urlscan.io logo urlscan.io
SecurityTrails logo

jr9w.yypz7hlvgj.com Open in urlscan Pro
79.133.41.53  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ==
Effective URL: https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f
Submission: On October 29 via api from BE — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 6 countries across 8 domains to perform 10 HTTP transactions. The main IP is 79.133.41.53, located in Germany and belongs to DE-FIRSTCOLO firstcolo.net, DE. The main domain is jr9w.yypz7hlvgj.com.
TLS certificate: Issued by R11 on August 31st 2024. Valid for: 3 months.
This is the only time jr9w.yypz7hlvgj.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 185.106.22.50 201021 (ONURBILIS...)
1 62.210.7.109 12876 (Online SAS)
2 2 45.147.195.16 49392 (ASBAXETN)
2 3 2606:4700:303... 13335 (CLOUDFLAR...)
1 6 79.133.41.53 44066 (DE-FIRSTC...)
1 104.19.229.21 13335 (CLOUDFLAR...)
2 104.19.230.21 13335 (CLOUDFLAR...)
10 5
1    185.106.22.50 (Turkey)

ASN201021 (ONURBILISIM-AS, TR)
PTR: mtv.mobistar.be
enterpriseregistration.ussoccer.com
1    62.210.7.109 (France)

ASN12876 (Online SAS, FR)
PTR: connect.sweetwaterfares.com
purelymandy.com
2    45.147.195.16 (Moscow, Russian Federation)

ASN49392 (ASBAXETN, RU)
PTR: overcharge15.professionerinpick.com
1ibeg.suggestedspins.com
1ibeg.spinningfastloop.com
3    2606:4700:3030::ac43:d0f0 (United States)

ASN13335 (CLOUDFLARENET, US)
amclicks.com
6    79.133.41.53 (Germany)

ASN44066 (DE-FIRSTCOLO firstcolo.net, DE)
jr9w.quickconnectivitions.com
jr9w.yypz7hlvgj.com
1    104.19.229.21 (None, )

ASN13335 (CLOUDFLARENET, US)
hcaptcha.com
2    104.19.230.21 (None, )

ASN13335 (CLOUDFLARENET, US)
newassets.hcaptcha.com
Apex Domain
Subdomains		 Transfer
5 yypz7hlvgj.com
jr9w.yypz7hlvgj.com
51 KB
3 hcaptcha.com
hcaptcha.com — Cisco Umbrella Rank: 4550
newassets.hcaptcha.com — Cisco Umbrella Rank: 5887
48 KB
3 amclicks.com
amclicks.com
2 KB
1 quickconnectivitions.com
jr9w.quickconnectivitions.com
993 B
1 spinningfastloop.com
1ibeg.spinningfastloop.com
967 B
1 suggestedspins.com
1ibeg.suggestedspins.com
1003 B
1 purelymandy.com
purelymandy.com
466 B
1 ussoccer.com
enterpriseregistration.ussoccer.com
370 B
10 8
Domain Requested by
5 jr9w.yypz7hlvgj.com amclicks.com
jr9w.yypz7hlvgj.com
purelymandy.com
3 amclicks.com 2 redirects purelymandy.com
2 newassets.hcaptcha.com hcaptcha.com
1 hcaptcha.com jr9w.yypz7hlvgj.com
1 jr9w.quickconnectivitions.com 1 redirects
1 1ibeg.spinningfastloop.com 1 redirects
1 1ibeg.suggestedspins.com 1 redirects
1 purelymandy.com
1 enterpriseregistration.ussoccer.com 1 redirects
10 9

This site contains no links.

Subject Issuer Validity Valid
purelymandy.com
Sectigo RSA Domain Validation Secure Server CA		 2024-05-16 -
2025-06-16		 a year crt.sh
amclicks.com
WE1		 2024-10-10 -
2025-01-08		 3 months crt.sh
yypz7hlvgj.com
R11		 2024-08-31 -
2024-11-29		 3 months crt.sh
hcaptcha.com
WE1		 2024-09-07 -
2024-12-06		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f
Frame ID: 501D9EBB400BD224C6FF7247C528AB41
Requests: 8 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/05c78a4/static/hcaptcha.html
Frame ID: 9ECA9276B4FD3D06BA4346ABAE341BC9
Requests: 1 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/05c78a4/static/hcaptcha.html
Frame ID: E8869D83DAE8EF6DBE06D21A5668EBCE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

✨

Page URL History Show full URLs

  1. http://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMw... HTTP 307
    https://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMw... HTTP 307
    http://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMw... HTTP 302
    https://purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/581644444_1lzhyls Page URL
  2. https://1ibeg.suggestedspins.com/?kw=690052&s1=690052&s2=32_832534_151680&s3=1436513406&s4=45 HTTP 302
    https://1ibeg.spinningfastloop.com/o/TEJKTGIY/54c85ca0-95e1-11ef-8252-eb704be2a417/54d07d40-95e1-11ef-8686-b1a6... HTTP 302
    http://amclicks.com/clk.php?c=5996&p=16764&s1=74698&s2=55cc5ffc-95e1-11ef-ad35-a1f91e4d6563& HTTP 307
    https://amclicks.com/clk.php?c=5996&p=16764&s1=74698&s2=55cc5ffc-95e1-11ef-ad35-a1f91e4d6563& HTTP 302
    https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/ Page URL
  3. https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/ HTTP 302
    https://jr9w.quickconnectivitions.com/?s1=16764 HTTP 302
    https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • https://hcaptcha.com/([\d]+?)/api.js

Page Statistics

10
Requests

100 %
HTTPS

14 %
IPv6

8
Domains

9
Subdomains

5
IPs

6
Countries

101 kB
Transfer

213 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ== HTTP 307
    https://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ== HTTP 307
    http://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ== HTTP 302
    https://purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/581644444_1lzhyls Page URL
  2. https://1ibeg.suggestedspins.com/?kw=690052&s1=690052&s2=32_832534_151680&s3=1436513406&s4=45 HTTP 302
    https://1ibeg.spinningfastloop.com/o/TEJKTGIY/54c85ca0-95e1-11ef-8252-eb704be2a417/54d07d40-95e1-11ef-8686-b1a6c7f328d8 HTTP 302
    http://amclicks.com/clk.php?c=5996&p=16764&s1=74698&s2=55cc5ffc-95e1-11ef-ad35-a1f91e4d6563& HTTP 307
    https://amclicks.com/clk.php?c=5996&p=16764&s1=74698&s2=55cc5ffc-95e1-11ef-ad35-a1f91e4d6563& HTTP 302
    https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/ Page URL
  3. https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/ HTTP 302
    https://jr9w.quickconnectivitions.com/?s1=16764 HTTP 302
    https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ== HTTP 307
  • https://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ== HTTP 307
  • http://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ== HTTP 302
  • https://purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/581644444_1lzhyls
Request Chain 1
  • https://1ibeg.suggestedspins.com/?kw=690052&s1=690052&s2=32_832534_151680&s3=1436513406&s4=45 HTTP 302
  • https://1ibeg.spinningfastloop.com/o/TEJKTGIY/54c85ca0-95e1-11ef-8252-eb704be2a417/54d07d40-95e1-11ef-8686-b1a6c7f328d8 HTTP 302
  • http://amclicks.com/clk.php?c=5996&p=16764&s1=74698&s2=55cc5ffc-95e1-11ef-ad35-a1f91e4d6563& HTTP 307
  • https://amclicks.com/clk.php?c=5996&p=16764&s1=74698&s2=55cc5ffc-95e1-11ef-ad35-a1f91e4d6563& HTTP 302
  • https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
581644444_1lzhyls
purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/
Redirect Chain
  • http://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ==
  • https://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ==
  • http://enterpriseregistration.ussoccer.com/rtcgmh?kpgborimktwttp=wjdsfqleldvrueMTltYW5xNDAwNXE3MDAwMzkxYzB3MGdpMHAwNTMwMjAxaHVkeQ==
  • https://purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/581644444_1lzhyls
156 B
466 B 		Document
General
Check archive.org
Download Go to
Full URL
https://purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/581644444_1lzhyls
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.210.7.109 , France, ASN12876 (Online SAS, FR),
Reverse DNS
connect.sweetwaterfares.com
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Connection
close
Content-Length
156
Content-Type
text/html; charset=UTF-8
Date
Tue, 29 Oct 2024 10:34:07 GMT
Server
Apache

Redirect headers

Connection
keep-alive
Content-Type
text/html
Date
Tue, 29 Oct 2024 10:34:06 GMT
Location
https://purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/581644444_1lzhyls
Server
nginx
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
/
amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/
Redirect Chain
  • https://1ibeg.suggestedspins.com/?kw=690052&s1=690052&s2=32_832534_151680&s3=1436513406&s4=45
  • https://1ibeg.spinningfastloop.com/o/TEJKTGIY/54c85ca0-95e1-11ef-8252-eb704be2a417/54d07d40-95e1-11ef-8686-b1a6c7f328d8
  • http://amclicks.com/clk.php?c=5996&p=16764&s1=74698&s2=55cc5ffc-95e1-11ef-ad35-a1f91e4d6563&
  • https://amclicks.com/clk.php?c=5996&p=16764&s1=74698&s2=55cc5ffc-95e1-11ef-ad35-a1f91e4d6563&
  • https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/
305 B
727 B 		Document
General
Check archive.org
Download Go to
Full URL
https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/
Requested by
Host: purelymandy.com
URL: https://purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/581644444_1lzhyls
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:d0f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/581644444_1lzhyls
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8da28302981cd51e-CDG
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 29 Oct 2024 10:34:12 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5WT7LS%2BLdQvvJOEdDogzMLqPVohqwmXb08mopNMEx7L%2B6QlJWFtV61imAWDE9vPFIMNWCIaT5cexOXE8nxHSttGZ95KQAyCN6ThRm7ngxEoRSySTiUcmUDPcaWd%2B9IT23AJj64ojjwBmgpA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=90318&sent=10&recv=11&lost=0&retrans=0&sent_bytes=4771&recv_bytes=2518&delivery_rate=31483&cwnd=37&unsent_bytes=0&cid=8f1e09bceca4e9ed&ts=833&x=0"
vary
X-Forwarded-Proto,Accept-Encoding,User-Agent

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=600
cf-cache-status
DYNAMIC
cf-ray
8da28300de6ad51e-CDG
content-type
text/html; charset=UTF-8
date
Tue, 29 Oct 2024 10:34:12 GMT
expires
Tue, 29 Oct 2024 10:44:12 GMT
location
/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B6jkmO3%2BYsqdrIjFaMe1qgHIEelGTtRa1jRvSZAfYgVizkXj33lgcNyfnqzNZlqwJVVuVuhu04FvorWCXBjdELJHLXbYPgjEFcf74MCbnM9xhMy6xlzGtqxXokiqsJz%2BZ77KLF1Mk2Cn5Kk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=90865&sent=7&recv=9&lost=0&retrans=0&sent_bytes=4009&recv_bytes=2420&delivery_rate=31483&cwnd=35&unsent_bytes=0&cid=8f1e09bceca4e9ed&ts=418&x=0"
vary
X-Forwarded-Proto,Accept-Encoding,User-Agent
Primary Request 57b6870c-95e1-11ef-b970-cf56cb13538f
jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/
Redirect Chain
  • https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/
  • https://jr9w.quickconnectivitions.com/?s1=16764
  • https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f
10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f
Requested by
Host: amclicks.com
URL: https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.133.41.53 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS
Software
swoole-http-server /
Resource Hash
26d64ee1d9f8d7c0d7b74a95c5a6228fddd27a4547f17ebc15646b7cf48f8fd5
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://amclicks.com/x/5996/16764/0/74698/55cc5ffc-95e1-11ef-ad35-a1f91e4d6563/0/0/0/0/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, private
content-encoding
br
content-length
2256
content-type
text/html; charset=UTF-8
date
Tue, 29 Oct 2024 10:34:15 GMT
server
swoole-http-server
strict-transport-security
max-age=15768000
x-redir
true

Redirect headers

cache-control
no-cache, private
content-encoding
br
content-length
282
content-type
text/html; charset=utf-8
date
Tue, 29 Oct 2024 10:34:14 GMT
location
https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f
server
swoole-http-server
strict-transport-security
max-age=15768000
x-redir
true
app-ae755995.css
jr9w.yypz7hlvgj.com/build/assets/ 		38 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jr9w.yypz7hlvgj.com/build/assets/app-ae755995.css
Requested by
Host: jr9w.yypz7hlvgj.com
URL: https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.133.41.53 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS
Software
swoole-http-server /
Resource Hash
ae7559958f025cd5a0a986526b82a976ed23c454544c900176e1d48ea333b97b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=15768000
age
590549
via
1.1 varnish (Varnish/7.4)
x-varnish
5851420 360451
accept-ranges
bytes
content-length
39143
date
Tue, 22 Oct 2024 14:31:46 GMT
content-type
text/css
server
swoole-http-server
push_na_push.js
jr9w.yypz7hlvgj.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jr9w.yypz7hlvgj.com/push_na_push.js?aff_id=1163&custom=v2&s2=5841540e-95e1-11ef-951d-ed3d7a1cf9dd
Requested by
Host: jr9w.yypz7hlvgj.com
URL: https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.133.41.53 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS
Software
swoole-http-server /
Resource Hash
be0146441e87ce93bba294600a58e1e7775df946962a6491f19ccb26295f3b03
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=15768000
cache-control
no-cache, private
content-encoding
gzip
service-worker-allowed
/
age
0
via
1.1 varnish (Varnish/7.4)
x-redir
true
x-varnish
5851421
accept-ranges
bytes
content-length
783
date
Tue, 29 Oct 2024 10:34:15 GMT
content-type
application/javascript
vary
Accept-Encoding
server
swoole-http-server
api.js
hcaptcha.com/1/ 		147 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hcaptcha.com/1/api.js
Requested by
Host: jr9w.yypz7hlvgj.com
URL: https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.229.21 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
219b467e10fa76afadeafcbfdd061aba7856418c3c6d64cf12086c3c51b857b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, max-age=300
content-encoding
br
cf-cache-status
HIT
etag
W/"2b5a35fbd77d40bce698500285e9b2a5"
age
0
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
cf-ray
8da28318edb232b2-PHL
alt-svc
h3=":443"; ma=86400
date
Tue, 29 Oct 2024 10:34:15 GMT
content-type
application/javascript
vary
Origin, Accept-Encoding
server
cloudflare
push_proxnapush.js
jr9w.yypz7hlvgj.com/ 		17 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jr9w.yypz7hlvgj.com/push_proxnapush.js?v=1&custom=true
Requested by
Host: purelymandy.com
URL: https://purelymandy.com/1761401a35300e20800/32_832534_151680/594_267228_0530201_25/581644444_1lzhyls
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.133.41.53 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS
Software
swoole-http-server /
Resource Hash
d97140baac38de7446121bd7fd8c6fd76194281fa0a9e4f1c636ce1cc1a0babe
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=15768000
cache-control
no-cache, private
content-encoding
gzip
service-worker-allowed
/
age
590548
via
1.1 varnish (Varnish/7.4)
x-redir
true
x-varnish
5851423 557063
accept-ranges
bytes
content-length
8973
date
Tue, 22 Oct 2024 14:31:47 GMT
content-type
application/javascript
vary
Accept-Encoding
server
swoole-http-server
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/05c78a4/static/ Frame 9ECA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/05c78a4/static/hcaptcha.html
Requested by
Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.230.21 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
8da2831d1f590cb8-EWR
content-encoding
br
content-security-policy
report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
content-type
text/html
date
Tue, 29 Oct 2024 10:34:16 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding Origin
x-content-type-options
nosniff
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/05c78a4/static/ Frame E886 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/05c78a4/static/hcaptcha.html
Requested by
Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.230.21 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
8da2831d1f590cb8-EWR
content-encoding
br
content-security-policy
report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
content-type
text/html
date
Tue, 29 Oct 2024 10:34:16 GMT
server
cloudflare
vary
Accept-Encoding Origin
x-content-type-options
nosniff
favicon.ico
jr9w.yypz7hlvgj.com/ 		0
164 B 		Other
General
Check archive.org
Download Go to
Full URL
https://jr9w.yypz7hlvgj.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.133.41.53 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS
Software
swoole-http-server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=15768000
age
590549
via
1.1 varnish (Varnish/7.4)
x-varnish
5851426 327689
accept-ranges
bytes
content-length
0
date
Tue, 22 Oct 2024 14:31:47 GMT
content-type
image/x-icon
server
swoole-http-server

Verdicts & Comments Add Verdict or Comment

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| _at function| dynamicTextColor function| onCaptchaSuccess string| bgColor1 string| mainBackgroundColor string| contrastColor1 string| buttonColor1 string| textColor1 string| bgColor2 string| contrastColor2 string| buttonColor2 string| textColor2 string| bgColor3 string| contrastColor3 string| buttonColor3 string| textColor3 object| Raven object| hcaptcha object| grecaptcha function| _NeptuneAdsPushDeferred function| getUrlVars function| urlBase64ToUint8Array function| _NeptuneAdsPushGetDeviceType function| _NeptuneAdsPushGetPageDetails function| _NeptuneAdsPushGetReferrer function| _NeptuneAdsPushGetLanguage function| _NeptuneAdsPushGetResolution function| _NeptuneAdsPushGetBrowserInfo function| _NeptuneAdsPushGetSystemInfo function| _NeptuneAdsPushInitialize function| _NeptuneAdsPushGetSiteConfig function| _NeptuneAdsPushLoadPrompt function| _NeptuneAdsPushPromptApprove function| _NeptuneAdsPushPromptDeny function| _NeptuneAdsPushPromptCancel function| _NeptuneAdsPushRemovePoweredBy function| _NeptuneAdsPushShowPoweredBy function| _NeptuneAdsPushGetSubscriberID function| _NeptuneAdsPushSendTrackData function| _NeptuneAdsPushGetSubscriberIDFromToken function| _NeptuneAdsPushGenerateID function| _NeptuneAdsPushGetCookie function| _NeptuneAdsPushSetCookie function| _NeptuneAdsPushDeleteCookie function| _NeptuneAdsPushTrackAttributes function| _NeptuneAdsPushOptInResponse function| _NeptuneAdsPushPrompt function| _NeptuneAdsPushTrackEvent function| _NeptuneAdsPushAbandonedCart function| _NeptuneAdsPushGetPushToken function| _NeptuneAdsPushSupportsPush function| _NeptuneAdsPushCheckHTTPS function| _NeptuneAdsPushCheckPermissions function| _NeptuneAdsPushRunNative function| _NeptuneAdsPushSafariRun function| _NeptuneAdsPushChromeRun function| _NeptuneAdsPushSubscribe function| _NeptuneAdsPushExtractSubscriptionId function| _NeptuneAdsPushSendSubscriptionToServer function| _NeptuneAdsPushRegisterWorker function| _NeptuneAdsPushFetchSubscriberIDFromWorker function| _NeptuneAdsPushConsoleOutput function| _NeptuneAdsPushSendWorkerMessage function| _NeptuneAdsPushLoad string| domain string| owner string| idSite string| _NeptuneAdsPushSubscriberID object| trackData string| currentPage string| _NeptuneAdsPushAPI boolean| _NeptuneAdsPushRanScript string| uid number| width number| height object| browserInfo object| systemInfo string| refUrl string| refName object| referrer string| pageTitle string| pageURL object| pageDetails string| curPageURL string| configPageURL number| auto_prompt object| powered_browserinfo string| powered_devicetype string| powered_top string| powered_left

7 Cookies

Domain/Path Name / Value
purelymandy.com/ Name: uid45
Value: 1436513406-20241029063407-661ad68fbf1737861b94d89283d7c15c-
1ibeg.suggestedspins.com/ Name: yredir_session
Value: eyJpdiI6Im5FbTVJMGVNdFRzemFWZGZ0YnZUVUE9PSIsInZhbHVlIjoiL3JiTU96L0xwZ0t4QXNUL2xYTDNLT2VEQnRKeDJlK0hzVnA2ZkpKeTMxaEE5WG1XYU51WEZUNCtIQUFieVg2SjlqNUl1SkV4NGlJMWZ5ZDBsRG1mbGttVmJweHl5NWhKVzlhMy9rYVJGWG0xQWFUejh1cFYyUGN5WkNQMlg4WnYiLCJtYWMiOiI1NTM1NWQ2NjAyMDEzODE1YzAxYzEyZWE3NmY2ZGQ4NDYzNTk3N2RlOTg2ZTVlZGY3YjcxYTRjYzcyZWZmZmU4IiwidGFnIjoiIn0%3D
1ibeg.spinningfastloop.com/ Name: yredir_session
Value: eyJpdiI6IlRBYWkvS2pWRUVRaTZSZFdsNU04cXc9PSIsInZhbHVlIjoibFZHWHpyaHdwcy9QdHVPMXlhTG5kK1BpdEdQWmwrQjM4ODJiOHhlaG1wTnZoMEhrMk95QVliVEJ0Y0VDaXhvREhQck9sTFdOUnNiMnNJRkJ3VXhvOGdad1RwRnIzaERNTENNS0o4bUlSL2ZhZEtWRjUwbEJvWTlUNzZLSGNoeVIiLCJtYWMiOiI3NGM0YTY5OWUwMGE4NjUwYTY4MGMxMDQ3NDhiNTlhYjFmYWQ4YmNmM2Q5YTIzOWZlNDQ1NzEwYjU0NmE0MjlkIiwidGFnIjoiIn0%3D
amclicks.com/ Name: amped
Value: 2c3bdc56192f8a93fbfb38b3652a5e1040e87f5f
jr9w.quickconnectivitions.com/ Name: yredir_session
Value: eyJpdiI6IkJ4OVpaSE0wUmhtenRxK1hkSzk0ZHc9PSIsInZhbHVlIjoiUTN1aXZybEZPQk9oQUI3aU1Rem1xVDZaeC80Rm9oRldIUW52NENFWnFsQVVmSllHUlAwWVl6bDhBckhwQUNQNStaZUt6NEx2eEpRbDIrd3A0WWhlbitjTnNhSHRWYVR3Z05XanVSZ1NxYU5hSGpBZ0dKUVpnT2pTTkVJZHhPYU4iLCJtYWMiOiJhZjRlYzVlYmY3ZjJkNDJlYTI3NWVjYTBlZmI5YzBiY2QyZjNmNzViZDk4MmU1OTY4MDkwMmM4ZmVmYzcyZjMxIiwidGFnIjoiIn0%3D
jr9w.yypz7hlvgj.com/ Name: yredir_session
Value: eyJpdiI6IlZPS01NVDl6dkkrcWRXTUo5QWg5RWc9PSIsInZhbHVlIjoiVmtmTktZSHYvRHVIU3JWMGFIRUVFQm1TV1dZbGxrWldvS2ZIZHdydjJhNUEwZllJZnY1ZXNEUnZ5M0dla0dCR241Um1VNlFUWHYzcTU0dlRNbTcvUUJ2RkhDdURLMzh5R2F2aXVNTHhsK3ZXU0lWZXhHMDc0WXVJcVJFV2p1a2YiLCJtYWMiOiIyNjkyOTFjNDI0OGM2OTFhOTlkZjY3NTNjNjJmZmJkNjhmMmQ0YzI2ZjlkNDNiZDg3OTAyYjViMjU1ZTYzYjEwIiwidGFnIjoiIn0%3D
jr9w.yypz7hlvgj.com/ Name: _NeptuneAdsPushSubscriberID
Value: d064c1ac-2ef7-18d1-a713-4ba79873dc71

1 Console Messages

Source Level URL
Text
other error URL: https://jr9w.yypz7hlvgj.com/t/65dbaf812d2c/57abd1a4-95e1-11ef-b0d8-779faf6174b7/57b6870c-95e1-11ef-b970-cf56cb13538f
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.