![](/screenshots/a4271331-bebc-4296-b613-41ba731dee0d.png)
esaverwatt.com
Open in
urlscan Pro
107.178.57.151
Malicious Activity!
Public Scan
Effective URL: https://esaverwatt.com/offer8pwtyv4k/?transaction_id=1028db400167ca160a6f3fa293bc1c&affId=1992&c1=823080&c2=732923894&c...
Submission Tags: https://phish.report @phish_report Search All
Submission: On July 15 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on June 6th 2023. Valid for: 3 months.
This is the only time esaverwatt.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 4 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.214.224.124 52.214.224.124 | 16509 (AMAZON-02) (AMAZON-02) | |
45 | 107.178.57.151 107.178.57.151 | 47869 (NETROUTIN...) (NETROUTING-AS) | |
2 | 2a04:4e42::485 2a04:4e42::485 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:80e::200a | 15169 (GOOGLE) (GOOGLE) | |
1 3 | 2600:9000:225... 2600:9000:225e:2600:6:9280:1080:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2a00:1450:400... 2a00:1450:4001:829::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a05:d018:cc3... 2a05:d018:cc3:fe04:4385:70c6:3d7d:f5d0 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2606:4700::68... 2606:4700::6810:7b60 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
57 | 9 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-224-124.eu-west-1.compute.amazonaws.com
jump.trakmylink.com |
ASN47869 (NETROUTING-AS, NL)
PTR: ip4-107-178-57-151.rdns.netrouting.net
esaverwatt.com |
ASN32934 (FACEBOOK, US)
www.facebook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
45 |
esaverwatt.com
esaverwatt.com |
958 KB |
4 |
adroll.com
1 redirects
s.adroll.com — Cisco Umbrella Rank: 2811 d.adroll.com — Cisco Umbrella Rank: 1489 |
27 KB |
3 |
gstatic.com
fonts.gstatic.com |
24 KB |
2 |
cloudflare.com
www.cloudflare.com — Cisco Umbrella Rank: 5066 |
787 B |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 368 |
24 KB |
1 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 100 |
185 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 88 |
909 B |
1 |
trakmylink.com
1 redirects
jump.trakmylink.com |
2 KB |
57 | 8 |
Domain | Requested by | |
---|---|---|
45 | esaverwatt.com |
esaverwatt.com
|
3 | fonts.gstatic.com |
fonts.googleapis.com
|
3 | s.adroll.com |
1 redirects
esaverwatt.com
|
2 | www.cloudflare.com |
esaverwatt.com
|
2 | cdn.jsdelivr.net |
esaverwatt.com
|
1 | www.facebook.com |
esaverwatt.com
|
1 | d.adroll.com |
s.adroll.com
|
1 | fonts.googleapis.com |
esaverwatt.com
|
1 | jump.trakmylink.com | 1 redirects |
57 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
esaverwatt.com R3 |
2023-06-06 - 2023-09-04 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
s.adroll.com Amazon RSA 2048 M01 |
2023-06-03 - 2024-07-01 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
d.adroll.com Amazon RSA 2048 M01 |
2022-11-08 - 2023-12-07 |
a year | crt.sh |
www.cloudflare.com Cloudflare Inc ECC CA-3 |
2022-09-27 - 2023-09-26 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2023-04-24 - 2023-07-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://esaverwatt.com/offer8pwtyv4k/?transaction_id=1028db400167ca160a6f3fa293bc1c&affId=1992&c1=823080&c2=732923894&c3=&utm_source=A&utm_medium=A-1992-823080&utm_campaign=offer8pwtyv4k&afid=1992&subid=823080&subid2=732923894&subid3=&ho_offer_id=1902
Frame ID: 08E09E2C0CE84F5DD7892AAA74EA3E24
Requests: 59 HTTP requests in this frame
Screenshot
![](/screenshots/a4271331-bebc-4296-b613-41ba731dee0d.png)
Page Title
Esaver Watt - Stop Wasting Money On Dirty, Unstable ElectricityPage URL History Show full URLs
-
https://jump.trakmylink.com/aff_ad?campaign_id=108&aff_id=1992&aff_id=1992&aff_sub=823080&aff_sub2=73292...
HTTP 302
https://esaverwatt.com/offer8pwtyv4k/?transaction_id=1028db400167ca160a6f3fa293bc1c&affId=1992&c1=8... Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- (?:a|s)\.adroll\.com
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://jump.trakmylink.com/aff_ad?campaign_id=108&aff_id=1992&aff_id=1992&aff_sub=823080&aff_sub2=732923894
HTTP 302
https://esaverwatt.com/offer8pwtyv4k/?transaction_id=1028db400167ca160a6f3fa293bc1c&affId=1992&c1=823080&c2=732923894&c3=&utm_source=A&utm_medium=A-1992-823080&utm_campaign=offer8pwtyv4k&afid=1992&subid=823080&subid2=732923894&subid3=&ho_offer_id=1902 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 46- https://s.adroll.com/j/exp/37J7Q7YFYJGUJAIENWLAIA/index.js HTTP 302
- https://s.adroll.com/j/exp/index.js
57 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
esaverwatt.com/offer8pwtyv4k/ Redirect Chain
|
134 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
10 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sec1-bg-sml.jpg
esaverwatt.com/offer8pwtyv4k/img/ |
29 KB 30 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stopwatt-product-mobile.png
esaverwatt.com/offer8pwtyv4k/img/ |
63 KB 65 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0038d221c992340bd819ff0d379d2e78.jpg
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
33 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
featured-logos-sml.png
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
90-days.png
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
3 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flags@2x.png
esaverwatt.com/onlineorder/js/konnek.api/build/img/ |
170 KB 171 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
esaverwatt.com/offer8pwtyv4k/css/ |
119 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
esaverwatt.com/offer8pwtyv4k/ajax/libs/font-awesome/5.15.1/css/ |
58 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-style.min.css
esaverwatt.com/offer8pwtyv4k/css/ |
50 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
konnektive.req.form.js
esaverwatt.com/onlineorder/js/konnek.api/ |
134 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
states.js
esaverwatt.com/onlineorder/js/konnek.api/ |
76 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
konnek.api.call.js
esaverwatt.com/onlineorder/js/konnek.api/ |
26 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
konnek.form.script.js
esaverwatt.com/onlineorder/js/konnek.api/ |
95 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/ |
39 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intlTelInput.min.js
esaverwatt.com/onlineorder/js/konnek.api/build/js/ |
29 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard-coded-pixel.min.js
esaverwatt.com/offer8pwtyv4k/js/optimized_js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.offer8pwty.js
esaverwatt.com/offer8pwtyv4k/js/optimized_js/ |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
param.js
esaverwatt.com/offer8pwtyv4k/js/ |
791 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popup.js
esaverwatt.com/offer8pwtyv4k/js/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utils.js
esaverwatt.com/onlineorder/js/konnek.api/build/js/ |
246 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app2.css
esaverwatt.com/offer8pwtyv4k/css/ |
11 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wistia_and_main_style.min.css
esaverwatt.com/offer8pwtyv4k/css/optimized_css/ |
24 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
3 KB 909 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intlTelInput.min.css
esaverwatt.com/onlineorder/js/konnek.api/build/css/ |
19 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
esaverwatt.com/offer8pwtyv4k/css/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
esaverwatt.com/offer8pwtyv4k/ajax/libs/font-awesome/5.15.1/css/ |
58 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xclose.png
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
2 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bf_cm.png
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
3 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dl.js
esaverwatt.com/offer8pwtyv4k/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/ |
39 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adroll_purchase_konnektive.js
esaverwatt.com/js/ |
4 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
expressentry.js
esaverwatt.com/onlineorder/js/ |
188 B 418 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
roundtrip.js
s.adroll.com/j/37J7Q7YFYJGUJAIENWLAIA/ |
83 KB 25 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rate.png
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
2 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
creadit-card.png
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
331 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sec1-bg.jpg
esaverwatt.com/offer8pwtyv4k/img/ |
65 KB 67 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
898 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
miraclewatt-product.png
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
164 KB 166 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
brenda-pic.png
esaverwatt.com/offer8pwtyv4k/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5-stars.png
esaverwatt.com/offer8pwtyv4k/img/ |
744 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-shipping-icon.png
esaverwatt.com/offer8pwtyv4k/img/ |
547 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js
s.adroll.com/j/exp/ Redirect Chain
|
28 B 785 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
esaverwatt.com/onlineorder/images/ |
771 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
37J7Q7YFYJGUJAIENWLAIA
d.adroll.com/consent/check/ |
464 B 557 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.css
esaverwatt.com/onlineorder/js/konnek.api/ |
1 KB 750 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trace
www.cloudflare.com/cdn-cgi/ |
317 B 454 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
esaverwatt.com/api/konnektive/v1/ |
79 B 240 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
esaverwatt.com/api/konnektive/v1/ |
24 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr
www.facebook.com/ |
0 185 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
featured-logos.png
esaverwatt.com/offer8pwtyv4k/images/checkout-now-v1/ |
6 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flags.png
esaverwatt.com/onlineorder/js/konnek.api/build/img/ |
69 KB 70 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trace
www.cloudflare.com/cdn-cgi/ |
318 B 333 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
esaverwatt.com/api/createorder/ |
72 B 286 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
August 4th 2023, 2:08:21 am
UTC —
From United States
Threats:
Malware
Unwanted Software
Potentially Harmful Application
Comment: RUSSIAN MALWARE: https://jump.trakmylink.com/aff_ad?campaign_id=108&aff_id=2119&aff_sub2=6ddd6dc0f8554da1a8aab744ed6404ea&aff_sub1=525&aff_sub3=1 sent by botnet using harvested email addresses and malicious websites: https://tatalina.foundation https://slaaak.site https://www.bdm94kjd.com https://powernownewstoday.com https://jump.trakmylink.com https://esaverwatt.com https://clicks.national-product-testing.com https://survey.rest https://potgrolk.com https://go.trackforbiz.com
Malicious
page.url
Submitted on
July 30th 2023, 3:13:56 pm
UTC —
From United States
Threats:
Malware
Unwanted Software
Potentially Harmful Application
Comment: RUSSIAN MALWARE hosted at https://jump.trakmylink.com/aff_ad?campaign_id=108&aff_id=1992&aff_id=1992&aff_sub=823080&aff_sub2=734521714 and sent by botnet using email addresses obtained from DATA BREACH via network of malicious websites: http://radixboards.com https://tatalina.foundation https://www.greywish.com https://jump.trakmylink.com https://esaverwatt.com https://covert-fling.ru https://covert-romance.ru https://fling-with-milf.ru https://qantos.ru https://vayou.ru
Malicious
page.url
Submitted on
July 25th 2023, 2:47:47 am
UTC —
From United States
Threats:
Malware
Unwanted Software
Potentially Harmful Application
Comment: RUSSIAN MALWARE sent by large botnet targeting email addresses obtained from DATA BREACH using malicious websites: https://jump.trakmylink.com/aff_ad?campaign_id=6&aff_id=1992&aff_sub=823080&aff_sub2=733973835 https://survey.rest https://www.greywish.com https://jump.trakmylink.com https://ultraaircooler.com https://www.greywish.com https://survey.rest https://www.greywish.com https://shoptrkk.com https://todayshopart.com
Malicious
page.url
Submitted on
July 15th 2023, 11:59:35 pm
UTC —
From United States
Threats:
Malware
Social Engineering
Spearphishing
Comment: RUSSIAN MALWARE sent by large botnet targeting email addresses obtained from DATA BREACH: https://jump.trakmylink.com/aff_ad?campaign_id=108&aff_id=1992&aff_id=1992&aff_sub=823080&aff_sub2=732923894 using obfuscated MALNETS with disposable URLs owned by: https://www.greywish.com https://h-eshop.store/ https://planebale.com https://universalslimer.com https://www.br2ghatrk.com/
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
84 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend string| adroll_adv_id string| adroll_pix_id string| adroll_version boolean| __adroll_loaded object| adroll string| hasoffers_domain undefined| hasoffers_aff_id undefined| hasoffers_offer_id undefined| hasoffers_source undefined| hasoffers_aff_sub undefined| hasoffers_aff_sub2 undefined| hasoffers_aff_sub3 undefined| hasoffers_aff_sub4 undefined| hasoffers_aff_sub5 undefined| hasoffers_aff_ref undefined| hasoffers_url_id undefined| hasoffers_file_id undefined| hasoffers_click function| getUrlVars function| IsNumeric function| __adroll__ string| adroll_sid object| dataLayer object| __adroll boolean| adroll_sendrolling_cross_device object| adroll_form_fields object| adroll_third_party_forms function| adroll_tpc_callback object| $jscomp function| $ function| jQuery object| States object| countries function| KonnekApiInit function| KonnekForm object| intlTelInputGlobals function| intlTelInput object| konneckApiCall object| konnekForm string| psrm_afid string| shared_page_path string| shared_page function| getQueryStringByName function| findWithAttr function| extractDomain_ function| getCurrentOffer_ function| extractDomain function| getCurrentOffer function| addDays function| getQueryStringValueByName function| setInputDigit function| setInputLetters function| removeQuerystring function| updateQueryStringParameter function| getProductOffers object| __adroll_consent_data function| firepixel function| pixel string| urlVar boolean| before_amex object| app_query_params function| scrollToPackages function| showFaqsContainer function| openshipping number| discount_val number| flag string| discountTimes undefined| exit_val function| leaveFromTop function| leaveFromTop1 function| androidPopup function| startTimer function| checkSecond function| innerButton_discount function| adroll_purchase_event object| adroll_exp_list boolean| __adroll_consent boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country object| intlTelInputUtils4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
esaverwatt.com/shared_pages/ | Name: pixel_setup Value: %5B%7B%22page%22%3A%22esw-upgrade1.html%22%2C%22pixel_path%22%3A%22%2F%2Fjump.trakmylink.com%2FSL26p%3Ftransaction_id%3D%7Btransaction_id%7D%22%7D%5D |
|
jump.trakmylink.com/ | Name: aff_ran_url_1902 Value: 1284 |
|
jump.trakmylink.com/ | Name: enc_aff_session_1902 Value: ENC03f63e3b09f24b653bd668889f289fa694b57586035e935e61779f0a6e28f3d2d4ad3db6d5668fde20d8d2d02542a422c6f3fc418fac0511f2e8f91e079abbca9c403ba4f15025df16e4e94dd9775b2f88108692a0b4a82f21776b4e0297a7676f207040129723a9139442484164367cd8faa38e84f1f47b18f1ab4cc34713fdc21e809737 |
|
jump.trakmylink.com/ | Name: ho_mob Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMTQiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IFg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgTGlrZSBHZWNrbykgQ2hyb21lLzExNC4wLjU3MzUuMTk4IFNhZmFyaS81MzcuMzYiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJmaS1GSSxmaTtxPTAuOSIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ== |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' pay.apiorders.com connect.upsellmarketplace.com cdn.weglot.com trak.dozemax.com cdn.lordicon.com mcc.dozemax.com widget.clym-sdk.net api.konnektive.com *.instagram.com cdn.jsdelivr.net sachinchoolur.github.io *.wistia.net maxcdn.bootstrapcdn.com *.tidio.co *.elfsight.com *.tidiochat.com stackpath.bootstrapcdn.com www.googletagmanager.com b-code.liadm.com bestgadgetstorenow.com *.buygoods.com *.digistore24.com ajax.googleapis.com ajax.aspnetcdn.com cdn.attn.tv www.statcounter.com www.google-analytics.com run.crtx.info player.vimeo.com connect.facebook.net cdnjs.cloudflare.com quick.vidalytics.com www.youtube.com s.ytimg.com trends.revcontent.com sdks.shopifycdn.com secure.statcounter.com static.hotjar.com script.hotjar.com a.mgid.com maps.googleapis.com googleads.g.doubleclick.net tagmanager.google.com googleadservices.com *.googleadservices.com widget.intercom.io js.intercomcdn.com cdn.mouseflow.com optassets.ontraport.com mediacommunications.ontraport.com cdn.sendpulse.com cdn2.noipfraud.com apis.google.com *.wp.com stats.wp.com www.paypalobjects.com www.paypal.com code.jquery.com js.stripe.com *.braintreegateway.com paypalobjects.com fareharbor.com www.fareharbor.com *.cloudfront.net *.ringcaptcha.com widget.manychat.com *.google.com *.google.com.ph *.app-us1.com manychat.com facebook.com www.facebook.com trackcmp.net media.go2app.org edlwss.com www.edlwss.com jump.trakmylink.com mcc.go2cloud.org ssl.kaptcha.com fast.wistia.com cdn.taboola.com amplify.outbrain.com s.yimg.com sp.analytics.yahoo.com www.googleoptimize.com *.googleoptimize.com trc.taboola.com assets.revcontent.com *.livechatinc.com analytics.tiktok.com dev.visualwebsiteoptimizer.com *.ipstatp.com *.vo.msecnd.net activehosted.com *.activehosted.com *.godaddy.com mccdn.me cloudflare.com *.cloudflare.com translate.googleapis.com tr.outbrain.com *.fastly.net dwin1.com *.dwin1.co rgfj1trk.com *.rgfj1trk.com *.adroll.com cdn.oribi.io *.akamaihd.net dapidata.com *.dapidata.com cdn.reamaze.com *.reamaze.com api.myuser.com data: blob: |
Strict-Transport-Security | max-age=63072000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
d.adroll.com
esaverwatt.com
fonts.googleapis.com
fonts.gstatic.com
jump.trakmylink.com
s.adroll.com
www.cloudflare.com
www.facebook.com
107.178.57.151
2600:9000:225e:2600:6:9280:1080:93a1
2606:4700::6810:7b60
2a00:1450:4001:80e::200a
2a00:1450:4001:829::2003
2a03:2880:f177:185:face:b00c:0:25de
2a04:4e42::485
2a05:d018:cc3:fe04:4385:70c6:3d7d:f5d0
52.214.224.124
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55
0efad3f5cc55af8cf3e1d0a7c74213fb285c7f242880873f7f83e1c80ca4aa48
15c9e525bf5c2ef3f5789e80146c4ad09f11a388f91f9d7e6ab93960ed21f4ab
180ec76da200848b0be29782c57a6544c64c76d7233ebf898310f5929364351c
22df4ece08dd15ac75a1cf7e54a56f279c9b00f267fc23669942cc4956ce1011
28cad6cc8dbb42beb5c7e77f37a1fd618740a7bc1afc8e4b301d8de1d3275fcb
33e0ed27dee1345926cfc30189711ca7337a0eb1f34079198da1aa204b094846
3646ef9eeb1ce0c1045f04f6f5acf0ca1751f893dd7f19bb3b3176b21b86cefd
3f9410c4245b54ab9df19343af5d376a8db56f933db567c18b5e6fe0912ff96f
456f844d54390a97e146237863cc7f6e49031b431b2f9b73de2d6b37ef5e58ef
49d4e5153edd7d50735f76732a7c68adad0d5ff6a9068a2dca0b055b97e76aa1
55f6f1e104f17ca738fad355afc97f4f63817b62b7259a551c63fe586ca00a16
560a38cc8d5a4a08488a3cc39be1cdab9da73709a51fdf62b24353a170210908
5ef77cf31b5611ef15c305ef78201edce82aa24c31ee5ed609cccf386300d59e
601087e050ddbfea6f47eb3430fbf6d8013ee505ad71d3260035ed25b2b67d5f
60b04385b0985642251e3cdb1922ec99d95572308446da2e7a4ae187710084a7
6207be09588388bb4131afa0f10a957bf4e6ad919f560260623e2d2a598c83b8
623a9122daf5b2fb306cc4b2041fd9dac4a9344897e2f7becfdf5f145fab74c7
6e65f9a6d1cd83956325eca84943e1c36f26729ae53e8a74769e2acbd20d0dfa
728a233a106627a0cf835702ed56a7059decc6356f99ab7d925cef120bcd96c7
74db3c0a4ac8325fdecdf306a12d6deecf0296cd6bd81a617cc725f31b2bf348
753ca47a7d259769da398ffe70c5795b4cec59545308adbfaf0e6098e74c087c
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
81a161d5793ac2a33f02ddcd64fb0dc2d028616dac084e4f64e77f4898b0c4e4
8554070254ab657294c6e1b43098cb3598a297ff60ba93ba62418e84e796de0f
8ab4e961a71e2a404aab37e528b0312282c258015d58f5e0eb5dec6aa4ff63d2
8e0e965fcfc968363cb1a5c0455eec284625a3bec2370078376d44349aa08f6b
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a1378d843d153a34f6a9cab5cd73e952a0ebc9185eaed72656664488b2ad89f8
a3a078f8394fa79c7728f53e0dd924d3c535d9f150ab983a601424054158478e
a50f6a32ac0372cc91d762cce0194cfaaabed73f61542977e4b9a7bca50cd08c
a9656ddac6c5239e8f31cec8095ee16fa1a86746d91afe674106cc5308113ca1
aab30c45b4966d567023bde080867af2c1d0737d4d5e0d13c40592458dba3bfe
ad867cf0e254dcf2dd7b60810ed0fc5840c35e5173e7d4bbb3dca0b13f182e9e
b5cb19b6f35feef30d8d83360f46d4d57ad64a635d941c53e934b749a295cb9c
b675e5a120df01f6ce918ca433647714b8f85a078726a12388fe98b365db2cd5
bedacefd681f0e3550b1685278aba1b01b26dc540ffcb3722cb869cae908dc86
c3f0426d22a1fd5936386d152c939ff3ecc0c981995331a495b9009d924891e9
c4a8051c3a747d6915e839bf1a6973094ae994f3e513a5183cfbeec7c9440f07
c6956e8710cf477f7014440385ae16ee4b8cc7ecfd02fddd4d2f0c6c7fd15845
c70d6f85739e50de7a0e4b17a9e196ba7b3b3d9f965aa5204f05c4853df6b922
d11ab20d2027f3f078145a860e7b5fe616cdf522240482a0c11d3f7c17528a14
d134779668263254b7ac695498deef10144d3b206b3c940dd68c1b1507de60dc
d16581e043b3bc9718bdb1f27b3ba74e004ac2908fe56f5a86cdc1f90511f115
d20bdb959eb1abffd05ff31e9b07cc209d4b8e703df4c66b13bf6c1f8e75df4c
d3ef900f3b8073ad74815e5fd250912530f53073bde951784240700a250ce9ee
dee0f21cd87c340d67d17a94eab32866e552bd094a7da7fe7a2da6d9eacfdcbc
dfd6dfbf348462f8e35aac00960d50d182a964d6a35e6cce108530179b913bba
e209c9e3902ec90aabf2a0317aae2480e323df904909886cc406626e546dd0a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee3cddffa6bdd5d42d517946595decb729564c5fcbfcdd6214b9fc0c1474cc8b
f11fb4ee5322ba831e3456902575a43fe516ae334edf77551e95f714e8002e2e
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f69252f86489ce48ae84c77f6bb4c3b830ad365bd128d1fc1e6ee1ca35b03b06
fd20b6e4bb5af8690406a2de275141ea221822ba78a99261b5412d2ba9ca217c