play.google.com Open in urlscan Pro
2607:f8b0:4006:816::200e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://karabosa.africa/
Effective URL:
https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US
Submission Tags: #phishing @ecarlesi Search All
Submission: On June 29 via api (June 29th 2022, 11:39:06 pm UTC) from FI — Scanned from CA

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 8 domains to perform 17 HTTP transactions. The main IP is 2607:f8b0:4006:816::200e, located in and belongs to . The main domain is play.google.com.
TLS certificate: Issued by GTS CA 1C3 on June 6th 2022. Valid for: 3 months.

This is the only time play.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	2606:4700:303... 2606:4700:3036::6815:511f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:80d::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
2	5.101.45.7 5.101.45.7	209813 (FASTCONTENT) (FASTCONTENT)
1 2	5.189.217.128 5.189.217.128	209813 (FASTCONTENT) (FASTCONTENT)
1 2	149.248.3.79 149.248.3.79	() ()
1	2607:f8b0:400... 2607:f8b0:4006:816::200e	() ()
17	8

3 2606:4700:3036::6815:511f (United States)

ASN13335 (CLOUDFLARENET, US)

karabosa.africa	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::200a (New York, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:824::2003 (New York, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.101.45.7 (Haarlem, Netherlands)

ASN209813 (FASTCONTENT, DE)

takebest-prizes.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.189.217.128 (Haarlem, Netherlands) 1 redirects

ASN209813 (FASTCONTENT, DE)

qqtxcr.reachloveproperty.buzz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 149.248.3.79 (None, ) 1 redirects

ASN- ()

rockcloudspace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::200e (None, )

ASN- ()

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	karabosa.africa karabosa.africa	12 KB
2	rockcloudspace.com 1 redirects rockcloudspace.com	778 B
2	reachloveproperty.buzz 1 redirects qqtxcr.reachloveproperty.buzz	2 KB
2	takebest-prizes.life takebest-prizes.life — Cisco Umbrella Rank: 414767	88 KB
1	google.com play.google.com	175 KB
1	gstatic.com fonts.gstatic.com www.gstatic.com Failed	16 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 71	1 KB
0	googleusercontent.com Failed play-lh.googleusercontent.com Failed
17	8

	Domain	Requested by
3	karabosa.africa	karabosa.africa
2	rockcloudspace.com	1 redirects qqtxcr.reachloveproperty.buzz
2	qqtxcr.reachloveproperty.buzz	1 redirects takebest-prizes.life
2	takebest-prizes.life	karabosa.africa takebest-prizes.life
1	play.google.com	rockcloudspace.com karabosa.africa
1	fonts.gstatic.com	fonts.googleapis.com play.google.com
1	fonts.googleapis.com	karabosa.africa
0	play-lh.googleusercontent.com Failed	play.google.com
0	www.gstatic.com Failed	play.google.com
17	9

This site contains no links.

Subject Issuer	Validity	Valid
*.karabosa.africa E1	`2022-06-04` - `2022-09-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
takebest-prizes.life R3	`2022-04-27` - `2022-07-26`	3 months	crt.sh
*.reachloveproperty.buzz R3	`2022-06-29` - `2022-09-27`	3 months	crt.sh
rockcloudspace.com R3	`2022-06-28` - `2022-09-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US
Frame ID: F19D44464D732D4510B3248C58B50C83
Requests: 16 HTTP requests in this frame

Frame: https://takebest-prizes.life/media/mainstream/frame.html
Frame ID: F908F1F5729BA1631BBB8E9A9D1818E9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://karabosa.africa/ Page URL
https://takebest-prizes.life/?u=pqhk60a&o=3awgwfu Page URL
https://qqtxcr.reachloveproperty.buzz/ugfelvrb/?u=pqhk60a&o=3awgwfu&f=1&sid=t3~bpe0on50tjgfxpnmp4eebw1a&fp=pVmjxsd... Page URL
https://qqtxcr.reachloveproperty.buzz/web/?sid=t3~bpe0on50tjgfxpnmp4eebw1a HTTP 302
https://rockcloudspace.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBlt... HTTP 302
https://rockcloudspace.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJm... Page URL
https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

17
Requests

59 %
HTTPS

57 %
IPv6

8
Domains

9
Subdomains

8
IPs

2
Countries

294 kB
Transfer

1088 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://karabosa.africa/ Page URL
https://takebest-prizes.life/?u=pqhk60a&o=3awgwfu Page URL
https://qqtxcr.reachloveproperty.buzz/ugfelvrb/?u=pqhk60a&o=3awgwfu&f=1&sid=t3~bpe0on50tjgfxpnmp4eebw1a&fp=pVmjxsdBpGxEG%2FmdN70TbInZ7hzUXRTfe4LLCR1C5SvSzUMWe9Vm9ML367yWdcprKqWcud%2BV9eZ0c2hsB2qO7ecfV5DcMcyQ0lO0gsdvwr7235AZ%2FY9dzuRsHCGkEP%2BOu2OM3Nvmgaxhk3gUNIOJaasqfi4%2Bp4yMnaimrqFrBF3hwufuiF6%2BvLpXHG6er7UXd9GtPuwQ17yqULA1XIC4b4DOe5Qm8cvw24mBULrvMBP9qYcC5Gzvwuky%2FnXt1mwETcZ49uLgIegtK1KkDkWVjVJ%2BtwImFTE72gtovxXDf56jm4Bvo%2FWZjEnw9DW7i6yKXf5aBqaOtohpg7wvjO8x%2FR2kLm7kz%2B16L3ndc7PlowfEJhtSSsla%2BmCqm6nqSryqRggX7uNbV3MUZtnQ4L%2FbGp27n%2FiHeIqsOS95nMaeo1NCMW397slpnln2agy4eryloXlS2gqvBjQeEQgk0EsfzMcFMEYgSPhGkhqmCYd%2F6UcDWQnLUkP7wMb%2Bb9vrNELN07bT2ql85w9FkYaCDgPWtMiVosGZ2WL5%2FIjRybdzEed6O3BhGsGFQYVfhySaG0n7zqLaTCQqBHARMOOv7BpnC%2FFFskqxk2ml7Zzb2nfcD%2Fb%2FcM04pCHnp%2FEyq76rCrOEq4QVGX2VidGJqrrgxFibM4gJr6srKrI0F5BfkYu04JvVPSI40YRqJfZoUuai4hMJSHPd%2F8uPxYBWH6vKpQVlPcVILxHjebKu3cSRaoWkIiXZzgPoApkGLgo8mmtsACqryt1yQV%2Feddf6lJTFsCgPS7fFc3YYpIjmKEe3S2n530uKD%2FNqhLj81Nk%2BaUp8lsEZdPeA2RdaWxz0PkKaJ7ar6GephmBfKlYwOUpjzPEyFQ4KRb1v6eQFFv0x6o3Y%2Bh9EOHzrEOaN7bHPTt9IMsScuBIlyN0cS6gor4lzAVdEfcXeR%2FEhkkuQ9TzJkSWlnbXRgFbVktm1ZAjcLEKJpz%2B21kRQ6uqpIfRQYxjpepSS%2FSidsYkqtSHJyBCLlDeWvS4vGEVw6JuzaAQJevl%2BXGA2oAeqZmqOb6igPzrQQBXjm6N7Lp%2BCB1efw1W5qD2vZdiYNJY4s0SAgsq2dajplx4mOgnq4HElmINwoQghpAghACBn3EWFkTzA9cUf3ItdvVSYHuan4AIIIudQrbjD8rGF4E9Njak9h7Z%2BZHwy9JzGN5tmoFKb3nYhPvwQ5ZszYEyDVZ9Hy2eB%2BfZUeXueiNJWaqKXSkEn1qIxtX2h4u38ezv8kkTTfvqgn8Ca%2BxYalJv3YgYRuLgk0MIEWFGIMJeCz5EWGN1T0URVKTS0238719YmYCMnByuMF5drI7RrRaJHeXiT3gGO2NMTKfxTCsku0g9VHrqcDexDrZC3OZzOKPAYuQRigTrWVPaLI44sJ7YC06o2TfONkMSIU%2BcmLeuD0IPo6HBUVR8toBImynycYNgChya8qhZxismHInfcW5hRYoA9jXEmmFStkF1hVgH4nyTFIv%2FHjsrwwjvVS8a9PnxUicMKK%2FxTTEq75VBDQ2FmTOjoqf0%2BuWDNrAoOsE5hVa223RgKCuUGpub6auI6yjsh%2F%2B46daOgh8LItkVbkDdsNmYQFmumSeZKC3gH4NTjBBlBRTi7PTa0AH1G%2FDsWv4xP6WsnbLGIVW9eDZrRyJsgSLEAp1bFaUUSlmD5d5%2BPeaipFY9giLNFKibLrpebzWUcvbhwdr%2BI%2B58f2qAgPkK1HG1u7dORQdyu%2B4aBCe4WWk6fyLQAjVuP%2B6UTRYunrPiGzvsLoVUBHGLO5BLyu8W1OVZzRFLcGF59AOv%2FtM24ud3tcyAmnQL32yJXFPQBE67QX5AZttWjQ6fxFkc0Z5biAE0ySvHH%2FECP7IgWnmoKWooHyID3g%2F01H96y9Cnu780oKEgBLp%2BdwTb3jMFHwxGSrClmKq0UQTdqqREWFxbMVe44fTCQDHd8LfBbjDHKhyqy%2FCAP0eLQQM6PPbr9QYE1RZF6F%2B%2FBZK342GfVk6XkomKXBfyxtSM%2BK1xeGvusqt8%3D Page URL
https://qqtxcr.reachloveproperty.buzz/web/?sid=t3~bpe0on50tjgfxpnmp4eebw1a HTTP 302
https://rockcloudspace.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D HTTP 302
https://rockcloudspace.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D Page URL
https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://qqtxcr.reachloveproperty.buzz/web/?sid=t3~bpe0on50tjgfxpnmp4eebw1a HTTP 302
https://rockcloudspace.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D HTTP 302
https://rockcloudspace.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
karabosa.africa/ 27 KB
10 KB 448ms
281ms Document
text/html 2606:4700:3036::6815:511f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://karabosa.africa/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:511f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

239b020357bb476c8077ebe9355b6923ce8a6b357a056edc0f1989bcb6b0b9ea

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 72327fc84e1d4bd0-YUL
content-encoding: br
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
content-type: text/html;charset=UTF-8
date: Wed, 29 Jun 2022 23:39:02 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2BvximGUoymE94bryzU%2BmS%2FCC%2FD7RY8tLNvP%2BINLA3W%2BzlGGEeq3YFEsXZ2ZLcs1LOTE3D2j1191YpgYm8jXpgDWuoV9Z5xh21rvMcLgCxRMQLulu66njlEUQeRhCPn8Ln0zEVJRf39Wo6v6s58%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 138ms
52ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Requested by

Host: karabosa.africa
URL: https://karabosa.africa/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 22:46:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 23:39:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 23:39:02 GMT

GET
H2 200 prelodr.min.js Show response
karabosa.africa/ 1 KB
1 KB 313ms
312ms Script
application/javascript 2606:4700:3036::6815:511f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://karabosa.africa/prelodr.min.js

Requested by

Host: karabosa.africa
URL: https://karabosa.africa/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:511f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b16d10dc6c8891d7338041a58361d1487f7882074563aa2c0cbfde6a39c9f835

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://karabosa.africa/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 23:39:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uH8gXH43deJKcaWF0deaX56t%2FwGGntutJvSPBIZKfNEwjhRS%2Filo9XSFzh8t7XJvTjgt%2F%2BBIA0Z5haimM6rS%2F2VmVisS96taoyNYYefdQYNisacRGrDfn1dOjLNytF%2FopjHV4kxTL5ZkyGwlmrQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: private
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
cf-ray: 72327fc9f8504bd0-YUL

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 104ms
31ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://karabosa.africa
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 19:35:49 GMT
x-content-type-options: nosniff
age: 14593
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jun 2023 19:35:49 GMT

PUT
H3 202 prelodr.min.js
karabosa.africa/ 222 B
912 B 269ms
269ms XHR
application/javascript 2606:4700:3036::6815:511f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://karabosa.africa/prelodr.min.js?23962601388178168

Requested by

Host: karabosa.africa
URL: https://karabosa.africa/prelodr.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:511f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://karabosa.africa/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 29 Jun 2022 23:39:02 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gy1gvGZdPpcpFI05%2F%2B6JtgNFzQfAX%2FlCxwuM%2BZXivhcgxnOkofxgip5s93pBXMH1FjVXaskNHrn7z%2FgbE8mcFKR0C2jU8LwPoeArBD9J2LDyqS3N%2BNwZWAqVcuHMqztaCaZZWQSufEmoHLBACtU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: private
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
cf-ray: 72327fcbd936ecf6-YUL

GET
H/1.1 200
OK / Show response
takebest-prizes.life/ 88 KB
88 KB 886ms
190ms Document
text/html 5.101.45.7
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://takebest-prizes.life/?u=pqhk60a&o=3awgwfu
Requested by: Host: karabosa.africa
URL: https://karabosa.africa/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 5.101.45.7 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 127acbb6914ac5c0ef0e5b025b69d3f0a04580f34b90be8ad744389af00c1d91

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 89619
Content-Type: text/html
Date: Wed, 29 Jun 2022 23:39:03 GMT
Server: nginx
cache-control: private

GET
H/1.1 200
OK frame.html Show response
takebest-prizes.life/media/mainstream/ Frame F908 39 B
320 B 185ms
184ms Document
text/html 5.101.45.7
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://takebest-prizes.life/media/mainstream/frame.html
Requested by: Host: takebest-prizes.life
URL: https://takebest-prizes.life/?u=pqhk60a&o=3awgwfu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 5.101.45.7 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e

Request headers

Referer: https://takebest-prizes.life/?u=pqhk60a&o=3awgwfu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-transform
Connection: keep-alive
Content-Length: 39
Content-Type: text/html
Date: Wed, 29 Jun 2022 23:39:03 GMT
ETag: "60a5fcce-27"
Last-Modified: Thu, 20 May 2021 06:08:14 GMT
Server: nginx
Vary: Accept-Encoding

GET
H/1.1 200
OK /
qqtxcr.reachloveproperty.buzz/ugfelvrb/ 1 KB
2 KB 1423ms
195ms Document
text/html 5.189.217.128
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://qqtxcr.reachloveproperty.buzz/ugfelvrb/?u=pqhk60a&o=3awgwfu&f=1&sid=t3~bpe0on50tjgfxpnmp4eebw1a&fp=pVmjxsdBpGxEG%2FmdN70TbInZ7hzUXRTfe4LLCR1C5SvSzUMWe9Vm9ML367yWdcprKqWcud%2BV9eZ0c2hsB2qO7ecfV5DcMcyQ0lO0gsdvwr7235AZ%2FY9dzuRsHCGkEP%2BOu2OM3Nvmgaxhk3gUNIOJaasqfi4%2Bp4yMnaimrqFrBF3hwufuiF6%2BvLpXHG6er7UXd9GtPuwQ17yqULA1XIC4b4DOe5Qm8cvw24mBULrvMBP9qYcC5Gzvwuky%2FnXt1mwETcZ49uLgIegtK1KkDkWVjVJ%2BtwImFTE72gtovxXDf56jm4Bvo%2FWZjEnw9DW7i6yKXf5aBqaOtohpg7wvjO8x%2FR2kLm7kz%2B16L3ndc7PlowfEJhtSSsla%2BmCqm6nqSryqRggX7uNbV3MUZtnQ4L%2FbGp27n%2FiHeIqsOS95nMaeo1NCMW397slpnln2agy4eryloXlS2gqvBjQeEQgk0EsfzMcFMEYgSPhGkhqmCYd%2F6UcDWQnLUkP7wMb%2Bb9vrNELN07bT2ql85w9FkYaCDgPWtMiVosGZ2WL5%2FIjRybdzEed6O3BhGsGFQYVfhySaG0n7zqLaTCQqBHARMOOv7BpnC%2FFFskqxk2ml7Zzb2nfcD%2Fb%2FcM04pCHnp%2FEyq76rCrOEq4QVGX2VidGJqrrgxFibM4gJr6srKrI0F5BfkYu04JvVPSI40YRqJfZoUuai4hMJSHPd%2F8uPxYBWH6vKpQVlPcVILxHjebKu3cSRaoWkIiXZzgPoApkGLgo8mmtsACqryt1yQV%2Feddf6lJTFsCgPS7fFc3YYpIjmKEe3S2n530uKD%2FNqhLj81Nk%2BaUp8lsEZdPeA2RdaWxz0PkKaJ7ar6GephmBfKlYwOUpjzPEyFQ4KRb1v6eQFFv0x6o3Y%2Bh9EOHzrEOaN7bHPTt9IMsScuBIlyN0cS6gor4lzAVdEfcXeR%2FEhkkuQ9TzJkSWlnbXRgFbVktm1ZAjcLEKJpz%2B21kRQ6uqpIfRQYxjpepSS%2FSidsYkqtSHJyBCLlDeWvS4vGEVw6JuzaAQJevl%2BXGA2oAeqZmqOb6igPzrQQBXjm6N7Lp%2BCB1efw1W5qD2vZdiYNJY4s0SAgsq2dajplx4mOgnq4HElmINwoQghpAghACBn3EWFkTzA9cUf3ItdvVSYHuan4AIIIudQrbjD8rGF4E9Njak9h7Z%2BZHwy9JzGN5tmoFKb3nYhPvwQ5ZszYEyDVZ9Hy2eB%2BfZUeXueiNJWaqKXSkEn1qIxtX2h4u38ezv8kkTTfvqgn8Ca%2BxYalJv3YgYRuLgk0MIEWFGIMJeCz5EWGN1T0URVKTS0238719YmYCMnByuMF5drI7RrRaJHeXiT3gGO2NMTKfxTCsku0g9VHrqcDexDrZC3OZzOKPAYuQRigTrWVPaLI44sJ7YC06o2TfONkMSIU%2BcmLeuD0IPo6HBUVR8toBImynycYNgChya8qhZxismHInfcW5hRYoA9jXEmmFStkF1hVgH4nyTFIv%2FHjsrwwjvVS8a9PnxUicMKK%2FxTTEq75VBDQ2FmTOjoqf0%2BuWDNrAoOsE5hVa223RgKCuUGpub6auI6yjsh%2F%2B46daOgh8LItkVbkDdsNmYQFmumSeZKC3gH4NTjBBlBRTi7PTa0AH1G%2FDsWv4xP6WsnbLGIVW9eDZrRyJsgSLEAp1bFaUUSlmD5d5%2BPeaipFY9giLNFKibLrpebzWUcvbhwdr%2BI%2B58f2qAgPkK1HG1u7dORQdyu%2B4aBCe4WWk6fyLQAjVuP%2B6UTRYunrPiGzvsLoVUBHGLO5BLyu8W1OVZzRFLcGF59AOv%2FtM24ud3tcyAmnQL32yJXFPQBE67QX5AZttWjQ6fxFkc0Z5biAE0ySvHH%2FECP7IgWnmoKWooHyID3g%2F01H96y9Cnu780oKEgBLp%2BdwTb3jMFHwxGSrClmKq0UQTdqqREWFxbMVe44fTCQDHd8LfBbjDHKhyqy%2FCAP0eLQQM6PPbr9QYE1RZF6F%2B%2FBZK342GfVk6XkomKXBfyxtSM%2BK1xeGvusqt8%3D
Requested by: Host: takebest-prizes.life
URL: https://takebest-prizes.life/?u=pqhk60a&o=3awgwfu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 5.189.217.128 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://takebest-prizes.life/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 1511
Content-Type: text/html
Date: Wed, 29 Jun 2022 23:39:05 GMT
Server: nginx
cache-control: private

GET
H/1.1

200
OK

away.php
rockcloudspace.com/
Redirect Chain

https://qqtxcr.reachloveproperty.buzz/web/?sid=t3~bpe0on50tjgfxpnmp4eebw1a
https://rockcloudspace.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
https://rockcloudspace.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D

283 B
458 B

81ms
81ms

Document
text/html

149.248.3.79

General

Check archive.org

Show headers Download Go to

Full URL: https://rockcloudspace.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Requested by: Host: qqtxcr.reachloveproperty.buzz
URL: https://qqtxcr.reachloveproperty.buzz/ugfelvrb/?u=pqhk60a&o=3awgwfu&f=1&sid=t3~bpe0on50tjgfxpnmp4eebw1a&fp=pVmjxsdBpGxEG%2FmdN70TbInZ7hzUXRTfe4LLCR1C5SvSzUMWe9Vm9ML367yWdcprKqWcud%2BV9eZ0c2hsB2qO7ecfV5DcMcyQ0lO0gsdvwr7235AZ%2FY9dzuRsHCGkEP%2BOu2OM3Nvmgaxhk3gUNIOJaasqfi4%2Bp4yMnaimrqFrBF3hwufuiF6%2BvLpXHG6er7UXd9GtPuwQ17yqULA1XIC4b4DOe5Qm8cvw24mBULrvMBP9qYcC5Gzvwuky%2FnXt1mwETcZ49uLgIegtK1KkDkWVjVJ%2BtwImFTE72gtovxXDf56jm4Bvo%2FWZjEnw9DW7i6yKXf5aBqaOtohpg7wvjO8x%2FR2kLm7kz%2B16L3ndc7PlowfEJhtSSsla%2BmCqm6nqSryqRggX7uNbV3MUZtnQ4L%2FbGp27n%2FiHeIqsOS95nMaeo1NCMW397slpnln2agy4eryloXlS2gqvBjQeEQgk0EsfzMcFMEYgSPhGkhqmCYd%2F6UcDWQnLUkP7wMb%2Bb9vrNELN07bT2ql85w9FkYaCDgPWtMiVosGZ2WL5%2FIjRybdzEed6O3BhGsGFQYVfhySaG0n7zqLaTCQqBHARMOOv7BpnC%2FFFskqxk2ml7Zzb2nfcD%2Fb%2FcM04pCHnp%2FEyq76rCrOEq4QVGX2VidGJqrrgxFibM4gJr6srKrI0F5BfkYu04JvVPSI40YRqJfZoUuai4hMJSHPd%2F8uPxYBWH6vKpQVlPcVILxHjebKu3cSRaoWkIiXZzgPoApkGLgo8mmtsACqryt1yQV%2Feddf6lJTFsCgPS7fFc3YYpIjmKEe3S2n530uKD%2FNqhLj81Nk%2BaUp8lsEZdPeA2RdaWxz0PkKaJ7ar6GephmBfKlYwOUpjzPEyFQ4KRb1v6eQFFv0x6o3Y%2Bh9EOHzrEOaN7bHPTt9IMsScuBIlyN0cS6gor4lzAVdEfcXeR%2FEhkkuQ9TzJkSWlnbXRgFbVktm1ZAjcLEKJpz%2B21kRQ6uqpIfRQYxjpepSS%2FSidsYkqtSHJyBCLlDeWvS4vGEVw6JuzaAQJevl%2BXGA2oAeqZmqOb6igPzrQQBXjm6N7Lp%2BCB1efw1W5qD2vZdiYNJY4s0SAgsq2dajplx4mOgnq4HElmINwoQghpAghACBn3EWFkTzA9cUf3ItdvVSYHuan4AIIIudQrbjD8rGF4E9Njak9h7Z%2BZHwy9JzGN5tmoFKb3nYhPvwQ5ZszYEyDVZ9Hy2eB%2BfZUeXueiNJWaqKXSkEn1qIxtX2h4u38ezv8kkTTfvqgn8Ca%2BxYalJv3YgYRuLgk0MIEWFGIMJeCz5EWGN1T0URVKTS0238719YmYCMnByuMF5drI7RrRaJHeXiT3gGO2NMTKfxTCsku0g9VHrqcDexDrZC3OZzOKPAYuQRigTrWVPaLI44sJ7YC06o2TfONkMSIU%2BcmLeuD0IPo6HBUVR8toBImynycYNgChya8qhZxismHInfcW5hRYoA9jXEmmFStkF1hVgH4nyTFIv%2FHjsrwwjvVS8a9PnxUicMKK%2FxTTEq75VBDQ2FmTOjoqf0%2BuWDNrAoOsE5hVa223RgKCuUGpub6auI6yjsh%2F%2B46daOgh8LItkVbkDdsNmYQFmumSeZKC3gH4NTjBBlBRTi7PTa0AH1G%2FDsWv4xP6WsnbLGIVW9eDZrRyJsgSLEAp1bFaUUSlmD5d5%2BPeaipFY9giLNFKibLrpebzWUcvbhwdr%2BI%2B58f2qAgPkK1HG1u7dORQdyu%2B4aBCe4WWk6fyLQAjVuP%2B6UTRYunrPiGzvsLoVUBHGLO5BLyu8W1OVZzRFLcGF59AOv%2FtM24ud3tcyAmnQL32yJXFPQBE67QX5AZttWjQ6fxFkc0Z5biAE0ySvHH%2FECP7IgWnmoKWooHyID3g%2F01H96y9Cnu780oKEgBLp%2BdwTb3jMFHwxGSrClmKq0UQTdqqREWFxbMVe44fTCQDHd8LfBbjDHKhyqy%2FCAP0eLQQM6PPbr9QYE1RZF6F%2B%2FBZK342GfVk6XkomKXBfyxtSM%2BK1xeGvusqt8%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 149.248.3.79 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://qqtxcr.reachloveproperty.buzz/ugfelvrb/?u=pqhk60a&o=3awgwfu&f=1&sid=t3~bpe0on50tjgfxpnmp4eebw1a&fp=pVmjxsdBpGxEG%2FmdN70TbInZ7hzUXRTfe4LLCR1C5SvSzUMWe9Vm9ML367yWdcprKqWcud%2BV9eZ0c2hsB2qO7ecfV5DcMcyQ0lO0gsdvwr7235AZ%2FY9dzuRsHCGkEP%2BOu2OM3Nvmgaxhk3gUNIOJaasqfi4%2Bp4yMnaimrqFrBF3hwufuiF6%2BvLpXHG6er7UXd9GtPuwQ17yqULA1XIC4b4DOe5Qm8cvw24mBULrvMBP9qYcC5Gzvwuky%2FnXt1mwETcZ49uLgIegtK1KkDkWVjVJ%2BtwImFTE72gtovxXDf56jm4Bvo%2FWZjEnw9DW7i6yKXf5aBqaOtohpg7wvjO8x%2FR2kLm7kz%2B16L3ndc7PlowfEJhtSSsla%2BmCqm6nqSryqRggX7uNbV3MUZtnQ4L%2FbGp27n%2FiHeIqsOS95nMaeo1NCMW397slpnln2agy4eryloXlS2gqvBjQeEQgk0EsfzMcFMEYgSPhGkhqmCYd%2F6UcDWQnLUkP7wMb%2Bb9vrNELN07bT2ql85w9FkYaCDgPWtMiVosGZ2WL5%2FIjRybdzEed6O3BhGsGFQYVfhySaG0n7zqLaTCQqBHARMOOv7BpnC%2FFFskqxk2ml7Zzb2nfcD%2Fb%2FcM04pCHnp%2FEyq76rCrOEq4QVGX2VidGJqrrgxFibM4gJr6srKrI0F5BfkYu04JvVPSI40YRqJfZoUuai4hMJSHPd%2F8uPxYBWH6vKpQVlPcVILxHjebKu3cSRaoWkIiXZzgPoApkGLgo8mmtsACqryt1yQV%2Feddf6lJTFsCgPS7fFc3YYpIjmKEe3S2n530uKD%2FNqhLj81Nk%2BaUp8lsEZdPeA2RdaWxz0PkKaJ7ar6GephmBfKlYwOUpjzPEyFQ4KRb1v6eQFFv0x6o3Y%2Bh9EOHzrEOaN7bHPTt9IMsScuBIlyN0cS6gor4lzAVdEfcXeR%2FEhkkuQ9TzJkSWlnbXRgFbVktm1ZAjcLEKJpz%2B21kRQ6uqpIfRQYxjpepSS%2FSidsYkqtSHJyBCLlDeWvS4vGEVw6JuzaAQJevl%2BXGA2oAeqZmqOb6igPzrQQBXjm6N7Lp%2BCB1efw1W5qD2vZdiYNJY4s0SAgsq2dajplx4mOgnq4HElmINwoQghpAghACBn3EWFkTzA9cUf3ItdvVSYHuan4AIIIudQrbjD8rGF4E9Njak9h7Z%2BZHwy9JzGN5tmoFKb3nYhPvwQ5ZszYEyDVZ9Hy2eB%2BfZUeXueiNJWaqKXSkEn1qIxtX2h4u38ezv8kkTTfvqgn8Ca%2BxYalJv3YgYRuLgk0MIEWFGIMJeCz5EWGN1T0URVKTS0238719YmYCMnByuMF5drI7RrRaJHeXiT3gGO2NMTKfxTCsku0g9VHrqcDexDrZC3OZzOKPAYuQRigTrWVPaLI44sJ7YC06o2TfONkMSIU%2BcmLeuD0IPo6HBUVR8toBImynycYNgChya8qhZxismHInfcW5hRYoA9jXEmmFStkF1hVgH4nyTFIv%2FHjsrwwjvVS8a9PnxUicMKK%2FxTTEq75VBDQ2FmTOjoqf0%2BuWDNrAoOsE5hVa223RgKCuUGpub6auI6yjsh%2F%2B46daOgh8LItkVbkDdsNmYQFmumSeZKC3gH4NTjBBlBRTi7PTa0AH1G%2FDsWv4xP6WsnbLGIVW9eDZrRyJsgSLEAp1bFaUUSlmD5d5%2BPeaipFY9giLNFKibLrpebzWUcvbhwdr%2BI%2B58f2qAgPkK1HG1u7dORQdyu%2B4aBCe4WWk6fyLQAjVuP%2B6UTRYunrPiGzvsLoVUBHGLO5BLyu8W1OVZzRFLcGF59AOv%2FtM24ud3tcyAmnQL32yJXFPQBE67QX5AZttWjQ6fxFkc0Z5biAE0ySvHH%2FECP7IgWnmoKWooHyID3g%2F01H96y9Cnu780oKEgBLp%2BdwTb3jMFHwxGSrClmKq0UQTdqqREWFxbMVe44fTCQDHd8LfBbjDHKhyqy%2FCAP0eLQQM6PPbr9QYE1RZF6F%2B%2FBZK342GfVk6XkomKXBfyxtSM%2BK1xeGvusqt8%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 29 Jun 2022 23:39:06 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 29 Jun 2022 23:39:06 GMT
Location: /away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Server: nginx
Transfer-Encoding: chunked

GET
H2 200 Primary Request details
play.google.com/store/apps/ 951 KB
175 KB 307ms
106ms Document
text/html 2607:f8b0:4006:816::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US

Requested by

Host: rockcloudspace.com
URL: https://rockcloudspace.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport script-src 'report-sample' 'nonce-0uLPpHyiTKzGDxysr1PtwA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'nonce-0uLPpHyiTKzGDxysr1PtwA' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport script-src 'report-sample' 'nonce-0uLPpHyiTKzGDxysr1PtwA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'nonce-0uLPpHyiTKzGDxysr1PtwA' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups; report-to="PlayStoreUi"
cross-origin-resource-policy: same-site
date: Wed, 29 Jun 2022 23:39:06 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"PlayStoreUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/PlayStoreUi/external"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 0

POST cspreport
play.google.com/_/PlayStoreUi/ 0
0

GET m=_b,_tp,_r
www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en.ZcUQirMFokc.2021.O/am=zmLP-H3A98MsBCA/d=1/excm=_b,_r,_tp,appdetailsview/ed=1/dg=0/wt=2/rs=AB1caFXiy-93WmDxVW4bT7R_0Jg8XXjgSQ/ 0
0

GET 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/ 0
0

GET 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/ 0
0

GET Gw6kwdfw6UnXLJCcmafZyFRXb3BL9rvi0QZG3Q.woff2
fonts.gstatic.com/s/googlematerialicons/v112/ 0
0

GET z5nin1RdQ4UZhv6fa1FNG7VE33imGqPgC4kKZIUjgf_up7E-Pj3AaojlMPwNNXaeGA=w240-h480-rw
play-lh.googleusercontent.com/ 0
0

GET mw_NfsvKM8m6RPv8Fz2GQawCOsqWv010saMnc7zbWalMxuaA9IY8h7E0VMieLxSxAFB98NFeYqbFrXXq=w48-h16-rw
play-lh.googleusercontent.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: play.google.com
URL: https://play.google.com/_/PlayStoreUi/cspreport

Domain: www.gstatic.com
URL: https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en.ZcUQirMFokc.2021.O/am=zmLP-H3A98MsBCA/d=1/excm=_b,_r,_tp,appdetailsview/ed=1/dg=0/wt=2/rs=AB1caFXiy-93WmDxVW4bT7R_0Jg8XXjgSQ/m=_b,_tp,_r

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/googlematerialicons/v112/Gw6kwdfw6UnXLJCcmafZyFRXb3BL9rvi0QZG3Q.woff2

Domain: play-lh.googleusercontent.com
URL: https://play-lh.googleusercontent.com/z5nin1RdQ4UZhv6fa1FNG7VE33imGqPgC4kKZIUjgf_up7E-Pj3AaojlMPwNNXaeGA=w240-h480-rw

Domain: play-lh.googleusercontent.com
URL: https://play-lh.googleusercontent.com/mw_NfsvKM8m6RPv8Fz2GQawCOsqWv010saMnc7zbWalMxuaA9IY8h7E0VMieLxSxAFB98NFeYqbFrXXq=w48-h16-rw

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
karabosa.africa/	1970-01-20 12:54:41	Name: ekplg_janq Value: JUUwJUI4JUFCJUUwJUI4JUI5JTIwJUUwJUI4JUE1JUUwJUI4JUIyJUUwJUI4JTgxJTIwJUUwJUI4JUEzJUUwJUI4JTk2JTIwJUUwJUI4JTgxJUUwJUI4JUEzJUUwJUI4JUIwJUUwJUI4JTlBJUUwJUI4JUIw
takebest-prizes.life/	1969-12-31 23:59:59	Name: sid Value: t3~bpe0on50tjgfxpnmp4eebw1a
takebest-prizes.life/	1969-12-31 23:59:59	Name: p1 Value: https://reachloveproperty.buzz/ugfelvrb/
takebest-prizes.life/	1969-12-31 23:59:59	Name: s1 Value: 3iyvacv7f11xpr3u

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
karabosa.africa
play-lh.googleusercontent.com
play.google.com
qqtxcr.reachloveproperty.buzz
rockcloudspace.com
takebest-prizes.life
www.gstatic.com
fonts.gstatic.com
play-lh.googleusercontent.com
play.google.com
www.gstatic.com
149.248.3.79
2606:4700:3036::6815:511f
2607:f8b0:4006:80d::200a
2607:f8b0:4006:816::200e
2607:f8b0:4006:824::2003
5.101.45.7
5.189.217.128
127acbb6914ac5c0ef0e5b025b69d3f0a04580f34b90be8ad744389af00c1d91
239b020357bb476c8077ebe9355b6923ce8a6b357a056edc0f1989bcb6b0b9ea
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
b16d10dc6c8891d7338041a58361d1487f7882074563aa2c0cbfde6a39c9f835
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

play.google.com Open in urlscan Pro 2607:f8b0:4006:816::200e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

59 %HTTPS

57 %IPv6

8 Domains

9 Subdomains

8 IPs

2 Countries

294 kBTransfer

1088 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

4 Cookies

1 Console Messages

Security Headers

Indicators

play.google.com Open in urlscan Pro
2607:f8b0:4006:816::200e Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

59 %
HTTPS

57 %
IPv6

8
Domains

9
Subdomains

8
IPs

2
Countries

294 kB
Transfer

1088 kB
Size

4
Cookies

17 HTTP transactions
0 data transactions