![](/screenshots/df25017c-522a-47f3-926e-a75e05adc5f1.png)
payitforwardgroups.com
Open in
urlscan Pro
206.72.192.242
Public Scan
Effective URL: https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvv...
Submission Tags: falconsandbox
Submission: On June 29 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 29th 2023. Valid for: 3 months.
This is the only time payitforwardgroups.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 18.185.21.38 18.185.21.38 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 45.74.8.8 45.74.8.8 | 3223 (VOXILITY) (VOXILITY) | |
2 5 | 206.72.192.242 206.72.192.242 | 19318 (IS-AS-1) (IS-AS-1) | |
4 | 2 |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-21-38.eu-central-1.compute.amazonaws.com
e.targito.com |
ASN19318 (IS-AS-1, US)
PTR: yolo.support
495life.com | |
payitforwardgroups.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
payitforwardgroups.com
1 redirects
payitforwardgroups.com |
60 KB |
1 |
495life.com
1 redirects
495life.com |
649 B |
1 |
lawyerjmp.net
9char.lawyerjmp.net |
286 B |
1 |
targito.com
1 redirects
e.targito.com — Cisco Umbrella Rank: 665642 |
835 B |
4 | 4 |
Domain | Requested by | |
---|---|---|
4 | payitforwardgroups.com |
1 redirects
payitforwardgroups.com
|
1 | 495life.com | 1 redirects |
1 | 9char.lawyerjmp.net | |
1 | e.targito.com | 1 redirects |
4 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
payitforwardgroups.com R3 |
2023-06-29 - 2023-09-27 |
3 months | crt.sh |
This page contains 1 frames:
Frame:
https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo&sso_reload=true
Frame ID: BD929B3164C6E287D01041B28EDC91E5
Requests: 4 HTTP requests in this frame
Screenshot
![](/screenshots/df25017c-522a-47f3-926e-a75e05adc5f1.png)
Page URL History Show full URLs
-
https://495life.com/?skpavvfw?fqww&qrc=shane.chaba@decisivegroup.com
HTTP 302
https://payitforwardgroups.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BheWl0Zm9yd... HTTP 302
https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f9376527... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://495life.com/?skpavvfw?fqww&qrc=shane.chaba@decisivegroup.com
HTTP 302
https://payitforwardgroups.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BheWl0Zm9yd2FyZGdyb3Vwcy5jb20iLCJkb21haW4iOiJwYXlpdGZvcndhcmRncm91cHMuY29tIiwia2V5Ijoic2ZsYmhJcDVZeE1VIiwicXJjIjoic2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20iLCJpYXQiOjE2ODgwNzAzNzQsImV4cCI6MTY4ODA3MDQ5NH0.zS1WOaQWOzk3Zk03Q9ND5Rsuxixi78gdUKDp0yfE29w HTTP 302
https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://e.targito.com/c?a=a765e20b-92d0-4544-a4c3-c23518cbf01d&o=gsklub_cz&m=6b67e0df-8f21-4d26-bac6-98abbf8b9329&c=75283f30-ec7c-4c64-8e96-b11b9ceb9007&d=1550125868&l=footer_menu_2&u=http://9CHAR.lawyerjmp.net%2Fsos%2Fc2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=%2F%2F%2Fc2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20= HTTP 302
- http://9char.lawyerjmp.net/sos/c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=///c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=
9char.lawyerjmp.net/sos/c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=/// Redirect Chain
|
0 286 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
cwvjqtkbg
payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/ Redirect Chain
|
20 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BssoInterrupt_Core_TslNr0xtu1lnBhfEmx5v_A2.js
payitforwardgroups.com/aadcdn.msauth.net/~/shared/1.0/content/js/ |
135 KB 49 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cwvjqtkbg
payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/ |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend15 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.targito.com/ | Name: a765e20b-92d0-4544-a4c3-c23518cbf01d Value: 75283f30-ec7c-4c64-8e96-b11b9ceb9007 |
|
.targito.com/ | Name: trgid_gsklub_cz Value: 75283f30-ec7c-4c64-8e96-b11b9ceb9007 |
|
.targito.com/ | Name: a765e20b-92d0-4544-a4c3-c23518cbf01d_m Value: 6b67e0df-8f21-4d26-bac6-98abbf8b9329 |
|
.targito.com/ | Name: trgm_gsklub_cz Value: 6b67e0df-8f21-4d26-bac6-98abbf8b9329 |
|
.targito.com/ | Name: a765e20b-92d0-4544-a4c3-c23518cbf01d_d Value: 1550125868 |
|
.targito.com/ | Name: trgd_gsklub_cz Value: 1550125868 |
|
495life.com/ | Name: qPdM Value: sflbhIp5YxMU |
|
495life.com/ | Name: qPdM.sig Value: F1Sh5zHgegQCSu0C7cFYiNB_CiY |
|
payitforwardgroups.com/ | Name: qPdM Value: sflbhIp5YxMU |
|
payitforwardgroups.com/ | Name: qPdM.sig Value: F1Sh5zHgegQCSu0C7cFYiNB_CiY |
|
payitforwardgroups.com/ | Name: fpc Value: AgqpvrU4AFdMpoGywWIrYYE |
|
payitforwardgroups.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
payitforwardgroups.com/ | Name: stsservicecookie Value: estsfd |
|
.payitforwardgroups.com/ | Name: AADSSO Value: NA|NoExtension |
|
payitforwardgroups.com/ | Name: SSOCOOKIEPULLED Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
495life.com
9char.lawyerjmp.net
e.targito.com
payitforwardgroups.com
18.185.21.38
206.72.192.242
45.74.8.8
cdd6335082db092565eea26e87ef303754cfabf163711d82f4f46082ca9187cc
d4ecbd5ddbfe0c2e56f819f2a039daa22b2c335e1acc69eb5bdf91e3deb45fbc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855