-8f5c-675cc9f5e50c&lid_hash=ed7728056e4f4fac1aab28b9c2750264&session_id=119f357ce821d2e435d4531db345fc83&_sign=04a50f559973f67b5baee4bcbb013c02&_signt=1562513839&lng=EN&country=RO
Frame ID: 654FD414E5BEC4A9E321281E5F2E5FFD
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://download.read2.fun/Download.php?getting-file.pdf Page URL
https://look.djfiln.com/offer?prod=2&ref=5159832 HTTP 302
https://titan.infra.systems/signup?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone... HTTP 302
https://studcat.infra.systems/signup?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone... HTTP 302
https://signup.lipsmedia.net/signup/?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eon... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

5
Requests

100 %
HTTPS

14 %
IPv6

5
Domains

7
Subdomains

4
IPs

5
Countries

60 kB
Transfer

102 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://download.read2.fun/Download.php?getting-file.pdf Page URL
https://look.djfiln.com/offer?prod=2&ref=5159832 HTTP 302
https://titan.infra.systems/signup?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.fun%2FDownload.php%3Fgetting-file.pdf&adserver=1.3.7&m=books&sfv=11&lp=555 HTTP 302
https://studcat.infra.systems/signup?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.fun%2FDownload.php%3Fgetting-file.pdf&adserver=1.3.7&m=books&sfv=11&lp=555&lid=5feafdeb-82e5-46e3-8f5c-675cc9f5e50c&lid_hash=ed7728056e4f4fac1aab28b9c2750264 HTTP 302
https://signup.lipsmedia.net/signup/?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.fun%2FDownload.php%3Fgetting-file.pdf&adserver=1.3.7&m=books&sfv=11&lp=555&lid=5feafdeb-82e5-46e3-8f5c-675cc9f5e50c&lid_hash=ed7728056e4f4fac1aab28b9c2750264&session_id=119f357ce821d2e435d4531db345fc83&_sign=04a50f559973f67b5baee4bcbb013c02&_signt=1562513839&lng=EN&country=RO Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Download.php Show response download.read2.fun/	758 B 663 B	214ms 137ms	Document text/html	2606:4700:30::6812:2073 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://download.read2.fun/Download.php?getting-file.pdf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:2073 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `38d4c16d3aaa13b9240309b4f71d974f78e58400f1edc9d8230f1ff71daf26c4` Request headers :method GET :authority download.read2.fun :scheme https :path /Download.php?getting-file.pdf pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Sun, 07 Jul 2019 15:36:12 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d82785f28b8e46c4a5f48aa245e1e3d661562513772; expires=Mon, 06-Jul-20 15:36:12 GMT; path=/; domain=.read2.fun; HttpOnly; Secure vary Accept-Encoding expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 4f2ae485fb7a9808-FRA content-encoding br
GET H2	200	20151104_141937.gif download.read2.fun/img/	47 KB 48 KB	103ms 103ms	Image image/gif	2606:4700:30::6812:2073 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://download.read2.fun/img/20151104_141937.gif Requested by Host: download.read2.fun URL: https://download.read2.fun/Download.php?getting-file.pdf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:2073 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `5858dc68acab6099a6b735e31666eca8075f006bc7311c4759baf55da831f54d` Request headers Referer https://download.read2.fun/Download.php?getting-file.pdf User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 07 Jul 2019 15:36:12 GMT cf-cache-status REVALIDATED last-modified Thu, 16 Aug 2018 18:41:32 GMT server cloudflare etag "bd34-57391cab70f00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif status 200 cache-control public, max-age=2678400 accept-ranges bytes cf-ray 4f2ae486dca29808-FRA content-length 48436 expires Wed, 07 Aug 2019 15:36:12 GMT
GET H2	200	js15_as.js Show response s10.histats.com/	11 KB 4 KB	3221ms 96ms	Script text/javascript	46.105.201.240 OVH
General Check archive.org Show headers Download Go to Full URL https://s10.histats.com/js15_as.js Requested by Host: download.read2.fun URL: https://download.read2.fun/Download.php?getting-file.pdf Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.105.201.240 , France, ASN16276 (OVH, FR), Reverse DNS Software / Resource Hash `1f730c8b78091c3479abc2fb805b9093138f05acd0de421b8da96389cbbb9668` Request headers Referer https://download.read2.fun/Download.php?getting-file.pdf User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 07 Jul 2019 15:36:15 GMT content-encoding br last-modified Thu, 06 Dec 2018 14:12:12 GMT x-cdn-pop-ip 137.74.120.0/27 etag "-139234964" x-cacheable Matched cache content-type text/javascript status 200 x-cdn-pop sbg accept-ranges bytes content-length 4333 x-request-id ced2921c1f823fe0e8be282c64abdc2c
GET H/1.1	200 OK	0.php Show response s4.histats.com/stats/	49 B 320 B	428ms 141ms	Script text/html	198.27.80.143 OVH
General Check archive.org Show headers Download Go to Full URL https://s4.histats.com/stats/0.php?3953670&@f16&@g1&@h1&@i1&@j1562513775837&@k0&@l1&@mLoading%20Your%20Content&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-120369075&@b3:1562513776&@b4:js15_as.js&@b5:120&@a-_0.2.1&@vhttps%3A%2F%2Fdownload.read2.fun%2FDownload.php%3Fgetting-file.pdf&@w Requested by Host: s10.histats.com URL: https://s10.histats.com/js15_as.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.27.80.143 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ns558056.ip-198-27-80.net Software / Resource Hash `73d728b66b0f84a8770123f0df5c168c7acb842cd438ad5706da06b43a50ffbd` Request headers Referer https://download.read2.fun/Download.php?getting-file.pdf User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 07 Jul 2019 15:36:16 GMT Connection close Content-Length 49 Content-Type text/html;charset=UTF-8
GET H2	200	Primary Request / Show response signup.lipsmedia.net/signup/ Redirect Chain https://look.djfiln.com/offer?prod=2&ref=5159832 https://titan.infra.systems/signup?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.fun... https://studcat.infra.systems/signup?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.f... https://signup.lipsmedia.net/signup/?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.f...	43 KB 7 KB	3605ms 222ms	Document text/html	52.222.157.28 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://signup.lipsmedia.net/signup/?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.fun%2FDownload.php%3Fgetting-file.pdf&adserver=1.3.7&m=books&sfv=11&lp=555&lid=5feafdeb-82e5-46e3-8f5c-675cc9f5e50c&lid_hash=ed7728056e4f4fac1aab28b9c2750264&session_id=119f357ce821d2e435d4531db345fc83&_sign=04a50f559973f67b5baee4bcbb013c02&_signt=1562513839&lng=EN&country=RO Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.222.157.28 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-52-222-157-28.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash `6da7fe0a48434907882301d40d7c690c5e6c4dfab2ad4111eec61408abce6a9f` Request headers :method GET :authority signup.lipsmedia.net :scheme https :path /signup/?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.fun%2FDownload.php%3Fgetting-file.pdf&adserver=1.3.7&m=books&sfv=11&lp=555&lid=5feafdeb-82e5-46e3-8f5c-675cc9f5e50c&lid_hash=ed7728056e4f4fac1aab28b9c2750264&session_id=119f357ce821d2e435d4531db345fc83&_sign=04a50f559973f67b5baee4bcbb013c02&_signt=1562513839&lng=EN&country=RO pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 referer https://download.read2.fun/Download.php?getting-file.pdf accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://download.read2.fun/Download.php?getting-file.pdf Response headers status 200 content-type text/html date Sun, 07 Jul 2019 15:36:24 GMT last-modified Sat, 06 Jul 2019 18:43:54 GMT server AmazonS3 content-encoding gzip vary Accept-Encoding x-cache Miss from cloudfront via 1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront) x-amz-cf-pop FRA53 x-amz-cf-id F9Ggm03tb8Zn7hWMR_8E68ppckWVYCAtIJ5WmQuv61mtqHhPvYuAQg== Redirect headers Content-Type text/html; charset=utf-8 Date Sun, 07 Jul 2019 15:36:19 GMT Location https://signup.lipsmedia.net/signup/?ad_domain=look.djfiln.com&ad_path=%2Foffer&prod=2&ref=5159832&sf=eone&utm_source=download.read2.fun&utm_medium=referral&placement=https%3A%2F%2Fdownload.read2.fun%2FDownload.php%3Fgetting-file.pdf&adserver=1.3.7&m=books&sfv=11&lp=555&lid=5feafdeb-82e5-46e3-8f5c-675cc9f5e50c&lid_hash=ed7728056e4f4fac1aab28b9c2750264&session_id=119f357ce821d2e435d4531db345fc83&_sign=04a50f559973f67b5baee4bcbb013c02&_signt=1562513839&lng=EN&country=RO Set-Cookie p2=s%3A763.qQAJ5YNsiICGm6ku3IEgJTqMngm8J%2BtU8IwUY1910Ek; Max-Age=86400; Path=/; Expires=Mon, 08 Jul 2019 15:36:19 GMT session_id=s%3A119f357ce821d2e435d4531db345fc83.RAq1ei0Mh4puy%2B1LLs50wIKPRDJPLYxaiQilqadYMZA; Max-Age=2592000; Path=/; Expires=Tue, 06 Aug 2019 15:36:19 GMT e2=s%3Anull.Mv0OAVkADWhxZImfXF%2Bbjf%2BDxB74TSnU9q35RKqDjko; Max-Age=86400; Path=/; Expires=Mon, 08 Jul 2019 15:36:19 GMT Vary Accept Content-Length 1132 Connection keep-alive

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

download.read2.fun
look.djfiln.com
s10.histats.com
s4.histats.com
signup.lipsmedia.net
studcat.infra.systems
titan.infra.systems
18.185.235.46
198.27.80.143
2606:4700:30::6812:2073
46.105.201.240
52.222.157.28
52.54.52.189
54.195.242.193
1f730c8b78091c3479abc2fb805b9093138f05acd0de421b8da96389cbbb9668
38d4c16d3aaa13b9240309b4f71d974f78e58400f1edc9d8230f1ff71daf26c4
5858dc68acab6099a6b735e31666eca8075f006bc7311c4759baf55da831f54d
6da7fe0a48434907882301d40d7c690c5e6c4dfab2ad4111eec61408abce6a9f
73d728b66b0f84a8770123f0df5c168c7acb842cd438ad5706da06b43a50ffbd

signup.lipsmedia.net Open in urlscan Pro 52.222.157.28 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

14 %IPv6

5 Domains

7 Subdomains

4 IPs

5 Countries

60 kBTransfer

102 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

0 Cookies

Indicators

signup.lipsmedia.net Open in urlscan Pro
52.222.157.28 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

14 %
IPv6

5
Domains

7
Subdomains

4
IPs

5
Countries

60 kB
Transfer

102 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions