urlscan.io logo urlscan.io
SecurityTrails logo

mysearchflow.com Open in urlscan Pro
165.22.199.235  Public Scan

Go To Rescan Add Verdict Report
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Submission: On May 06 via manual from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 11 domains to perform 26 HTTP transactions. The main IP is 165.22.199.235, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is mysearchflow.com.
TLS certificate: Issued by R3 on March 26th 2021. Valid for: 3 months.
This is the only time mysearchflow.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    165.22.199.235 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
mysearchflow.com
2    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
www.googleadservices.com
1    46.105.75.100 (France)

ASN16276 (OVH, FR)
querilis.com
1    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Domain Requested by
5 mysearchflow.com mysearchflow.com
1 www.google.de mysearchflow.com
1 www.google.com mysearchflow.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 querilis.com mysearchflow.com
1 www.googleadservices.com www.googletagmanager.com
1 maxcdn.bootstrapcdn.com mysearchflow.com
1 cdnjs.cloudflare.com mysearchflow.com
1 code.jquery.com mysearchflow.com
1 www.googletagmanager.com mysearchflow.com
1 stackpath.bootstrapcdn.com mysearchflow.com
0 bapoeoceggfnnoomenaapjkofjlpmbeh Failed mysearchflow.com
26 12

This site contains no links.

Subject Issuer Validity Valid
www.mysearchflow.com
R3		 2021-03-26 -
2021-06-24		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-04-13 -
2021-07-06		 3 months crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-10-16		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-04-13 -
2021-07-06		 3 months crt.sh
querilis.com
R3		 2021-05-04 -
2021-08-02		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-04-13 -
2021-07-06		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-04-13 -
2021-07-06		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-04-13 -
2021-07-06		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Frame ID: 98F998A09F5B0037E56A9F80A8014126
Requests: 25 HTTP requests in this frame

Frame: https://querilis.com/t/landing.php?campaign=flch44&ctype=cpa&p=ac&click=16202977333275194322091688779616320&zone=3966115
Frame ID: 140B29944B284E018A434A124E0A718C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

26
Requests

58 %
HTTPS

70 %
IPv6

11
Domains

12
Subdomains

11
IPs

4
Countries

148 kB
Transfer

439 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
mysearchflow.com/ 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.22.199.235 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9b7d0df49f01acabf90d099884b3d3a4bfa1986f9527c9d52483997ab18edcd9

Request headers

Host
mysearchflow.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx/1.10.3 (Ubuntu)
Date
Thu, 06 May 2021 10:45:50 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
p=ac; expires=Tue, 05-May-2026 10:45:50 GMT; Max-Age=157680000; path=/; samesite=none; domain=.mysearchflow.com; secure c=flch44; expires=Tue, 05-May-2026 10:45:50 GMT; Max-Age=157680000; path=/; samesite=none; domain=.mysearchflow.com; secure
Content-Encoding
gzip
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ 		138 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://mysearchflow.com
Referer
https://mysearchflow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 06 May 2021 10:45:50 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617
age
3257341
cdn-cachedat
2021-03-11 11:57:51
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e2e1bdf200004e986887c000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
2a7f417b5a68502eeb67db8f26ee95ad
cf-ray
64b19f0fedb94e98-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
js
www.googletagmanager.com/gtag/ 		84 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-591619351
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fa3c5bff496e25f777f5d890fa076d8f2a60dd3c57638c52f1000df132e3378c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://mysearchflow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 06 May 2021 10:45:50 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34212
x-xss-protection
0
last-modified
Thu, 06 May 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 06 May 2021 10:45:50 GMT
favicon.png
mysearchflow.com/img/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mysearchflow.com/img/favicon.png
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.22.199.235 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d6b8044085cd3d0124fb629a3b52e8405b126aca5fbd89df07cfe41b2f3c2786

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
mysearchflow.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Cookie
p=ac; c=flch44
Connection
keep-alive
Referer
https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 06 May 2021 10:45:50 GMT
Last-Modified
Fri, 24 Apr 2020 07:52:25 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5ea29ab9-35d8"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13784
jquery-3.2.1.slim.min.js
code.jquery.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Origin
https://mysearchflow.com
Referer
https://mysearchflow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 06 May 2021 10:45:50 GMT
content-encoding
gzip
last-modified
Mon, 20 Mar 2017 19:01:15 GMT
server
nginx
etag
W/"58d026fb-10fdd"
vary
Accept-Encoding
x-hw
1620297950.dop210.fr8.t,1620297950.cds270.fr8.hc,1620297950.cds257.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
23856
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Origin
https://mysearchflow.com
Referer
https://mysearchflow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 06 May 2021 10:45:50 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3851035
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6157
cf-request-id
09e2e1be0e00000631eeaa9000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2JQyvo3xeelnnmU8GUZDmapIYH4TOBWgmkgGBUsesSRas57VUcgHjzt7jt8jgrG2Y7KDKaZyGWqjpiTDEXcO695XPnvxgbX4GtWRSQqDUbwGIsRcZ3yBDhkbXCqpaafWow%3D%3D"}],"max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
64b19f101d880631-FRA
expires
Tue, 26 Apr 2022 10:45:50 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 		48 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://mysearchflow.com
Referer
https://mysearchflow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 06 May 2021 10:45:50 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617
age
1626089
cdn-cachedat
2021-04-17 17:03:03
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e2e1be1800004e98bcb0c000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
239f34327684399a819ea6b3174a9504
cf-ray
64b19f102e4f4e98-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
file-zip-icon.png
mysearchflow.com/img/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mysearchflow.com/img/file-zip-icon.png
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.22.199.235 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
af62d4d5b3c78b221cdf4ce81f7dcebf4e673c913fc39c78e51042696f7539e1

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
mysearchflow.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Cookie
p=ac; c=flch44
Connection
keep-alive
Referer
https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 06 May 2021 10:45:50 GMT
Last-Modified
Fri, 03 Jul 2020 14:23:54 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5eff3f7a-3180"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12672
download-white.png
mysearchflow.com/img/ 		492 B
739 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mysearchflow.com/img/download-white.png
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.22.199.235 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
32cbabcc9e41fa2129708a6001ab15a55a0a6a97b1880691666fa45ef13edac4

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
mysearchflow.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Cookie
p=ac; c=flch44
Connection
keep-alive
Referer
https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 06 May 2021 10:45:50 GMT
Last-Modified
Fri, 03 Jul 2020 14:23:54 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5eff3f7a-1ec"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
492
ChromeWebStore_Badge_v2_206x58.png
mysearchflow.com/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mysearchflow.com/img/ChromeWebStore_Badge_v2_206x58.png
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.22.199.235 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
2b74fcd6c38eb603d9c86cd1c8cb97ba423d200d7e3e555cbc5a704ac456e00f

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
mysearchflow.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Cookie
p=ac; c=flch44
Connection
keep-alive
Referer
https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 06 May 2021 10:45:50 GMT
Last-Modified
Mon, 30 Nov 2020 12:20:53 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5fc4e3a5-d6b"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3435
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-591619351
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
1d719899927911765ef9fa09d2d7a04cfaf9ec457ac904244a2a38d0ebdfc46a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mysearchflow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 06 May 2021 10:45:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13939
x-xss-protection
0
server
cafe
etag
13858269566466873807
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 06 May 2021 10:45:50 GMT
Cookie set landing.php
querilis.com/t/ Frame 140B 		361 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://querilis.com/t/landing.php?campaign=flch44&ctype=cpa&p=ac&click=16202977333275194322091688779616320&zone=3966115
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.105.75.100 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
a19a7044811a554233de5d1568523639856a58ea23044463291723345cbf4749

Request headers

Host
querilis.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mysearchflow.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://mysearchflow.com/

Response headers

Server
nginx
Date
Thu, 06 May 2021 10:45:50 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Origin
*
Set-Cookie
campaign=flch44; expires=Tue, 05-May-2026 10:45:50 GMT; Max-Age=157680000; path=/; samesite=none; domain=.querilis.com; secure ctype=cpa; expires=Tue, 05-May-2026 10:45:50 GMT; Max-Age=157680000; path=/; samesite=none; domain=.querilis.com; secure p=ac; expires=Tue, 05-May-2026 10:45:50 GMT; Max-Age=157680000; path=/; samesite=none; domain=.querilis.com; secure click=16202977333275194322091688779616320; expires=Tue, 05-May-2026 10:45:50 GMT; Max-Age=157680000; path=/; samesite=none; domain=.querilis.com; secure zone=3966115; expires=Tue, 05-May-2026 10:45:50 GMT; Max-Age=157680000; path=/; samesite=none; domain=.querilis.com; secure e=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; samesite=none; domain=.querilis.com; secure _asd=16202979506761668; expires=Fri, 06-May-2022 10:45:50 GMT; Max-Age=31536000; path=/; samesite=none; domain=querilis.com; secure
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Encoding
gzip
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/591619351/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/591619351/?random=1620297950844&cv=9&fst=1620297950844&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4s0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmysearchflow.com%2F%3Fab%3Dlp3%26c%3Dflch44%26z%3D3966115%26ck%3D16202977333275194322091688779616320%26t%3Dcpa%26p%3Dac&tiba=Flow%20%7C%20Flow%20enhances%20your%20search%20experience%20by%20adding%20additional%20relevant%20search%20results.&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1da9e6a8ce9de0cc2d31246b6b55b64864dbe286a7ef0b3048918a08d047d329
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mysearchflow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 06 May 2021 10:45:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1142
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/591619351/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/591619351/?random=1620297950844&cv=9&fst=1620295200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4s0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmysearchflow.com%2F%3Fab%3Dlp3%26c%3Dflch44%26z%3D3966115%26ck%3D16202977333275194322091688779616320%26t%3Dcpa%26p%3Dac&tiba=Flow%20%7C%20Flow%20enhances%20your%20search%20experience%20by%20adding%20additional%20relevant%20search%20results.&async=1&fmt=3&is_vtc=1&random=1708235924&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mysearchflow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 06 May 2021 10:45:50 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/591619351/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/591619351/?random=1620297950844&cv=9&fst=1620295200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4s0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmysearchflow.com%2F%3Fab%3Dlp3%26c%3Dflch44%26z%3D3966115%26ck%3D16202977333275194322091688779616320%26t%3Dcpa%26p%3Dac&tiba=Flow%20%7C%20Flow%20enhances%20your%20search%20experience%20by%20adding%20additional%20relevant%20search%20results.&async=1&fmt=3&is_vtc=1&random=1708235924&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: mysearchflow.com
URL: https://mysearchflow.com/?ab=lp3&c=flch44&z=3966115&ck=16202977333275194322091688779616320&t=cpa&p=ac
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mysearchflow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 06 May 2021 10:45:50 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0
128.png
bapoeoceggfnnoomenaapjkofjlpmbeh/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png
Domain
bapoeoceggfnnoomenaapjkofjlpmbeh
URL
chrome-extension://bapoeoceggfnnoomenaapjkofjlpmbeh/128.png

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| google_tag_manager object| dataLayer function| gtag object| google_tag_data function| showPopRetry function| hidePopRetry boolean| installed function| URLExists function| isInstalled function| popOver function| openStore function| trackFeature function| $ function| jQuery function| Popper object| bootstrap function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO

8 Cookies

Domain/Path Name / Value
.querilis.com/ Name: zone
Value: 3966115
.querilis.com/ Name: click
Value: 16202977333275194322091688779616320
.querilis.com/ Name: _asd
Value: 16202979506761668
.querilis.com/ Name: p
Value: ac
.querilis.com/ Name: campaign
Value: flch44
.mysearchflow.com/ Name: c
Value: flch44
.querilis.com/ Name: ctype
Value: cpa
.mysearchflow.com/ Name: p
Value: ac

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bapoeoceggfnnoomenaapjkofjlpmbeh
cdnjs.cloudflare.com
code.jquery.com
googleads.g.doubleclick.net
maxcdn.bootstrapcdn.com
mysearchflow.com
querilis.com
stackpath.bootstrapcdn.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
bapoeoceggfnnoomenaapjkofjlpmbeh
142.250.186.130
165.22.199.235
2001:4de0:ac18::1:a:2b
2606:4700::6810:125e
2606:4700::6812:acf
2a00:1450:4001:800::2002
2a00:1450:4001:811::2008
2a00:1450:4001:829::2003
2a00:1450:4001:831::2004
46.105.75.100
1d719899927911765ef9fa09d2d7a04cfaf9ec457ac904244a2a38d0ebdfc46a
1da9e6a8ce9de0cc2d31246b6b55b64864dbe286a7ef0b3048918a08d047d329
2b74fcd6c38eb603d9c86cd1c8cb97ba423d200d7e3e555cbc5a704ac456e00f
32cbabcc9e41fa2129708a6001ab15a55a0a6a97b1880691666fa45ef13edac4
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
9b7d0df49f01acabf90d099884b3d3a4bfa1986f9527c9d52483997ab18edcd9
a19a7044811a554233de5d1568523639856a58ea23044463291723345cbf4749
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
af62d4d5b3c78b221cdf4ce81f7dcebf4e673c913fc39c78e51042696f7539e1
d6b8044085cd3d0124fb629a3b52e8405b126aca5fbd89df07cfe41b2f3c2786
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa3c5bff496e25f777f5d890fa076d8f2a60dd3c57638c52f1000df132e3378c