ns4domains.com Open in urlscan Pro
95.65.0.74 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://top2pot.com/iem7/link.php?m=85739&n=475&l=243&f=h
Effective URL:
http://ns4domains.com/html/neo_nettoyage37.html
Submission: On July 02 via api (July 2nd 2024, 11:19:39 am UTC) from US — Scanned from DE

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 95.65.0.74, located in Chisinau, Moldova and belongs to STARNET-AS, MD. The main domain is ns4domains.com.

This is the only time ns4domains.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	217.12.123.30 217.12.123.30	25454 (ASN-OMD-F...) (ASN-OMD-FNO Orange Moldova Fixed Network Autonomous System)
2	95.65.0.74 95.65.0.74	31252 (STARNET-AS) (STARNET-AS)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
8	13.224.189.31 13.224.189.31	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
13	5

1 217.12.123.30 (Chisinau, Moldova) 1 redirects

ASN25454 (ASN-OMD-FNO Orange Moldova Fixed Network Autonomous System, MD)
PTR: top2pot.com

top2pot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.65.0.74 (Chisinau, Moldova)

ASN31252 (STARNET-AS, MD)
PTR: 95-65-0-74.starnet.md

ns4domains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 13.224.189.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-31.fra2.r.cloudfront.net

vht.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	tradedoubler.com clk.tradedoubler.com Failed vht.tradedoubler.com — Cisco Umbrella Rank: 141986	219 KB
2	ns4domains.com ns4domains.com	20 KB
1	gstatic.com fonts.gstatic.com	39 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 83	996 B
1	top2pot.com 1 redirects top2pot.com	128 B
13	5

	Domain	Requested by
8	vht.tradedoubler.com	ns4domains.com
2	ns4domains.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	ns4domains.com
1	top2pot.com	1 redirects
0	clk.tradedoubler.com Failed	ns4domains.com
13	6

This site contains links to these domains. Also see Links.

Domain
clk.tradedoubler.com

Subject Issuer	Validity	Valid
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.tradedoubler.com Amazon RSA 2048 M02	`2023-11-14` - `2024-12-12`	a year	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://ns4domains.com/html/neo_nettoyage37.html
Frame ID: 77E94D47B823640A1B2F36AB9E2422FF
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page URL History Show full URLs

http://top2pot.com/iem7/link.php?m=85739&n=475&l=243&f=h HTTP 307
https://top2pot.com/iem7/link.php?m=85739&n=475&l=243&f=h HTTP 302
http://ns4domains.com/html/neo_nettoyage37.html HTTP 307
https://ns4domains.com/html/neo_nettoyage37.html HTTP 307
http://ns4domains.com/html/neo_nettoyage37.html Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

13
Requests

77 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

278 kB
Transfer

275 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://clk.tradedoubler.com/click?p=277881&a=2932876&g=25192254&url=https://b2bpro.fr/1422_NP_0222/?qcp=1422_NP_0222
Title: Faites appel à une société de

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://top2pot.com/iem7/link.php?m=85739&n=475&l=243&f=h HTTP 307
https://top2pot.com/iem7/link.php?m=85739&n=475&l=243&f=h HTTP 302
http://ns4domains.com/html/neo_nettoyage37.html HTTP 307
https://ns4domains.com/html/neo_nettoyage37.html HTTP 307
http://ns4domains.com/html/neo_nettoyage37.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request neo_nettoyage37.html Show response
ns4domains.com/html/
Redirect Chain

http://top2pot.com/iem7/link.php?m=85739&n=475&l=243&f=h
https://top2pot.com/iem7/link.php?m=85739&n=475&l=243&f=h
http://ns4domains.com/html/neo_nettoyage37.html
https://ns4domains.com/html/neo_nettoyage37.html
http://ns4domains.com/html/neo_nettoyage37.html

19 KB
20 KB

154ms
76ms

Document
text/html

95.65.0.74
STARNET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ns4domains.com/html/neo_nettoyage37.html
Protocol: HTTP/1.1
Server: 95.65.0.74 Chisinau, Moldova, ASN31252 (STARNET-AS, MD),
Reverse DNS: 95-65-0-74.starnet.md
Software: Apache /
Resource Hash: 0566797960f181cb6ce7ec2f1284efe3a32d50bce8d98c4468a0ac3e51512659

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 19854
Content-Type: text/html
Date: Tue, 02 Jul 2024 11:19:33 GMT
ETag: "e837a-4d8e-61bdeffc42c00"
Keep-Alive: timeout=15, max=100
Last-Modified: Thu, 27 Jun 2024 13:20:48 GMT
Server: Apache

Redirect headers

Location: http://ns4domains.com/html/neo_nettoyage37.html
Non-Authoritative-Reason: HttpsUpgrades

GET click
clk.tradedoubler.com/ 0
0

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
996 B 290ms
62ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Nunito:wght@400;700&display=swap

Requested by

Host: ns4domains.com
URL: http://ns4domains.com/html/neo_nettoyage37.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

94a1a5755af597390fa04322d63ea361ab0dbd9ac6374f57c915e4b87b7bfa1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: http://ns4domains.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 Jul 2024 11:19:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 Jul 2024 10:04:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 Jul 2024 11:19:33 GMT

GET
H/1.1 200
OK pic_header.png
vht.tradedoubler.com/file/277881/0322/img/ 10 KB
10 KB 247ms
97ms Image
image/png 13.224.189.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vht.tradedoubler.com/file/277881/0322/img/pic_header.png

Requested by

Host: ns4domains.com
URL: http://ns4domains.com/html/neo_nettoyage37.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-31.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

d0dd8130f7cc6a2d6a1d1a3e134250d419283506cc3e7e93b7173cb8afc1e42d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: http://ns4domains.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 23:16:22 GMT
Strict-Transport-Security: max-age=31536000
Via: 1.1 d8eef512ab23f23f549b4cd25ac5328c.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 216191
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10023
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 14 Mar 2022 14:41:06 GMT
Server: Apache
Content-Type: image/png
Accept-Ranges: bytes
X-Amz-Cf-Id: L66TfEYGuDYiF1N-dkTsPiv8w2-VY3Lb2rUZKHRYxhGvZUcOu0GKFQ==

GET
H/1.1 200
OK hero1.png
vht.tradedoubler.com/file/277881/0322/img/ 103 KB
103 KB 247ms
98ms Image
image/png 13.224.189.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vht.tradedoubler.com/file/277881/0322/img/hero1.png

Requested by

Host: ns4domains.com
URL: http://ns4domains.com/html/neo_nettoyage37.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-31.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

4e7601eca2408949b6fb23c299682004644b843d947628dce9ee1e378703360c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: http://ns4domains.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Tue, 25 Jun 2024 21:32:34 GMT
Via: 1.1 69f13f852a135432abb1b7bfc5a8b420.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 568019
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 105193
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 14 Mar 2022 14:41:06 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/png
Accept-Ranges: bytes
X-Amz-Cf-Id: Ok8yQCL19MUzKYrIvUqi5ukjx4jG3WvY_Fn5oG_Qu6Yp2GcqYRvFwA==

GET
H/1.1 200
OK cta1.png
vht.tradedoubler.com/file/277881/0322/img/ 4 KB
5 KB 246ms
97ms Image
image/png 13.224.189.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vht.tradedoubler.com/file/277881/0322/img/cta1.png

Requested by

Host: ns4domains.com
URL: http://ns4domains.com/html/neo_nettoyage37.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-31.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

3578b546f98022067f31adf60e5e0167ae0b8591244fff68bd2ea4cd0624bfba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: http://ns4domains.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 27 Jun 2024 17:27:53 GMT
Via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 409900
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 4272
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 14 Mar 2022 14:41:06 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/png
Accept-Ranges: bytes
X-Amz-Cf-Id: EVhFlE3oJSf3VPx3rynNo73ybjc70VpbNI7mLJTJ7dXir8yMRNZpOA==

GET
H/1.1 200
OK pic1.png
vht.tradedoubler.com/file/277881/0322/img/ 3 KB
4 KB 205ms
69ms Image
image/png 13.224.189.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vht.tradedoubler.com/file/277881/0322/img/pic1.png

Requested by

Host: ns4domains.com
URL: http://ns4domains.com/html/neo_nettoyage37.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-31.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

72dd1bb93cf4a5174c1680e571d6bfb5a0e0cb510a73394f760b5b4b45b07690

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: http://ns4domains.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 27 Jun 2024 16:24:24 GMT
Via: 1.1 d8eef512ab23f23f549b4cd25ac5328c.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 413709
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 3350
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 14 Mar 2022 14:41:06 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/png
Accept-Ranges: bytes
X-Amz-Cf-Id: b18BHDeXR13O6yZkRjMnl5MBypDzT6NbCmdTQDgFoPPK5xvYLYTspA==

GET
H/1.1 200
OK pic2.png
vht.tradedoubler.com/file/277881/0322/img/ 3 KB
3 KB 1123ms
972ms Image
image/png 13.224.189.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vht.tradedoubler.com/file/277881/0322/img/pic2.png

Requested by

Host: ns4domains.com
URL: http://ns4domains.com/html/neo_nettoyage37.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-31.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

10fc52daf32e3a61bf73be4daf92989f17192cedd51b3ebd7d726ae0f9cf527a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: http://ns4domains.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 05:44:14 GMT
Strict-Transport-Security: max-age=31536000
Via: 1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 538519
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 2758
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 14 Mar 2022 14:41:06 GMT
Server: Apache
Content-Type: image/png
Accept-Ranges: bytes
X-Amz-Cf-Id: E1KXy0NKfL8673NH8M21Q_Kq9nT9gJY__HGvfe3vS1LLwCSkMgg92Q==

GET
H/1.1 200
OK pic3.png
vht.tradedoubler.com/file/277881/0322/img/ 3 KB
3 KB 273ms
105ms Image
image/png 13.224.189.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vht.tradedoubler.com/file/277881/0322/img/pic3.png

Requested by

Host: ns4domains.com
URL: http://ns4domains.com/html/neo_nettoyage37.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-31.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

633c3d58f72065ff67294ac41e18e8b7eeaceaeb9a8428ca9abecb59f8cc0e6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: http://ns4domains.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 27 Jun 2024 16:24:24 GMT
Via: 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 413709
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 2617
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 14 Mar 2022 14:41:06 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/png
Accept-Ranges: bytes
X-Amz-Cf-Id: 39udHNvDIk6SljEySAUTmT-bAPxyO_cu-XMbKPiW09NrlhNbEDemrQ==

GET
H/1.1 200
OK hero2.jpg
vht.tradedoubler.com/file/277881/0322/img/ 85 KB
86 KB 99ms
98ms Image
image/jpeg 13.224.189.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vht.tradedoubler.com/file/277881/0322/img/hero2.jpg

Requested by

Host: ns4domains.com
URL: http://ns4domains.com/html/neo_nettoyage37.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-31.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

5c1c15d139f79cf614aa624294534969491ba188196a06828cd811722dac983d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: http://ns4domains.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 30 Jun 2024 00:11:19 GMT
Strict-Transport-Security: max-age=31536000
Via: 1.1 d8eef512ab23f23f549b4cd25ac5328c.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 212894
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 87347
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 14 Mar 2022 14:41:06 GMT
Server: Apache
Content-Type: image/jpeg
Accept-Ranges: bytes
X-Amz-Cf-Id: AarNcgLtntdGrbjthIqfR73arJgboX2MTVXgFvUuJiNgTTn3ZiF7bg==

GET
H/1.1 200
OK cta2.png
vht.tradedoubler.com/file/277881/0322/img/ 3 KB
4 KB 43ms
43ms Image
image/png 13.224.189.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vht.tradedoubler.com/file/277881/0322/img/cta2.png

Requested by

Host: ns4domains.com
URL: http://ns4domains.com/html/neo_nettoyage37.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-31.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

5cdcb27cc5ead4fc403123ecb163efb8b26d0d40751bdcd34a5d38da2b0cf522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: http://ns4domains.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000
Date: Wed, 26 Jun 2024 14:23:43 GMT
Via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 507350
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 3475
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 14 Mar 2022 14:41:06 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/png
Accept-Ranges: bytes
X-Amz-Cf-Id: 04kc_-iaASC6HGi9c2z58OAyyWynM-Zk6asBY2SAEn2ONxxkSER3Yg==

GET
H2 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v26/ 38 KB
39 KB 152ms
43ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: http://ns4domains.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 05:31:00 GMT
x-content-type-options: nosniff
age: 452914
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39124
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 05:31:00 GMT

GET
H/1.1 404
Not Found favicon.ico
ns4domains.com/ 273 B
474 B 82ms
82ms Other
text/html 95.65.0.74
STARNET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ns4domains.com/favicon.ico
Protocol: HTTP/1.1
Server: 95.65.0.74 Chisinau, Moldova, ASN31252 (STARNET-AS, MD),
Reverse DNS: 95-65-0-74.starnet.md
Software: Apache /
Resource Hash: 9fc43b0e04001fb86df8fa084d109f9fc5f4171c58acd199c8c6df1a577d33c6

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: http://ns4domains.com/html/neo_nettoyage37.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Tue, 02 Jul 2024 11:19:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=15, max=99
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: clk.tradedoubler.com
URL: https://clk.tradedoubler.com/click?p=277881&a=2932876&g=25192254&url=https://fonts.googleapis.com/css2?family=Nunito:wght@400;700&display=swap

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.tradedoubler.com/	1970-01-21 06:30:55	Name: GUID Value: 1z11zz17qz27yJgqz943bf2f72347061476da620f5eb1b1fc

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://ns4domains.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

clk.tradedoubler.com
fonts.googleapis.com
fonts.gstatic.com
ns4domains.com
top2pot.com
vht.tradedoubler.com
clk.tradedoubler.com
13.224.189.31
217.12.123.30
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2003
95.65.0.74
0566797960f181cb6ce7ec2f1284efe3a32d50bce8d98c4468a0ac3e51512659
10fc52daf32e3a61bf73be4daf92989f17192cedd51b3ebd7d726ae0f9cf527a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f
3578b546f98022067f31adf60e5e0167ae0b8591244fff68bd2ea4cd0624bfba
4e7601eca2408949b6fb23c299682004644b843d947628dce9ee1e378703360c
5c1c15d139f79cf614aa624294534969491ba188196a06828cd811722dac983d
5cdcb27cc5ead4fc403123ecb163efb8b26d0d40751bdcd34a5d38da2b0cf522
633c3d58f72065ff67294ac41e18e8b7eeaceaeb9a8428ca9abecb59f8cc0e6e
72dd1bb93cf4a5174c1680e571d6bfb5a0e0cb510a73394f760b5b4b45b07690
94a1a5755af597390fa04322d63ea361ab0dbd9ac6374f57c915e4b87b7bfa1c
9fc43b0e04001fb86df8fa084d109f9fc5f4171c58acd199c8c6df1a577d33c6
d0dd8130f7cc6a2d6a1d1a3e134250d419283506cc3e7e93b7173cb8afc1e42d

ns4domains.com Open in urlscan Pro 95.65.0.74 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

77 %HTTPS

40 %IPv6

5 Domains

6 Subdomains

5 IPs

3 Countries

278 kBTransfer

275 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

ns4domains.com Open in urlscan Pro
95.65.0.74 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

77 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

278 kB
Transfer

275 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions