www.bestrecover.info Open in urlscan Pro
2606:4700:3036::ac43:bea6  Public Scan

9 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.bestrecover.info/	16 KB 6 KB	804ms 754ms	Document text/html	2606:4700:3036::ac43:bea6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bestrecover.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bea6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 36b21607e593a32d8d9e8f2207b625ddfa3e48ca4e9b04a16ae8320e5d3b8568 Request headers :method GET :authority www.bestrecover.info :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Tue, 14 Jul 2020 08:25:55 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d62e03b0c2b2c2c477056a4881a29b7901594715154; expires=Thu, 13-Aug-20 08:25:54 GMT; path=/; domain=.bestrecover.info; HttpOnly; SameSite=Lax; Secure vary Accept-Encoding cf-cache-status DYNAMIC cf-request-id 03ee0740fa0000c27cbd888200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5b29db14cb71c27c-FRA content-encoding br
GET H2	200	style.css www.bestrecover.info/	2 KB 764 B	2310ms 2308ms	Stylesheet text/css	2606:4700:3036::ac43:bea6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bestrecover.info/style.css Requested by Host: www.bestrecover.info URL: https://www.bestrecover.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bea6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 42f97803e7404a16bd1c3fae7cf506b0b47115644940252383ead9727277dfa7 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 14 Jul 2020 08:25:57 GMT content-encoding br cf-cache-status MISS last-modified Mon, 13 Jul 2020 11:07:48 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control max-age=14400 cf-ray 5b29db199d5bc27c-FRA cf-request-id 03ee0743ff0000c27cbd8af200000001
GET H2	200	script.js Show response www.bestrecover.info/	571 B 406 B	1297ms 1295ms	Script application/javascript	2606:4700:3036::ac43:bea6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bestrecover.info/script.js Requested by Host: www.bestrecover.info URL: https://www.bestrecover.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bea6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c203a4460c36c5ee017b623f3ad1c15bcbfb15bdc115878737df4a07cfa3bbdc Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 14 Jul 2020 08:25:56 GMT content-encoding br cf-cache-status MISS last-modified Mon, 01 Jun 2020 13:57:00 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=14400 cf-ray 5b29db199d5cc27c-FRA cf-request-id 03ee0744000000c27cbd8b0200000001
GET H/1.1	200 OK	asyncjs.php Show response ads.5stepwealth.com/www/delivery/	10 KB 10 KB	618ms 137ms	Script text/javascript	23.239.65.154 NODESDIRECT
General Check archive.org Show headers Download Go to Full URL https://ads.5stepwealth.com/www/delivery/asyncjs.php Requested by Host: www.bestrecover.info URL: https://www.bestrecover.info/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.239.65.154 Jacksonville, United States, ASN19531 (NODESDIRECT, US), Reverse DNS affiliatemarketingfact.com Software Apache / Resource Hash df25281d5a294bbda991e3d4108211b8001ac2db105280b12e35eb95c211b9d2 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 14 Jul 2020 08:25:57 GMT Server Apache P3P CP="CUR ADM OUR NOR STA NID" ETag 6276031193d178ff1342fcc6cbcf923c Transfer-Encoding chunked Content-Type text/javascript;charset=UTF-8 Cache-Control private, max-age=3600 Connection Keep-Alive Expire Tue, 14 Jul 2020 09:25:57 GMT Keep-Alive timeout=10
GET H2	200	email-decode.min.js Show response www.bestrecover.info/cdn-cgi/scripts/5c5dd728/cloudflare-static/	1 KB 858 B	10ms 8ms	Script application/javascript	2606:4700:3036::ac43:bea6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bestrecover.info/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js Requested by Host: www.bestrecover.info URL: https://www.bestrecover.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bea6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 14 Jul 2020 08:25:55 GMT content-encoding gzip vary Accept-Encoding last-modified Thu, 09 Jul 2020 11:58:32 GMT server cloudflare etag W/"5f070668-4d7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-frame-options SAMEORIGIN content-type application/javascript status 200 cache-control max-age=172800, public cf-ray 5b29db199d5fc27c-FRA cf-request-id 03ee0744000000c27cbd8b1200000001 expires Thu, 16 Jul 2020 08:25:55 GMT
GET H2	200	ulyNkde_kRU www.youtube.com/embed/ Frame 3482	0 0	139ms 139ms	Document text/html	2a00:1450:4001:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/embed/ulyNkde_kRU Requested by Host: www.bestrecover.info URL: https://www.bestrecover.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software YouTube Frontend Proxy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority www.youtube.com :scheme https :path /embed/ulyNkde_kRU pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.bestrecover.info/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.bestrecover.info/ Response headers status 200 cache-control no-cache p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." content-type text/html; charset=utf-8 strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding br content-length 11522 expires Tue, 27 Apr 1971 19:44:06 GMT date Tue, 14 Jul 2020 08:25:57 GMT server YouTube Frontend Proxy x-xss-protection 0 set-cookie VISITOR_INFO1_LIVE=9sDqKM0hreQ; path=/; domain=.youtube.com; secure; expires=Sun, 10-Jan-2021 08:25:57 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Tue, 14-Jul-2020 08:55:57 GMT YSC=7CUUy_pVen8; path=/; domain=.youtube.com; secure; httponly; samesite=None VISITOR_INFO1_LIVE=9sDqKM0hreQ; path=/; domain=.youtube.com; secure; expires=Sun, 10-Jan-2021 08:25:57 GMT; httponly; samesite=None alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	DexOybri3wU www.youtube.com/embed/ Frame A9B9	0 0	76ms 75ms	Document text/html	2a00:1450:4001:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/embed/DexOybri3wU Requested by Host: www.bestrecover.info URL: https://www.bestrecover.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software YouTube Frontend Proxy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority www.youtube.com :scheme https :path /embed/DexOybri3wU pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.bestrecover.info/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.bestrecover.info/ Response headers status 200 cache-control no-cache strict-transport-security max-age=31536000 expires Tue, 27 Apr 1971 19:44:06 GMT x-content-type-options nosniff content-encoding br content-length 11959 p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." content-type text/html; charset=utf-8 date Tue, 14 Jul 2020 08:25:57 GMT server YouTube Frontend Proxy x-xss-protection 0 set-cookie VISITOR_INFO1_LIVE=TvjUKroHYCc; path=/; domain=.youtube.com; secure; expires=Sun, 10-Jan-2021 08:25:57 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Tue, 14-Jul-2020 08:55:57 GMT YSC=WOeN5Fso-UY; path=/; domain=.youtube.com; secure; httponly; samesite=None VISITOR_INFO1_LIVE=TvjUKroHYCc; path=/; domain=.youtube.com; secure; expires=Sun, 10-Jan-2021 08:25:57 GMT; httponly; samesite=None alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	e-commerce-website-builder.webp bestrecover.info/	92 KB 92 KB	2670ms 2635ms	Image image/webp	2606:4700:3036::ac43:bea6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bestrecover.info/e-commerce-website-builder.webp Requested by Host: www.bestrecover.info URL: https://www.bestrecover.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bea6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9fb7875052cde656dab10c817daa023ed48c50f0a005f6fc783b59bea8044557 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 14 Jul 2020 08:26:00 GMT cf-cache-status MISS last-modified Sat, 11 Jul 2020 09:30:46 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/webp status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5b29db289944c27c-FRA content-length 93828 cf-request-id 03ee074d620000c27cbd955200000001
GET H/1.1	200 OK	asyncspc.php Show response ads.5stepwealth.com/www/delivery/	3 KB 3 KB	215ms 215ms	XHR application/json	23.239.65.154 NODESDIRECT
General Check archive.org Show headers Download Go to Full URL https://ads.5stepwealth.com/www/delivery/asyncspc.php?zones=202%7C202%7C201%7C200&prefix=revive-0-&block=1&loc=https%3A%2F%2Fwww.bestrecover.info%2F Requested by Host: ads.5stepwealth.com URL: https://ads.5stepwealth.com/www/delivery/asyncjs.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.239.65.154 Jacksonville, United States, ASN19531 (NODESDIRECT, US), Reverse DNS affiliatemarketingfact.com Software Apache / Resource Hash 6719d82312bfdaaf3d72f1f704b819f3432e51584ef69a60a6820c85bae56e7d Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Tue, 14 Jul 2020 08:26:00 GMT Server Apache Transfer-Encoding chunked P3P CP="CUR ADM OUR NOR STA NID" Access-Control-Allow-Origin https://www.bestrecover.info Cache-Control no-cache, no-store, must-revalidate Access-Control-Allow-Credentials true Connection Keep-Alive Content-Type application/json Keep-Alive timeout=10 Expires 0
GET H2	200	online-website-builder-software.webp bestrecover.info/	27 KB 27 KB	1556ms 1556ms	Image image/webp	2606:4700:3036::ac43:bea6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bestrecover.info/online-website-builder-software.webp Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bea6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa7ec8a787de05fbc66ec21d536f62271d0a947c93fa79d9bfece2e6a2392ab5 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 14 Jul 2020 08:26:02 GMT cf-cache-status MISS last-modified Sun, 12 Jul 2020 07:22:36 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/webp status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5b29db39ed3bc27c-FRA content-length 27422 cf-request-id 03ee0758350000c27cbda20200000001
GET H/1.1	200 OK	71933d64472fdd2cf94fea6eced11af4.jpg ads.5stepwealth.com/www/images/	38 KB 38 KB	123ms 121ms	Image image/jpeg	23.239.65.154 NODESDIRECT
General Check archive.org Show headers Download Go to Show image Full URL https://ads.5stepwealth.com/www/images/71933d64472fdd2cf94fea6eced11af4.jpg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.239.65.154 Jacksonville, United States, ASN19531 (NODESDIRECT, US), Reverse DNS affiliatemarketingfact.com Software Apache / Resource Hash e2e3845f802ea18e67bdf010cef70c5786a5ae9c1dddb87669b2b7a94d599976 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 14 Jul 2020 08:26:00 GMT Last-Modified Mon, 13 Jul 2020 05:09:21 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 39052
GET H/1.1	200 OK	lg.php ads.5stepwealth.com/www/delivery/	43 B 515 B	557ms 319ms	Image image/gif	23.239.65.154 NODESDIRECT
General Check archive.org Show headers Download Go to Show image Full URL https://ads.5stepwealth.com/www/delivery/lg.php?bannerid=67&campaignid=3&zoneid=202&loc=https%3A%2F%2Fwww.bestrecover.info%2F&cb=4547f7f0a3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.239.65.154 Jacksonville, United States, ASN19531 (NODESDIRECT, US), Reverse DNS affiliatemarketingfact.com Software Apache / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Tue, 14 Jul 2020 08:26:01 GMT Server Apache Transfer-Encoding chunked P3P CP="CUR ADM OUR NOR STA NID" Access-Control-Allow-Origin * Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Content-Type image/gif Keep-Alive timeout=10 Expires 0
GET H/1.1	200 OK	00d0c04b7bb1cc8bcf4a74f8698ef496.jpg ads.5stepwealth.com/www/images/	39 KB 39 KB	366ms 121ms	Image image/jpeg	23.239.65.154 NODESDIRECT
General Check archive.org Show headers Download Go to Show image Full URL https://ads.5stepwealth.com/www/images/00d0c04b7bb1cc8bcf4a74f8698ef496.jpg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.239.65.154 Jacksonville, United States, ASN19531 (NODESDIRECT, US), Reverse DNS affiliatemarketingfact.com Software Apache / Resource Hash 141ae3b04fbd66e04c88d656963506ac3857a7bfb9626afe9c30088f85b8286c Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 14 Jul 2020 08:26:01 GMT Last-Modified Mon, 13 Jul 2020 05:17:44 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10 Content-Length 40180
GET H/1.1	200 OK	lg.php ads.5stepwealth.com/www/delivery/	43 B 515 B	1223ms 978ms	Image image/gif	23.239.65.154 NODESDIRECT
General Check archive.org Show headers Download Go to Show image Full URL https://ads.5stepwealth.com/www/delivery/lg.php?bannerid=68&campaignid=3&zoneid=202&loc=https%3A%2F%2Fwww.bestrecover.info%2F&cb=06d86b1db4 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.239.65.154 Jacksonville, United States, ASN19531 (NODESDIRECT, US), Reverse DNS affiliatemarketingfact.com Software Apache / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Tue, 14 Jul 2020 08:26:01 GMT Server Apache Transfer-Encoding chunked P3P CP="CUR ADM OUR NOR STA NID" Access-Control-Allow-Origin * Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Content-Type image/gif Keep-Alive timeout=10 Expires 0
GET H2	200	lt-banner-1-468-60.gif aaauq.com/elite-dc/banner/	16 KB 16 KB	689ms 621ms	Image image/gif	2606:4700:3032::681c:14c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://aaauq.com/elite-dc/banner/lt-banner-1-468-60.gif Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::681c:14c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bbf7874444319bf5a6615c2d4b83a8deca89ea5309e5ee02c664be2b82959384 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 14 Jul 2020 08:26:01 GMT cf-cache-status MISS status 200 host-header 5d77dd967d63c3104bced1db0cace49c content-length 16300 cf-request-id 03ee0758d3000063dd53878200000001 last-modified Fri, 22 May 2020 08:10:52 GMT server cloudflare etag "3fac-5a6382aeb5b00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif cache-control max-age=14400 accept-ranges bytes cf-ray 5b29db3aefec63dd-FRA x-proxy-cache MISS
GET H/1.1	200 OK	lg.php ads.5stepwealth.com/www/delivery/	43 B 515 B	516ms 269ms	Image image/gif	23.239.65.154 NODESDIRECT
General Check archive.org Show headers Download Go to Show image Full URL https://ads.5stepwealth.com/www/delivery/lg.php?bannerid=32&campaignid=3&zoneid=201&loc=https%3A%2F%2Fwww.bestrecover.info%2F&cb=44a7b6a320 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.239.65.154 Jacksonville, United States, ASN19531 (NODESDIRECT, US), Reverse DNS affiliatemarketingfact.com Software Apache / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Tue, 14 Jul 2020 08:26:01 GMT Server Apache Transfer-Encoding chunked P3P CP="CUR ADM OUR NOR STA NID" Access-Control-Allow-Origin * Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Content-Type image/gif Keep-Alive timeout=10 Expires 0
GET H/1.1	200 OK	lg.php ads.5stepwealth.com/www/delivery/	43 B 515 B	616ms 368ms	Image image/gif	23.239.65.154 NODESDIRECT
General Check archive.org Show headers Download Go to Show image Full URL https://ads.5stepwealth.com/www/delivery/lg.php?bannerid=0&campaignid=0&zoneid=200&loc=https%3A%2F%2Fwww.bestrecover.info%2F&cb=a53b5002fc Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.239.65.154 Jacksonville, United States, ASN19531 (NODESDIRECT, US), Reverse DNS affiliatemarketingfact.com Software Apache / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Referer https://www.bestrecover.info/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Tue, 14 Jul 2020 08:26:01 GMT Server Apache Transfer-Encoding chunked P3P CP="CUR ADM OUR NOR STA NID" Access-Control-Allow-Origin * Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Content-Type image/gif Keep-Alive timeout=10 Expires 0

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| onMouseOut function| openNav object| org function| getQueryParamValue function| FlashObject function| SWFObject object| reviveAsync

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bestrecover.info/	1970-01-19 11:41:47	Name: __cfduid Value: df3edab602143cc03c56a0231864ccbbe1594715157

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aaauq.com
ads.5stepwealth.com
bestrecover.info
www.bestrecover.info
www.youtube.com
23.239.65.154
2606:4700:3032::681c:14c
2606:4700:3036::ac43:bea6
2a00:1450:4001:824::200e
141ae3b04fbd66e04c88d656963506ac3857a7bfb9626afe9c30088f85b8286c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
36b21607e593a32d8d9e8f2207b625ddfa3e48ca4e9b04a16ae8320e5d3b8568
42f97803e7404a16bd1c3fae7cf506b0b47115644940252383ead9727277dfa7
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
6719d82312bfdaaf3d72f1f704b819f3432e51584ef69a60a6820c85bae56e7d
9fb7875052cde656dab10c817daa023ed48c50f0a005f6fc783b59bea8044557
aa7ec8a787de05fbc66ec21d536f62271d0a947c93fa79d9bfece2e6a2392ab5
bbf7874444319bf5a6615c2d4b83a8deca89ea5309e5ee02c664be2b82959384
c203a4460c36c5ee017b623f3ad1c15bcbfb15bdc115878737df4a07cfa3bbdc
df25281d5a294bbda991e3d4108211b8001ac2db105280b12e35eb95c211b9d2
e2e3845f802ea18e67bdf010cef70c5786a5ae9c1dddb87669b2b7a94d599976