urlscan.io logo urlscan.io
SecurityTrails logo

utleadarpost.gq Open in urlscan Pro
104.21.57.125  Public Scan

Go To Rescan Add Verdict Report
URL: https://utleadarpost.gq/
Submission: On October 10 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 7 HTTP transactions. The main IP is 104.21.57.125, located in and belongs to CLOUDFLARENET, US. The main domain is utleadarpost.gq.
TLS certificate: Issued by R3 on October 10th 2021. Valid for: 3 months.
This is the only time utleadarpost.gq was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.21.57.125 13335 (CLOUDFLAR...)
1 142.250.181.234 15169 (GOOGLE)
1 104.21.22.18 13335 (CLOUDFLAR...)
1 178.79.160.240 63949 (LINODE-AP...)
3 142.250.186.35 15169 (GOOGLE)
7 5
1    104.21.57.125 (None, )

ASN13335 (CLOUDFLARENET, US)
utleadarpost.gq
1    142.250.181.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f10.1e100.net
fonts.googleapis.com
1    104.21.22.18 (None, )

ASN13335 (CLOUDFLARENET, US)
iqoptionclub.com
1    178.79.160.240 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: www.pointzero-trading.com
www.pointzero-trading.com
3    142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
fonts.gstatic.com
Domain Requested by
3 fonts.gstatic.com fonts.googleapis.com
1 www.pointzero-trading.com utleadarpost.gq
1 iqoptionclub.com utleadarpost.gq
1 fonts.googleapis.com utleadarpost.gq
1 utleadarpost.gq
7 5

This site contains no links.

Subject Issuer Validity Valid
*.utleadarpost.gq
R3		 2021-10-10 -
2022-01-08		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.iqoptionclub.com
R3		 2021-10-07 -
2022-01-05		 3 months crt.sh
pointzero-trading.com
Sectigo RSA Domain Validation Secure Server CA		 2020-05-21 -
2022-05-21		 2 years crt.sh
*.gstatic.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh

This page contains 1 frames:

Primary Page: https://utleadarpost.gq/
Frame ID: C0F289AEE6F688D9D09D76D4B5048857
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Télécharger l'application Forex « Stratégies de trading » pour Android

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

267 kB
Transfer

301 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
utleadarpost.gq/ 		38 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://utleadarpost.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.57.125 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
386b78a7519d7060dfd826f6e31717e7460d467dc6fee523ae0bcf972a2b4eac

Request headers

:method
GET
:authority
utleadarpost.gq
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Sun, 10 Oct 2021 10:07:59 GMT
content-type
text/html; charset=UTF-8
set-cookie
ch1c=b
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AAJ7Vfqnz0%2FtPU7S1BAf4I63hYVpumVzKLTftXW8VuTonAC2FTEF2W6hAN8MsYmvG3DBmhSBUznKiEYORTNBjmDq9mRno3Q9xQbq7EuPpldCNNdOp9zvoWf6P4fWlS7lako%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
69bf0b7b88c7695d-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
css
fonts.googleapis.com/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Bitter%3Aregular%2Citalic%2C700%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CEB+Garamond%3Aregular
Requested by
Host: utleadarpost.gq
URL: https://utleadarpost.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f10.1e100.net
Software
ESF /
Resource Hash
af9909e901c8ffed49887da9396b4c6fbf18d39036d44c8ad495b7fcd05a970b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://utleadarpost.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 10 Oct 2021 10:07:59 GMT
server
ESF
date
Sun, 10 Oct 2021 10:07:59 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires
Sun, 10 Oct 2021 10:07:59 GMT
what-is-the-60-seconds-binary-option-strategy-who-should-implement-this-strateg.jpg
iqoptionclub.com/images/iqoption/1612022694031/original/ 		67 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://iqoptionclub.com/images/iqoption/1612022694031/original/what-is-the-60-seconds-binary-option-strategy-who-should-implement-this-strateg.jpg
Requested by
Host: utleadarpost.gq
URL: https://utleadarpost.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.22.18 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
411663317d85be83eae95b44080d4addec319b4c572d9653a11754140349cff5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://utleadarpost.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 10 Oct 2021 10:07:59 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
68721
pragma
public
last-modified
Sat, 30 Jan 2021 16:04:54 GMT
server
cloudflare
etag
"601583a6-10c71"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ES0Nsl50AJRne5wrdSCX%2BroU3kNpueaT4GdfzXFR0qxTiQRMfQoXkOnQsy69A%2F%2FXnhBbJjEo4Il%2Bfu8RBgwc7IzNWyGFUUFyXy4t4dD1Nw2ykM7fhVCyuI0q07m7yPFF7Zia"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
69bf0b7c1a625bfd-FRA
expires
Tue, 09 Nov 2021 09:46:59 GMT
566892a5.jpg
www.pointzero-trading.com/webroot/model_files/Freeproduct/images/4/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.pointzero-trading.com/webroot/model_files/Freeproduct/images/4/566892a5.jpg
Requested by
Host: utleadarpost.gq
URL: https://utleadarpost.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.79.160.240 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
www.pointzero-trading.com
Software
Apache /
Resource Hash
b4c7bfd54b6507effb204463cfad60816297fb8c4ba05e9e94894ff6db717846

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://utleadarpost.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sun, 10 Oct 2021 10:07:59 GMT
Last-Modified
Tue, 28 Aug 2012 10:07:07 GMT
Server
Apache
ETag
"16e91-4c8509ace68c0"
Content-Type
image/jpeg
Cache-Control
max-age=3600, public, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
93841
Expires
Tue, 09 Nov 2021 10:07:59 GMT
rax8HiqOu8IVPmn7f4xp.woff2
fonts.gstatic.com/s/bitter/v19/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/bitter/v19/rax8HiqOu8IVPmn7f4xp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Bitter%3Aregular%2Citalic%2C700%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CEB+Garamond%3Aregular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
ebb47fd79ee856806fec5c85f947b3a908cbe3cfef92099fa4c9b481f092f6f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://utleadarpost.gq
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 19:51:41 GMT
x-content-type-options
nosniff
age
483378
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30792
x-xss-protection
0
last-modified
Tue, 29 Jun 2021 23:04:55 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Oct 2022 19:51:41 GMT
nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v22/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/playfairdisplay/v22/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Bitter%3Aregular%2Citalic%2C700%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CEB+Garamond%3Aregular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
62c8f47275e874a210224258f160fdc003caf2d09a24e83f153b901c758509e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://utleadarpost.gq
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 09:23:00 GMT
x-content-type-options
nosniff
age
175499
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44876
x-xss-protection
0
last-modified
Thu, 28 Jan 2021 20:29:37 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 08 Oct 2022 09:23:00 GMT
raxjHiqOu8IVPmn7epZnDMyKBvHf5D6c4Pz-X3By.woff2
fonts.gstatic.com/s/bitter/v19/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/bitter/v19/raxjHiqOu8IVPmn7epZnDMyKBvHf5D6c4Pz-X3By.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Bitter%3Aregular%2Citalic%2C700%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CEB+Garamond%3Aregular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
05bb1af893b4164fe04fe6a49741dd582e0e9b55c22df43ef034cdade6ebff15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://utleadarpost.gq
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 10:50:15 GMT
x-content-type-options
nosniff
age
515864
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16124
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 00:32:12 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Oct 2022 10:50:15 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster

1 Cookies

Domain/Path Name / Value
utleadarpost.gq/ Name: ch1c
Value: b

2 Console Messages

Source Level URL
Text
security warning URL: https://utleadarpost.gq/(Line 1)
Message:
Mixed Content: The page at 'https://utleadarpost.gq/' was loaded over HTTPS, but requested an insecure element 'http://www.pointzero-trading.com/webroot/model_files/Freeproduct/images/4/566892a5.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://utleadarpost.gq/
Message:
Mixed Content: The page at 'https://utleadarpost.gq/' was loaded over HTTPS, but requested an insecure element 'http://www.pointzero-trading.com/webroot/model_files/Freeproduct/images/4/566892a5.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html