iphonewinners.com Open in urlscan Pro
66.228.63.84 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://yzheb.shanassoc.com/1d24fd7
Effective URL:
https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
Submission: On August 04 via manual (August 4th 2020, 2:40:44 pm UTC) from KR

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 4 countries across 10 domains to perform 9 HTTP transactions. The main IP is 66.228.63.84, located in Atlanta, United States and belongs to LINODE-AP Linode, LLC, US. The main domain is iphonewinners.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 21st 2020. Valid for: 3 months.

This is the only time iphonewinners.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	198.54.120.245 198.54.120.245	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1 1	88.99.66.31 88.99.66.31	24940 (HETZNER-AS) (HETZNER-AS)
1 2	2a05:d018:483... 2a05:d018:483:6130:c386:82c4:1a2d:b043	16509 (AMAZON-02) (AMAZON-02)
1	2a05:d018:483... 2a05:d018:483:6120:813f:12dd:7e10:98e6	16509 (AMAZON-02) (AMAZON-02)
1	188.40.16.102 188.40.16.102	24940 (HETZNER-AS) (HETZNER-AS)
1 1	66.228.63.153 66.228.63.153	63949 (LINODE-AP...) (LINODE-AP Linode)
1	66.228.63.84 66.228.63.84	63949 (LINODE-AP...) (LINODE-AP Linode)
2	195.181.175.52 195.181.175.52	60068 (CDN77) (CDN77)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	67.212.173.74 67.212.173.74	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
9	8

1 198.54.120.245 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium77-2.web-hosting.com

yzheb.shanassoc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.99.66.31 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: iplogger.com

iplogger.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:483:6130:c386:82c4:1a2d:b043 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

cldrg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:483:6120:813f:12dd:7e10:98e6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

gdmconvtrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.40.16.102 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.102.16.40.188.clients.your-server.de

1d653de6060.trccmpnsl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.228.63.153 (Atlanta, United States) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-66-228-63-153.atlanta.nodebalancer.linode.com

traffic.haka.mobi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.228.63.84 (Atlanta, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-66-228-63-84.atlanta.nodebalancer.linode.com

iphonewinners.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.181.175.52 (Frankfurt am Main, Germany)

ASN60068 (CDN77, GB)
PTR: frankfurt-50.cdn77.com

1673333600.rsc.cdn77.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.212.173.74 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

push.answertounlock.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	cdn77.org 1673333600.rsc.cdn77.org	36 KB
2	cldrg.com 1 redirects cldrg.com	4 KB
1	answertounlock.com push.answertounlock.com	2 KB
1	jquery.com code.jquery.com	30 KB
1	iphonewinners.com iphonewinners.com	3 KB
1	haka.mobi 1 redirects traffic.haka.mobi	218 B
1	trccmpnsl.com 1d653de6060.trccmpnsl.com	1 KB
1	gdmconvtrck.com gdmconvtrck.com	1 KB
1	iplogger.co 1 redirects iplogger.co	327 B
1	shanassoc.com yzheb.shanassoc.com	884 B
9	10

	Domain	Requested by
2	1673333600.rsc.cdn77.org	iphonewinners.com
2	cldrg.com	1 redirects
1	push.answertounlock.com	iphonewinners.com
1	code.jquery.com	iphonewinners.com
1	iphonewinners.com
1	traffic.haka.mobi	1 redirects
1	1d653de6060.trccmpnsl.com	gdmconvtrck.com
1	gdmconvtrck.com	cldrg.com
1	iplogger.co	1 redirects
1	yzheb.shanassoc.com
9	10

This site contains no links.

Subject Issuer	Validity	Valid
cldrf.com Amazon	`2020-04-22` - `2021-05-22`	a year	crt.sh
gdmconvtrck.com Amazon	`2020-03-21` - `2021-04-21`	a year	crt.sh
*.trccmpnsl.com Let's Encrypt Authority X3	`2020-07-31` - `2020-10-29`	3 months	crt.sh
sexygirlchats.com Let's Encrypt Authority X3	`2020-05-21` - `2020-08-19`	3 months	crt.sh
www.cdn77.com Let's Encrypt Authority X3	`2020-07-23` - `2020-10-21`	3 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
push.answertounlock.com Let's Encrypt Authority X3	`2020-07-01` - `2020-09-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
Frame ID: 74A3C0AD87CB7EFBD9259612C10E3E56
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://yzheb.shanassoc.com/1d24fd7 Page URL
https://iplogger.co/24HXm5 HTTP 301
https://cldrg.com/?a=111862&c=201317 Page URL
https://cldrg.com/?a=111862&c=122225&oc=34470&sr=t&so=71074&sc=10928123&rc=24_90887&ref=http%3... HTTP 302
https://1d653de6060.trccmpnsl.com/?p=3829&media_type=mainstream&click_id=72040ddff2734a42ad0143a2f5fbfb9e6de2&... Page URL
https://traffic.haka.mobi/click?hash=5138&pid=1026&aid=3829&keyword=kdg1uv02bz9x67j574844wgcg,14897063... HTTP 302
https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138 Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

9
Requests

89 %
HTTPS

30 %
IPv6

10
Domains

10
Subdomains

8
IPs

4
Countries

75 kB
Transfer

138 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://yzheb.shanassoc.com/1d24fd7 Page URL
https://iplogger.co/24HXm5 HTTP 301
https://cldrg.com/?a=111862&c=201317 Page URL
https://cldrg.com/?a=111862&c=122225&oc=34470&sr=t&so=71074&sc=10928123&rc=24_90887&ref=http%3A%2F%2Fyzheb.shanassoc.com%2F1d24fd7&vt=1596552030150&h=b71afb5d923bb40f98546fd917ff75478cd68847&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D111862%26c%3D201317&us=fd2b44f8a18846be9ca8396645aa10a7 HTTP 302
https://1d653de6060.trccmpnsl.com/?p=3829&media_type=mainstream&click_id=72040ddff2734a42ad0143a2f5fbfb9e6de2&pi=111862 Page URL
https://traffic.haka.mobi/click?hash=5138&pid=1026&aid=3829&keyword=kdg1uv02bz9x67j574844wgcg,14897063,5,3829 HTTP 302
https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://iplogger.co/24HXm5 HTTP 301
https://cldrg.com/?a=111862&c=201317

Request Chain 3

https://cldrg.com/?a=111862&c=122225&oc=34470&sr=t&so=71074&sc=10928123&rc=24_90887&ref=http%3A%2F%2Fyzheb.shanassoc.com%2F1d24fd7&vt=1596552030150&h=b71afb5d923bb40f98546fd917ff75478cd68847&req=https%3A%2F%2Fcldrg.com%2F%3Fa%3D111862%26c%3D201317&us=fd2b44f8a18846be9ca8396645aa10a7 HTTP 302
https://1d653de6060.trccmpnsl.com/?p=3829&media_type=mainstream&click_id=72040ddff2734a42ad0143a2f5fbfb9e6de2&pi=111862

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 1d24fd7 Show response
yzheb.shanassoc.com/ 1 KB
884 B 1155ms
1106ms Document
text/html 198.54.120.245
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: http://yzheb.shanassoc.com/1d24fd7
Protocol: HTTP/1.1
Server: 198.54.120.245 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium77-2.web-hosting.com
Software: Apache / PHP/7.2.30
Resource Hash: d131f7758897341119ebfd208c9abe528f94e1a4777dd1845651da9f4562ec64

Request headers

Host: yzheb.shanassoc.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 14:40:28 GMT
Server: Apache
X-Powered-By: PHP/7.2.30
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 657
Content-Type: text/html; charset=UTF-8

GET
H2

200

/ Show response
cldrg.com/
Redirect Chain

https://iplogger.co/24HXm5
https://cldrg.com/?a=111862&c=201317

2 KB
1 KB

178ms
78ms

Document
text/html

2a05:d018:483:6130:c386:82c4:1a2d:b043
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cldrg.com/?a=111862&c=201317
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:483:6130:c386:82c4:1a2d:b043 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 24d0c6312e97c3df831ca393269cb80ee946243487726f41d77eedb398b6ff6b

Request headers

:method: GET
:authority: cldrg.com
:scheme: https
:path: /?a=111862&c=201317
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: http://yzheb.shanassoc.com/1d24fd7
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://yzheb.shanassoc.com/1d24fd7

Response headers

status: 200
date: Tue, 04 Aug 2020 14:40:30 GMT
content-type: text/html;charset=utf-8
server: nginx
vary: Accept-Encoding
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Sat, 1 May 2020 12:00:00 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
content-encoding: gzip

Redirect headers

status: 301
server: nginx
date: Tue, 04 Aug 2020 14:40:29 GMT
content-type: text/html; charset=UTF-8
location: https://cldrg.com/?a=111862&c=201317
set-cookie: PHPSESSID=elud8ig9s5u7li4m6ldhjfh9s7; path=/; HttpOnly timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
pragma: no-cache
strict-transport-security: max-age=31536000; preload
x-frame-options: DENY

GET
H2 200 user Show response
gdmconvtrck.com/ 1 KB
1 KB 138ms
32ms Script
text/javascript 2a05:d018:483:6120:813f:12dd:7e10:98e6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gdmconvtrck.com/user?a=111862&c=122225
Requested by: Host: cldrg.com
URL: https://cldrg.com/?a=111862&c=201317
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:483:6120:813f:12dd:7e10:98e6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 00fe563e56e3728d08008d426d71b7735ae1f03b7977daad3d229cdb3e3f87be

Request headers

Referer: https://cldrg.com/?a=111862&c=201317
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Aug 2020 14:40:30 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *, *
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
expires: Sat, 1 May 2020 12:00:00 GMT

GET
H2

200

/ Show response
1d653de6060.trccmpnsl.com/
Redirect Chain

https://cldrg.com/?a=111862&c=122225&oc=34470&sr=t&so=71074&sc=10928123&rc=24_90887&ref=http%3A%2F%2Fyzheb.shanassoc.com%2F1d24fd7&vt=1596552030150&h=b71afb5d923bb40f98546fd917ff75478cd68847&req=ht...
https://1d653de6060.trccmpnsl.com/?p=3829&media_type=mainstream&click_id=72040ddff2734a42ad0143a2f5fbfb9e6de2&pi=111862

884 B
1 KB

213ms
96ms

Document
text/html

188.40.16.102
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://1d653de6060.trccmpnsl.com/?p=3829&media_type=mainstream&click_id=72040ddff2734a42ad0143a2f5fbfb9e6de2&pi=111862
Requested by: Host: gdmconvtrck.com
URL: https://gdmconvtrck.com/user?a=111862&c=122225
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.40.16.102 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.102.16.40.188.clients.your-server.de
Software: /
Resource Hash: 675df84a62fc4dfd065514012206d5e76209cbab369d1d474f2d6b29db4c1ed2

Request headers

:method: GET
:authority: 1d653de6060.trccmpnsl.com
:scheme: https
:path: /?p=3829&media_type=mainstream&click_id=72040ddff2734a42ad0143a2f5fbfb9e6de2&pi=111862
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://cldrg.com/?a=111862&c=201317
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cldrg.com/?a=111862&c=201317

Response headers

status: 200
date: Tue, 04 Aug 2020 14:40:30 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: t-uuid=5nqgikm0s8vf06mn3qlss0gs8; expires=Sun, 04-Aug-2030 14:40:30 GMT; Max-Age=315532800; path=/; domain=.trccmpnsl.com traffic-visited-offers=%7C%7C%7Cunspecified; expires=Wed, 05-Aug-2020 14:40:30 GMT; Max-Age=86400; path=/; domain=.trccmpnsl.com traffic-back=ok; expires=Tue, 04-Aug-2020 14:41:00 GMT; Max-Age=30; path=/; domain=.trccmpnsl.com rts-trck=1; expires=Tue, 04-Aug-2020 14:50:30 GMT; Max-Age=600; path=/; domain=1d653de6060.trccmpnsl.com
last-modified: Tue, 4 Aug 2020 14:40:30 GMT
expires: Tue, 4 Aug 2020 14:40:30 GMT
cache-control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow
content-encoding: gzip

Redirect headers

status: 302
date: Tue, 04 Aug 2020 14:40:30 GMT
content-type: text/html;charset=ISO-8859-1
location: https://1d653de6060.trccmpnsl.com/?p=3829&media_type=mainstream&click_id=72040ddff2734a42ad0143a2f5fbfb9e6de2&pi=111862
server: nginx
set-cookie: gdm_sid_v2_3_001=6u8P+k+wEV3Llos1meuhk84nnGQY+r9T+YJPgbFJiMC/BC89kr4+pVPj7zwkiXdCkHX8AUh9jee/ueT38GS3l8hgI2DZIysgI11NCh4Y4kb1FG3Mv89LqjK+Kp53RqGWRDlyPKsQMRvwo4GJwGHraALEHXm7gJyYyGEMS+dyZzW7tJnA+rEoSBkp5zeXp0btMQSdTWhUjK6bJdzAIJQ2K+mikhk2050PEYCAw6TBUFNJj3/VUP+EJAsRQt7aOu2OknSPe29Mb5uVr3qQpKOIZD9qXOvuz+v8AZ2hPd4u3xd1SMXDjEWDZNFV4gVfoZhu6Hk8WVtFRsvGuZm63yexboERQuqQibIdU3i+A8wgrqJW3tj63SXX7BVvo+5CuOWTWfyrr5WXN+B64nEkEu1YbT2DNioiHgfpg7+Bz/oD/j/qSrXhoc8MTwEdUYA8/BMheGpfZtEnzlEoC/HVnTU0/SEqoPhUg+OcF5AMtx2YIkQo7Jj2YSzDi0pyuqZTnbrnwGYcWmHIRB+hFi1Mow4AZ6Q1wJ6/mc85myNdw0EvGIkFd4yErEXsapGvhakkIBy5L2qBshRXAY7kGcLxwuLaurJ9YYE2UOmBCHW0Njoy+uFdCRGOratGbcK4FfjderDnq/5OxTdvPUm9P6S9PbXEyQi3lqyLdaG698uOpCJahqQIfMrVwmoRKwNRqi5KmcPhc6aHry7Ddm0DSTI5OYjjnqGV5K1Tx6mTW7CQnJv9ryBcb2tjx0m+l5gFDhNdx6+MOCSuJ2NqYgjwA1ssUVheCxIxNa2dOztLKhkypUhLz0gR1TSJC+zaf5tinwTa6m4pOLg1GMSYkiEwM8tMzG6M4TlDh0zrlytElCeB9UxpjsC/TxdHkmjZWR2vk4SC3MwEiunnMOh8/ZWdaj+XaPCwrLEYOEL1IwmxcP2eALJ+okT9Ms7ys9hDwlrb6HC5XuNYZOUXro2svnlP4g9KUpu2SZuilK38Mjqf56CPDNCFAtHFPtPuSof+Vl+ItZlXSpMbt7gSRIJ/EdX735py6X/7ELdvqGmos+lMXXz0fCop/tc5mXJ1kcyRRX3UPHhJKOGIQAxsC8TyOSznc30lNeUDdT9g5/ns8ezjcgYy+s47yAw=; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/; Secure; SameSite=None gdm_uid_v1_1_001=ugxDBd/CecorXEjxqbqByGvXEBmC1G5YzlVCTxW6uYEZmqbGy0rJdNmWBxOGU7Tu; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/ gdm_click_freq_v1_1_001=XJ3Gu0LiH9cfw5KIlQVqyeyAb2XMNVjuzPAA3ldMY0KCZFxOuPazriKrI66erVsC; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/ gdm_click_freq_v2_1_001=XJ3Gu0LiH9cfw5KIlQVqyeyAb2XMNVjuzPAA3ldMY0KCZFxOuPazriKrI66erVsC; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/; Secure; SameSite=None gdm_suid_v2_1_001=ugxDBd/CecorXEjxqbqByGvXEBmC1G5YzlVCTxW6uYEZmqbGy0rJdNmWBxOGU7Tu; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/; Secure; SameSite=None gdm_click_adv_freq_v2_1_001=Noe/5evDT0YYJOp2kg0BwQwOPofNMyCOO1aTKSczoVOW0QEsNV+Tmvu2Mb0ECm09; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/; Secure; SameSite=None gdm_uid_v2_1_001=ugxDBd/CecorXEjxqbqByGvXEBmC1G5YzlVCTxW6uYEZmqbGy0rJdNmWBxOGU7Tu; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/; Secure; SameSite=None gdm_sid_v1_3_001=6u8P+k+wEV3Llos1meuhk84nnGQY+r9T+YJPgbFJiMC/BC89kr4+pVPj7zwkiXdCkHX8AUh9jee/ueT38GS3l8hgI2DZIysgI11NCh4Y4kb1FG3Mv89LqjK+Kp53RqGWRDlyPKsQMRvwo4GJwGHraALEHXm7gJyYyGEMS+dyZzW7tJnA+rEoSBkp5zeXp0btMQSdTWhUjK6bJdzAIJQ2K+mikhk2050PEYCAw6TBUFNJj3/VUP+EJAsRQt7aOu2OknSPe29Mb5uVr3qQpKOIZD9qXOvuz+v8AZ2hPd4u3xd1SMXDjEWDZNFV4gVfoZhu6Hk8WVtFRsvGuZm63yexboERQuqQibIdU3i+A8wgrqJW3tj63SXX7BVvo+5CuOWTWfyrr5WXN+B64nEkEu1YbT2DNioiHgfpg7+Bz/oD/j/qSrXhoc8MTwEdUYA8/BMheGpfZtEnzlEoC/HVnTU0/SEqoPhUg+OcF5AMtx2YIkQo7Jj2YSzDi0pyuqZTnbrnwGYcWmHIRB+hFi1Mow4AZ6Q1wJ6/mc85myNdw0EvGIkFd4yErEXsapGvhakkIBy5L2qBshRXAY7kGcLxwuLaurJ9YYE2UOmBCHW0Njoy+uFdCRGOratGbcK4FfjderDnq/5OxTdvPUm9P6S9PbXEyQi3lqyLdaG698uOpCJahqQIfMrVwmoRKwNRqi5KmcPhc6aHry7Ddm0DSTI5OYjjnqGV5K1Tx6mTW7CQnJv9ryBcb2tjx0m+l5gFDhNdx6+MOCSuJ2NqYgjwA1ssUVheCxIxNa2dOztLKhkypUhLz0gR1TSJC+zaf5tinwTa6m4pOLg1GMSYkiEwM8tMzG6M4TlDh0zrlytElCeB9UxpjsC/TxdHkmjZWR2vk4SC3MwEiunnMOh8/ZWdaj+XaPCwrLEYOEL1IwmxcP2eALJ+okT9Ms7ys9hDwlrb6HC5XuNYZOUXro2svnlP4g9KUpu2SZuilK38Mjqf56CPDNCFAtHFPtPuSof+Vl+ItZlXSpMbt7gSRIJ/EdX735py6X/7ELdvqGmos+lMXXz0fCop/tc5mXJ1kcyRRX3UPHhJKOGIQAxsC8TyOSznc30lNeUDdT9g5/ns8ezjcgYy+s47yAw=; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/ gdm_suid_v1_1_001=ugxDBd/CecorXEjxqbqByGvXEBmC1G5YzlVCTxW6uYEZmqbGy0rJdNmWBxOGU7Tu; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/ gdm_click_adv_freq_v1_1_001=Noe/5evDT0YYJOp2kg0BwQwOPofNMyCOO1aTKSczoVOW0QEsNV+Tmvu2Mb0ECm09; Expires=Mon, 02-Nov-2020 14:40:30 GMT; Path=/
content-language: en-US
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob

GET
H/1.1

200
OK

Primary Request 1682 Show response
iphonewinners.com/
Redirect Chain

https://traffic.haka.mobi/click?hash=5138&pid=1026&aid=3829&keyword=kdg1uv02bz9x67j574844wgcg,14897063,5,3829
https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138

8 KB
3 KB

528ms
140ms

Document
text/html

66.228.63.84
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.228.63.84 Atlanta, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: nb-66-228-63-84.atlanta.nodebalancer.linode.com
Software: / Express
Resource Hash: 5c217124917b43096064970ca9504fb90acea9c6ef7fbc9dc75c401de941c661

Request headers

Host: iphonewinners.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://1d653de6060.trccmpnsl.com/?p=3829&media_type=mainstream&click_id=72040ddff2734a42ad0143a2f5fbfb9e6de2&pi=111862
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://1d653de6060.trccmpnsl.com/?p=3829&media_type=mainstream&click_id=72040ddff2734a42ad0143a2f5fbfb9e6de2&pi=111862

Response headers

X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"21cf-CZ6v3gdruUiGiYqRZ8wfyB3nsso"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 04 Aug 2020 14:40:31 GMT
Connection: close
Transfer-Encoding: chunked

Redirect headers

X-Powered-By: Express
Location: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
Date: Tue, 04 Aug 2020 14:40:31 GMT
Connection: close
Transfer-Encoding: chunked

GET
H2 200 iphone11.png
1673333600.rsc.cdn77.org/images/ 18 KB
18 KB 115ms
45ms Image
image/png 195.181.175.52
CDN77

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1673333600.rsc.cdn77.org/images/iphone11.png
Requested by: Host: iphonewinners.com
URL: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.175.52 Frankfurt am Main, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-50.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 193039069db3d2a46e189023de371cc848ec2cdcfc8166ce5ccf3c1b911955a0

Request headers

Referer: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-77-nzt: AcO1rzJEj2v97C4AAA==
date: Tue, 04 Aug 2020 14:40:31 GMT
last-modified: Mon, 15 Jun 2020 08:24:48 GMT
server: CDN77-Turbo
x-edge-pop: frankfurtDE
etag: "5ee73050-4819"
status: 200
x-cache: HIT
content-type: image/png
access-control-allow-origin: *
x-edge-ip: 195.181.175.50
x-age: 12012
accept-ranges: bytes
content-length: 18457

GET
H2 200 band.png
1673333600.rsc.cdn77.org/images/ 17 KB
17 KB 121ms
51ms Image
image/png 195.181.175.52
CDN77

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1673333600.rsc.cdn77.org/images/band.png
Requested by: Host: iphonewinners.com
URL: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.175.52 Frankfurt am Main, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-50.cdn77.com
Software: CDN77-Turbo /
Resource Hash: f3bebd9375f356332b5c6bd0f3cfcb67597de118b2c24a506985f2936da4d6ea

Request headers

Referer: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-77-nzt: AcO1rzJ/dc39HysJAA==
date: Tue, 04 Aug 2020 14:40:31 GMT
last-modified: Mon, 15 Jun 2020 08:23:20 GMT
server: CDN77-Turbo
x-edge-pop: frankfurtDE
etag: "5ee72ff8-4465"
status: 200
x-cache: HIT
content-type: image/png
access-control-allow-origin: *
x-edge-ip: 195.181.175.50
x-age: 600863
accept-ranges: bytes
content-length: 17509

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 23ms
8ms Script
application/javascript 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: iphonewinners.com
URL: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
Origin: https://iphonewinners.com

Response headers

date: Tue, 04 Aug 2020 14:40:31 GMT
content-encoding: gzip
last-modified: Wed, 01 May 2019 21:14:27 GMT
server: nginx
status: 200
etag: W/"5cca0c33-15851"
vary: Accept-Encoding
x-hw: 1596552031.dop224.fr8.t,1596552031.cds281.fr8.hc,1596552031.cds236.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 pub.min.js Show response
push.answertounlock.com/js/ 3 KB
2 KB 512ms
112ms Script
application/javascript 67.212.173.74
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://push.answertounlock.com/js/pub.min.js

Requested by

Host: iphonewinners.com
URL: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.212.173.74 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx /

Resource Hash

b0a79f2bd09a605d906f23c84884ecaf4cf9fee5f0286040e9a0f889d6790ca0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://iphonewinners.com/1682?id=38398e47-5399-44a0-9dbe-e79d5a59354a&h=5138
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 04 Aug 2020 14:40:32 GMT
content-encoding: gzip
last-modified: Sat, 30 May 2020 23:48:22 GMT
server: nginx
etag: "5ed2f0c6-602"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
content-length: 1538
expires: Wed, 05 Aug 2020 14:40:32 GMT

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1673333600.rsc.cdn77.org
1d653de6060.trccmpnsl.com
cldrg.com
code.jquery.com
gdmconvtrck.com
iphonewinners.com
iplogger.co
push.answertounlock.com
traffic.haka.mobi
yzheb.shanassoc.com
188.40.16.102
195.181.175.52
198.54.120.245
2001:4de0:ac19::1:b:1a
2a05:d018:483:6120:813f:12dd:7e10:98e6
2a05:d018:483:6130:c386:82c4:1a2d:b043
66.228.63.153
66.228.63.84
67.212.173.74
88.99.66.31
00fe563e56e3728d08008d426d71b7735ae1f03b7977daad3d229cdb3e3f87be
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
193039069db3d2a46e189023de371cc848ec2cdcfc8166ce5ccf3c1b911955a0
24d0c6312e97c3df831ca393269cb80ee946243487726f41d77eedb398b6ff6b
5c217124917b43096064970ca9504fb90acea9c6ef7fbc9dc75c401de941c661
675df84a62fc4dfd065514012206d5e76209cbab369d1d474f2d6b29db4c1ed2
b0a79f2bd09a605d906f23c84884ecaf4cf9fee5f0286040e9a0f889d6790ca0
d131f7758897341119ebfd208c9abe528f94e1a4777dd1845651da9f4562ec64
f3bebd9375f356332b5c6bd0f3cfcb67597de118b2c24a506985f2936da4d6ea

iphonewinners.com Open in urlscan Pro 66.228.63.84 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

89 %HTTPS

30 %IPv6

10 Domains

10 Subdomains

8 IPs

4 Countries

75 kBTransfer

138 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

0 Cookies

Indicators

iphonewinners.com Open in urlscan Pro
66.228.63.84 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

30 %
IPv6

10
Domains

10
Subdomains

8
IPs

4
Countries

75 kB
Transfer

138 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions