Submitted URL: http://track.yousavemail.com/skm/link/load/?uid=5c8781751f2b1de4138b4572-5c8782a365d0fc762d97c3e5-5c8781941f2b1d914c8b4569&ur...
Effective URL: https://mysterybox.404offer.com/
Submission: On March 16 via manual from SG

Summary

This website contacted 6 IPs in 4 countries across 8 domains to perform 13 HTTP transactions. The main IP is 35.241.57.179, located in Ann Arbor, United States and belongs to GOOGLE - Google LLC, US. The main domain is mysterybox.404offer.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 11th 2019. Valid for: 3 months.
This is the only time mysterybox.404offer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 103.255.100.152 132952 (ENOW-AS ENOW)
1 88.208.252.137 8560 (ONEANDONE...)
1 1 34.254.118.46 16509 (AMAZON-02)
1 1 195.8.196.134 9009 (M247)
1 2 35.241.57.179 15169 (GOOGLE)
5 192.229.133.208 15133 (EDGECAST)
3 130.211.30.60 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 35.186.205.120 15169 (GOOGLE)
13 6
Domain Requested by
5 v.fastcdn.co mysterybox.404offer.com
3 heatmap.services mysterybox.404offer.com
heatmap.services
2 fonts.gstatic.com mysterybox.404offer.com
2 mysterybox.404offer.com 1 redirects www.yousavemail.com
1 anthill.instapage.com mysterybox.404offer.com
1 c1icktree.co.uk 1 redirects
1 monetisetrk5.co.uk 1 redirects
1 www.yousavemail.com
1 track.yousavemail.com 1 redirects
13 9

This site contains links to these domains. Also see Links.

Domain
monetisetrk5.co.uk
Subject Issuer Validity Valid
mysterybox.404offer.com
Let's Encrypt Authority X3
2019-01-11 -
2019-04-11
3 months crt.sh
v.fastcdn.co
DigiCert SHA2 Secure Server CA
2017-10-24 -
2020-06-09
3 years crt.sh
heatmap.services
COMODO RSA Domain Validation Secure Server CA
2018-04-20 -
2020-04-19
2 years crt.sh
*.google.com
Google Internet Authority G3
2019-03-01 -
2019-05-24
3 months crt.sh
*.instapage.com
DigiCert SHA2 Secure Server CA
2018-10-01 -
2019-11-27
a year crt.sh

This page contains 1 frames:

Primary Page: https://mysterybox.404offer.com/
Frame ID: 0D91A152EF5BB618C68A51B798053CF9
Requests: 13 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://track.yousavemail.com/skm/link/load/?uid=5c8781751f2b1de4138b4572-5c8782a365d0fc762d97c3e5-5c87819... HTTP 302
    http://www.yousavemail.com/af1314.html Page URL
  2. http://monetisetrk5.co.uk/?a=4119&c=32823&s1= HTTP 302
    http://c1icktree.co.uk/go/?id=20 HTTP 302
    http://mysterybox.404offer.com/ HTTP 302
    https://mysterybox.404offer.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /IIS(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /IIS(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • env /^moment$/i

Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

13
Requests

92 %
HTTPS

11 %
IPv6

8
Domains

9
Subdomains

6
IPs

4
Countries

312 kB
Transfer

1054 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://track.yousavemail.com/skm/link/load/?uid=5c8781751f2b1de4138b4572-5c8782a365d0fc762d97c3e5-5c8781941f2b1d914c8b4569&uri=http://www.yousavemail.com/af1314.html HTTP 302
    http://www.yousavemail.com/af1314.html Page URL
  2. http://monetisetrk5.co.uk/?a=4119&c=32823&s1= HTTP 302
    http://c1icktree.co.uk/go/?id=20 HTTP 302
    http://mysterybox.404offer.com/ HTTP 302
    https://mysterybox.404offer.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://track.yousavemail.com/skm/link/load/?uid=5c8781751f2b1de4138b4572-5c8782a365d0fc762d97c3e5-5c8781941f2b1d914c8b4569&uri=http://www.yousavemail.com/af1314.html HTTP 302
  • http://www.yousavemail.com/af1314.html

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
af1314.html
www.yousavemail.com/
Redirect Chain
  • http://track.yousavemail.com/skm/link/load/?uid=5c8781751f2b1de4138b4572-5c8782a365d0fc762d97c3e5-5c8781941f2b1d914c8b4569&uri=http://www.yousavemail.com/af1314.html
  • http://www.yousavemail.com/af1314.html
122 B
522 B
Document
General
Full URL
http://www.yousavemail.com/af1314.html
Protocol
HTTP/1.1
Server
88.208.252.137 Gloucester, United Kingdom, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
server88-208-252-137.fasthosts.net.uk
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
206f3cf35884ad2129d1e38a58e8edbc06c673a88db73bf989ebd5f7906ba50d

Request headers

Host
www.yousavemail.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type
text/html
Content-Encoding
gzip
Last-Modified
Fri, 08 Feb 2019 13:27:54 GMT
Accept-Ranges
bytes
ETag
"8d282e19b2bfd41:0"
Vary
Accept-Encoding
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
Date
Sat, 16 Mar 2019 14:46:37 GMT
Content-Length
228

Redirect headers

Date
Sat, 16 Mar 2019 14:46:37 GMT
Server
Apache/2.2.15
X-Powered-By
PHP/5.3.3
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=sr932njo0ke0f5a13i5hud8eb1; path=/
location
http://www.yousavemail.com/af1314.html
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
Primary Request /
mysterybox.404offer.com/
Redirect Chain
  • http://monetisetrk5.co.uk/?a=4119&c=32823&s1=
  • http://c1icktree.co.uk/go/?id=20
  • http://mysterybox.404offer.com/
  • https://mysterybox.404offer.com/
30 KB
8 KB
Document
General
Full URL
https://mysterybox.404offer.com/
Requested by
Host: www.yousavemail.com
URL: http://www.yousavemail.com/af1314.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.241.57.179 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
179.57.241.35.bc.googleusercontent.com
Software
openresty / Express
Resource Hash
ead4c5204043d7cc0eee4cffb28a6863586d4a3c7402e06eff46acd401ad61af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
mysterybox.404offer.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://www.yousavemail.com/af1314.html
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://www.yousavemail.com/af1314.html

Response headers

status
200
server
openresty
date
Sat, 16 Mar 2019 14:46:38 GMT
content-type
text/html; charset=utf-8
x-powered-by
Express
access-control-allow-origin
*
set-cookie
instapage-variant-9065237=A; Path=/; Expires=Sat, 16 Mar 2019 23:32:14 GMT
etag
W/"76e4-mI1VVo/JKhEHQlPt1D3w4pXANME"
vary
Accept-Encoding
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

Server
openresty
Date
Sat, 16 Mar 2019 14:46:38 GMT
Content-Type
text/html
Content-Length
158
Location
https://mysterybox.404offer.com:443/
Strict-Transport-Security
max-age=31536000; includeSubDomains
Via
1.1 google
css
v.fastcdn.co/f/
24 KB
1 KB
Stylesheet
General
Full URL
https://v.fastcdn.co/f/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800
Requested by
Host: mysterybox.404offer.com
URL: https://mysterybox.404offer.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.208 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ESF /
Resource Hash
734371ae3281d7a36957ab5d66796041b7cfa199ecc0a58c51cad5322587cc3e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mysterybox.404offer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 16 Mar 2019 14:46:39 GMT
content-encoding
br
last-modified
Sat, 16 Mar 2019 14:46:39 GMT
server
ESF
access-control-allow-origin
*
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
cache-control
private, max-age=86400, stale-while-revalidate=604800
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security
max-age=31536000
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
x-xss-protection
1; mode=block
expires
Sat, 16 Mar 2019 14:46:39 GMT
pageserver.page2.aec2f66048d6080f75821a85f99acd74.css
v.fastcdn.co/a/1a7d782aa0e1ed3753e71892492b39c2c16381b4/
214 KB
35 KB
Stylesheet
General
Full URL
https://v.fastcdn.co/a/1a7d782aa0e1ed3753e71892492b39c2c16381b4/pageserver.page2.aec2f66048d6080f75821a85f99acd74.css
Requested by
Host: mysterybox.404offer.com
URL: https://mysterybox.404offer.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.208 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/4184) /
Resource Hash
147b544fbaff1b18f6e5387d4b6332df7f66462bc581c4ab1a11e43e8cc13474

Request headers

Referer
https://mysterybox.404offer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 16 Mar 2019 14:46:39 GMT
content-encoding
gzip
x-guploader-uploadid
AEnB2UrrlrLnYEKUfOzy9kYyi4LwmDCTfKvadXLjNHQozFy1UP1gZLEH8FGm_QEYeI6ews6TW2I7PD71F8VKAHcaD_UEtqW-ng
x-cache
HIT
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
35514
last-modified
Thu, 21 Feb 2019 09:15:01 GMT
server
ECS (fcn/4184)
etag
"05b5f1c5fab62e7a04d884891e5125ba"
vary
Accept-Encoding
x-goog-hash
crc32c=2PbNwg==, md5=BbXxxfq2LnoE2ISJHlElug==
x-goog-generation
1550740501845748
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
35514
accept-ranges
bytes
content-type
text/css
expires
Sat, 16 Mar 2019 15:46:39 GMT
pageserver.page2.es5.d5f7d07fadbb2eba864e.bundle.js
v.fastcdn.co/a/1a7d782aa0e1ed3753e71892492b39c2c16381b4/
481 KB
141 KB
Script
General
Full URL
https://v.fastcdn.co/a/1a7d782aa0e1ed3753e71892492b39c2c16381b4/pageserver.page2.es5.d5f7d07fadbb2eba864e.bundle.js
Requested by
Host: mysterybox.404offer.com
URL: https://mysterybox.404offer.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.208 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40B5) /
Resource Hash
822fb0fee2412f76b18a883d500bda2e74085f1db7314b69d46fa864fdf351b4

Request headers

Referer
https://mysterybox.404offer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 16 Mar 2019 14:46:39 GMT
content-encoding
gzip
x-guploader-uploadid
AEnB2UqEkY5ok_vFCb5F04ZbJtfDl9ni5w1W9UYbazQMKyLXGQ9OJ8JJJwaGlR3oltlz6Bd_Gp7WO_mbCts-HpOog6ykartU7g
x-cache
HIT
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
143710
last-modified
Thu, 21 Feb 2019 09:15:12 GMT
server
ECS (fcn/40B5)
etag
"efb2612194229d615cf02c016f8ce423"
vary
Accept-Encoding
x-goog-hash
crc32c=RUDSUQ==, md5=77JhIZQinWFc8CwBb4zkIw==
x-goog-generation
1550740512574254
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
143710
accept-ranges
bytes
content-type
application/javascript
expires
Sat, 16 Mar 2019 15:46:39 GMT
1539343237-27969247-200x200x201x200x1x0-mystery-box.jpg
v.fastcdn.co/t/ea16ea28/69aaf639/
25 KB
26 KB
Image
General
Full URL
https://v.fastcdn.co/t/ea16ea28/69aaf639/1539343237-27969247-200x200x201x200x1x0-mystery-box.jpg
Requested by
Host: mysterybox.404offer.com
URL: https://mysterybox.404offer.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.208 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40DA) /
Resource Hash
afa7593454782c564c49997e60cd1a8c5c8f4c917c4f85ff4b6fe6ea42902062

Request headers

Referer
https://mysterybox.404offer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 16 Mar 2019 14:46:39 GMT
x-goog-stored-content-length
25992
x-guploader-uploadid
AEnB2Uqeyci4UHSP3RLAK-EDe0yRWQAdTf6GmqQdtbxVsCrqohhPw2h-kyVYx1RO7VgrFfOXbHvr_wmU6Tz6tXcOQWZUQf5fwQ
x-cache
HIT
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
x-goog-meta-expires
Tue, 03 Dec 2019 03:20:37 GMT
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
25992
last-modified
Fri, 12 Oct 2018 11:20:37 GMT
server
ECS (fcn/40DA)
etag
"9e20cda87a90ccc5d47fd729c4587f65"
x-goog-hash
crc32c=y9QNlw==, md5=niDNqHqQzMXUf9cpxFh/ZQ==
content-type
image/jpeg
x-goog-generation
1539343237917126
cache-control
max-age=315360000, public
x-goog-meta-content-length
25992
accept-ranges
bytes
expires
Sun, 15 Mar 2020 14:46:39 GMT
lib.js
heatmap.services/static/
262 KB
81 KB
Script
General
Full URL
https://heatmap.services/static/lib.js
Requested by
Host: mysterybox.404offer.com
URL: https://mysterybox.404offer.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
130.211.30.60 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
60.30.211.130.bc.googleusercontent.com
Software
/
Resource Hash
6b0d9a24bbe7862a167a144784379e12cd6901ae07d42aed6daf2acdcb9be083
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mysterybox.404offer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 16 Mar 2019 14:46:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-dns-prefetch-control
off
status
200
alt-svc
clear
x-xss-protection
1; mode=block
last-modified
Fri, 02 Nov 2018 11:09:40 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
via
1.1 google
vary
Accept-Encoding
cache-control
public, must-revalidate, public
access-control-allow-credentials
true
accept-ranges
bytes
expires
Sat, 16 Mar 2019 14:51:39 GMT
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
Requested by
Host: mysterybox.404offer.com
URL: https://mysterybox.404offer.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://v.fastcdn.co/f/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800
Origin
https://mysterybox.404offer.com

Response headers

date
Fri, 08 Mar 2019 20:21:18 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:39 GMT
server
sffe
age
671121
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
8800
x-xss-protection
1; mode=block
expires
Sat, 07 Mar 2020 20:21:18 GMT
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: mysterybox.404offer.com
URL: https://mysterybox.404offer.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://v.fastcdn.co/f/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800
Origin
https://mysterybox.404offer.com

Response headers

date
Fri, 08 Mar 2019 23:23:06 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:46 GMT
server
sffe
age
660213
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
8892
x-xss-protection
1; mode=block
expires
Sat, 07 Mar 2020 23:23:06 GMT
visit
anthill.instapage.com/api/v3/projects/56c2f3d796773d0a7e96a536/events/
35 B
192 B
Image
General
Full URL
https://anthill.instapage.com/api/v3/projects/56c2f3d796773d0a7e96a536/events/visit?data=eyJvd25lcl9pZCI6MTg2OTgzMSwiY3VzdG9tZXJfaWQiOjIxNjgxNjYsInVzZXJfaWQiOjE4Njk4MzEsInBhZ2VfaWQiOjkwNjUyMzcsInB1Ymxpc2hlZF92ZXJzaW9uIjo1NywicXVhbnRpdHkiOjEsInN0YXRpY19wYWdlIjpmYWxzZSwidmFyaWF0aW9uX25hbWUiOiJBIiwidmFyaWF0aW9uX2lkIjoxLCJsaW5rZWRfdmFyaWF0aW9uX2lkIjoyLCJpbml0aWFsX3Jlc3BvbnNpdmVfbW9kZSI6bnVsbCwidmlzaXRvcl9pcCI6IjM1LjE5My43My4xOTQiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM181KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjcuMC4zMzk2Ljg3IFNhZmFyaS81MzcuMzYiLCJqYXZhc2NyaXB0Ijp0cnVlLCJ2YXJpYXRpb24iOiJBIiwiZ2VuZXJhdGlvbl90aW1lIjoiNSIsInJlc3BvbnNpdmVfbW9kZSI6bnVsbCwidmlzaXRlZCI6MCwiY2FtcGFpZ25faWQiOmZhbHNlLCJhZF9pZCI6ZmFsc2UsImNhbXBhaWduX3NvdXJjZSI6ZmFsc2UsInJlZiI6Imh0dHA6Ly93d3cueW91c2F2ZW1haWwuY29tL2FmMTMxNC5odG1sIn0=&t=1552747599411&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6MX0.eyJpc3MiOiJhcHAiLCJzdWIiOiJmcm9udGVuZDphcHA6dHA5MDY1MjM3IiwiYXVkIjpbImFudGhpbGwiXSwiZXhwIjoxNTgyNTg5MDM4fQ.lPmWCQPwFUJO2GTpAkQLLFcU1NKOZJ5skwDl5c32WoNuRmcqVJmEeWqJPa_dd2unCTn0P2f6QIcR-ARYkSmW7BSfMhL_ihMgdAP9B-fAuxcsRZegQhpB1t8zRuJr2bF6lGU-7mlEwr4gVn9NlCV7gayApPsA5fD-zw_FcRFUTovUhHaJlbGf0a1jcs_q4vPNTDyeZo-eVooH42rB7K0q-mELkcrp_5ssEFAhFsk3nZ9wzDZDjYnO3tutoBv6l5QBxSUNfcOO_pUr_zTomvjoNKmDW6vVGBrT7qtfC0bytkD00GBNdBmMSufyIsRA5k5vpZrYHKN1KqxH3XUHDmieqg
Requested by
Host: mysterybox.404offer.com
URL: https://mysterybox.404offer.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.186.205.120 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
120.205.186.35.bc.googleusercontent.com
Software
/ Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://mysterybox.404offer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 16 Mar 2019 14:46:39 GMT
via
1.1 google
x-powered-by
Express
etag
W/"23-X71HIiL+uKIs9biqXcW44Tr4jis"
vary
Origin
content-type
application/octet-stream
status
200
alt-svc
clear
content-length
35
loading_circle.svg
v.fastcdn.co/a/img/
694 B
951 B
Image
General
Full URL
https://v.fastcdn.co/a/img/loading_circle.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.208 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40D8) /
Resource Hash
eec2c40d8b1bb98306990239204d8b90ca030f0def0e00dfe3117ae42991e126

Request headers

Referer
https://mysterybox.404offer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 16 Mar 2019 14:46:39 GMT
x-guploader-uploadid
AEnB2UqmJxXT_JR0iQg2McATJcmZQTlDhKj2hC3I_BOSsTgR9OjcRyLOSxAcvP6grZsj17uCUHX9iqDaRAKPhfQrvleU9abuBQ
x-cache
HIT
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
694
last-modified
Mon, 04 Jul 2016 13:37:12 GMT
server
ECS (fcn/40D8)
etag
"be00fc4a29d03016e78b28c9943e3f51"
x-goog-hash
crc32c=Y/o9cg==, md5=vgD8SinQMBbniyjJlD4/UQ==
content-type
image/svg+xml
access-control-allow-origin
*
x-goog-generation
1467639432842000
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
694
accept-ranges
bytes
expires
Sat, 16 Mar 2019 15:46:39 GMT
raw-data
heatmap.services/api/
0
319 B
Fetch
General
Full URL
https://heatmap.services/api/raw-data
Requested by
Host: heatmap.services
URL: https://heatmap.services/static/lib.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
130.211.30.60 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
60.30.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Access-Control-Request-Method
POST
Origin
https://mysterybox.404offer.com
Referer
https://mysterybox.404offer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Sat, 16 Mar 2019 14:46:47 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-origin
https://mysterybox.404offer.com
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
status
204
vary
Origin
access-control-allow-credentials
true
access-control-allow-headers
content-type
x-dns-prefetch-control
off
alt-svc
clear
x-xss-protection
1; mode=block
raw-data
heatmap.services/api/
33 B
184 B
Fetch
General
Full URL
https://heatmap.services/api/raw-data
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
130.211.30.60 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
60.30.211.130.bc.googleusercontent.com
Software
/
Resource Hash
aeae628bb5c58695aeeb38d775b0d3e58f0d3448679f5f2a1c9038cc63ae2156
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mysterybox.404offer.com/
Origin
https://mysterybox.404offer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Mar 2019 14:46:47 GMT
via
1.1 google
x-content-type-options
nosniff
status
201
etag
W/"21-OGHiFV/OrNujBxibS2uM6bqKAHs"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://mysterybox.404offer.com
vary
Origin, Accept-Encoding
access-control-allow-credentials
true
x-dns-prefetch-control
off
alt-svc
clear
content-length
33
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| getOption object| __a_o__ function| ijQuery function| jquery function| jQuery function| $ function| Translate function| moment object| _form_controller function| MobileHelper function| ServerStorageLocal function| InstapageUniqueVisit object| base64 function| base64_encode function| base64_decode number| page_version object| _Translate object| __variantsData number| __page_id number| __version string| __variant string| __variant_custom_name boolean| __is_tablet string| __page_domain string| __instapage_services string| __instapage_proxy_services boolean| __preview boolean| __facebook number| __page_type number| __mobile_version string| __variant_hash number| __predator_throttle object| __predator_blacklist string| __google_tab_manager_id string| __facebook_pixel_id string| __munchkin_snippet string| __instapage_submission_endpoint function| __recaptchaError function| __removeReCaptchaClasses function| __changeReCaptchaChallengePosition function| __reCaptchaTrigger object| jQuery111108246563268968599 function| is_new_mobile_visible function| iCopyAnalyticsEvent function| removeEventParameter function| iEncodePixelUrl function| iCreateTrackingPixel object| __conversions_settings function| getWidgetsHorizontalBoundries number| max number| __workspaceWidth object| _Mobile_helper string| itemKey object| __unique object| __analytics_called_parameters object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| JSON3

3 Cookies

Domain/Path Name / Value
mysterybox.404offer.com/ Name: instapage-visit-9065237
Value: %257B%2522ref%2522%253A%2522http%253A%252F%252Fwww.yousavemail.com%252Faf1314.html%2522%252C%2522A%2522%253A%257B%2522b%2522%253A1%252C%2522d%2522%253A1552747599%257D%257D
mysterybox.404offer.com/ Name: instapage-visit-9065237-expires
Value: Sun%252C%252015%2520Mar%25202020%252014%253A46%253A39%2520GMT
mysterybox.404offer.com/ Name: instapage-variant-9065237
Value: A