howtoupdate.greatandonlygoodplaceforcontentsafegood.win Open in urlscan Pro
51.15.157.171 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://velocecdn.com/prod/redirect.html?lu=http%3A%2F%2Fservicesforoffers.life%2Fadvertising%2F%3Fcamp%3D11251%26net%...
Effective URL:
http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&ci...
Submission: On April 09 via manual (April 9th 2018, 10:44:50 am UTC) from FI

Summary HTTP 9 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 8 domains to perform 9 HTTP transactions. The main IP is 51.15.157.171, located in France and belongs to AS12876, FR. The main domain is howtoupdate.greatandonlygoodplaceforcontentsafegood.win.

This is the only time howtoupdate.greatandonlygoodplaceforcontentsafegood.win was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.16.119.230 104.16.119.230	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2 2	212.129.56.50 212.129.56.50	12876 (AS12876) (AS12876)
1 1	51.15.153.219 51.15.153.219	12876 (AS12876) (AS12876)
1	51.15.157.171 51.15.157.171	12876 (AS12876) (AS12876)
1	216.58.205.234 216.58.205.234	15169 (GOOGLE) (GOOGLE - Google LLC)
2	13.32.218.227 13.32.218.227	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	13.32.218.14 13.32.218.14	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	216.58.205.227 216.58.205.227	15169 (GOOGLE) (GOOGLE - Google LLC)
9	6

1 104.16.119.230 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

velocecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.129.56.50 (France) 2 redirects

ASN12876 (AS12876, FR)
PTR: 212-129-56-50.rev.poneytelecom.eu

servicesforoffers.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.15.153.219 (France) 1 redirects

ASN12876 (AS12876, FR)
PTR: 51-15-153-219.rev.poneytelecom.eu

www.placesetnowforcontentsafenow.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.15.157.171 (France)

ASN12876 (AS12876, FR)
PTR: 51-15-157-171.rev.poneytelecom.eu

howtoupdate.greatandonlygoodplaceforcontentsafegood.win	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.205.234 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f234.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.218.227 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-218-227.fra56.r.cloudfront.net

js.bestquickcontentfiles.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.218.14 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-218-14.fra56.r.cloudfront.net

d1ylwlpty6udeh.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.205.227 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	cloudfront.net d1ylwlpty6udeh.cloudfront.net	165 KB
2	bestquickcontentfiles.com js.bestquickcontentfiles.com	4 KB
2	servicesforoffers.life 2 redirects servicesforoffers.life	926 B
1	gstatic.com fonts.gstatic.com	9 KB
1	googleapis.com fonts.googleapis.com	653 B
1	greatandonlygoodplaceforcontentsafegood.win howtoupdate.greatandonlygoodplaceforcontentsafegood.win	6 KB
1	placesetnowforcontentsafenow.bid 1 redirects www.placesetnowforcontentsafenow.bid	485 B
1	velocecdn.com velocecdn.com	1 KB
9	8

	Domain	Requested by
3	d1ylwlpty6udeh.cloudfront.net	howtoupdate.greatandonlygoodplaceforcontentsafegood.win
2	js.bestquickcontentfiles.com	howtoupdate.greatandonlygoodplaceforcontentsafegood.win
2	servicesforoffers.life	2 redirects
1	fonts.gstatic.com	howtoupdate.greatandonlygoodplaceforcontentsafegood.win
1	fonts.googleapis.com	howtoupdate.greatandonlygoodplaceforcontentsafegood.win
1	howtoupdate.greatandonlygoodplaceforcontentsafegood.win
1	www.placesetnowforcontentsafenow.bid	1 redirects
1	velocecdn.com
9	8

This site contains links to these domains. Also see Links.

Domain
www.cityguardsafe.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
Frame ID: A9A37B37F4561524E5971C80F8990D19
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://velocecdn.com/prod/redirect.html?lu=http%3A%2F%2Fservicesforoffers.life%2Fadvertising%2F%3... Page URL
http://servicesforoffers.life/advertising/?camp=11251&net=9401&pub_sd=1788055&cid=152309420233924390382105... HTTP 302
http://servicesforoffers.life/advertising/process.php?net=9401&ref=5&pub_sd=1788055&2&prod=9&ad_unit_id=4&... HTTP 302
http://www.placesetnowforcontentsafenow.bid/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8ZouOb_fNXvIFcRVkGZfcUBL2CTpN6EL... HTTP 302
http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrV... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

List.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^List$/i

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

8
Domains

8
Subdomains

6
IPs

2
Countries

185 kB
Transfer

205 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.cityguardsafe.com/4CJpxZF7Vv3i93j9BgemjEnawVLPFTCOvpJcj8eg4cqAiCe9+ZccRZlFDfEqjYo0rklqDtokbtB3I9+744MVfcsVzU7R1Q34ytSRvlC2IYVRjcbEdFriKQBmGoJIOpx3Q7b4fS3QZQYx8CKlJ+ibGAUfsFhXHPvFGIL9MFJIzcvD1gmM82anHMDHI6G3vUbj9ZSbm22YPjdM5nyOCC6_KUmJ5jxvTHjj+sO0SbmZEn9AjzmgDf7C0wOsZOux7vqeHu1JPo27obRTsfBCT0+OBaYU397A7D9gCxPq9dpKXeoFrbo2My5ncGfDI9JQ1H2zb33hxwCbu53lLMd5BSufyVyZ2xJkl0eXLOeG3cIP9I9HvZKdx1EjvUpy4mQd+rgHbfnmKDHyon1ATt90+Yx6zz82Vk8WY919qktxxU0wSE_FVCkMeSHhDJUzVhog19rG3V00PBH6JUQ07lZYW4SmxZH7lZOaR_FwzaXPebj+s+7iR+JP9rWX1qTYQhSaYXdAha7v_l59fUixsDSs0Jws4gCEBp1Q0sZttBRcfZdK1sBghbFlrh7iG_0I+J1+hCl5zraS0gz23hFMhzbeWBiRjnAKb6O+MEBAs4Ij7AZUMzDD6XgJ+4gVRrnXXlJBJsJywIC_hGOPtFRdZh6pU3__PLUupmjGjxvmjMsiCSF9NMR8OtYtyEIr3m7f52jzqxKJcZSGPYeVYXz26xJaA190hYq1doGzh1akWuMV86LlkkDCaszqqHOXaxZQnIyyiexAuyk3Yd3j9rMJYrWY+MQtYLZjb41ls2Y7zrye4DC+1iJdyTwcB0BmknYPdP1GAxPdiPOkql9bWJdlTKViQpCyXDUAmmWehSamUAqdOP4oXVDy4PqLx3NMP+zoe+NcX+uamH1IxPRQy5mL4WcsOa7sggzoATJziZ_MxJvyMPk3k67E3PQoGExKlfap6v28WTlR1DIDO0wzhM4_j4U8F_xpLxkT_PBwlkJ4ApaOZver_igETlXhRnsYZmq8OKU68o3vwoZDBF3QhtwEKDaCgukSreOo4H4VhbVdMdl3WQWeffwMZEZIYBZwr7LCWzyQit0KiW50z94XABlhW+vcUmH+X_tiTbiThP9JKEHSWAAc83Dd2zYHxuj8aW4IfR9674_Oic4VZDDkZWyZ0U_o+bevhIsyklZezcxITtjyLLH_hcdG3fClwwamSSNB+0XKHvU3ytGtBU2PHafVIDTg4Cokr3s9Ii_nLDjgWcgXgZhM3Fhlox_BIG3G381FtSyfE9k34RSv3u5vmqMxy90RmPG4ZKp2iqu4BABekrC6FHwURMQjH57WghfLqWSRI+0mA+nxVayDDVCP5AJ_33roPRo1Ay6NGHveBYwphhlxoPK84WmxnMe0ag+s6to9pR7_sMfdqOvY2lc+E3HjNZ_kmGsI4mxZLgm6RRcJ7IrKZTDnmYo0Hqm65BMrBVXQ61j1XRl9QmIIvrcqOKo9xWTktc4aIgDb2fGi7w==-G1sBAOSYzrapbJ8_8NRciajNDhwOWyBRK40KBNMskOTRX29ox6khJZyL+y9wf0EyppHD91wAuQRqITSg34mbc7heUtUIHt__83unl_r0zrBG_LvWHtd76_dtzZfT2me+K+jL6HLrPiejuGq3YjyedNTy5_n2C+ikE_5a55btR89JVNg1Rk6Lje1p39P9nh5VKsX6M+4WDAOdpDOJEwome2elJmH4AKgiGDhlRAgiFYBCo0lx1yhnsFQKOEeb4F2ThkgQ0lQYAB20zjhI9GYDwgAjP2Nf_M_hhBzXO0IE8skb3fXmb8fxF2euaK1AKmLiswc9cll5hzS69gbs1j_5t_u9Y6C31pkEKfx5
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://velocecdn.com/prod/redirect.html?lu=http%3A%2F%2Fservicesforoffers.life%2Fadvertising%2F%3Fcamp%3D11251%26net%3D9401%26pub_sd%3D1788055%26cid%3D15230942023392439038210534266278008%20 Page URL
http://servicesforoffers.life/advertising/?camp=11251&net=9401&pub_sd=1788055&cid=15230942023392439038210534266278008 HTTP 302
http://servicesforoffers.life/advertising/process.php?net=9401&ref=5&pub_sd=1788055&2&prod=9&ad_unit_id=4&creative_id=4&sid=2&t=1457603843840&rh=9&utm_source=8=referral&adserver=adsrv1&aff=11251&referal=15230942023392439038210534266278008 HTTP 302
http://www.placesetnowforcontentsafenow.bid/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8ZouOb_fNXvIFcRVkGZfcUBL2CTpN6ELeZYTupQBlYXN7mw..&cid=15230942023392439038210534266278008&SUB_ID=1788055 HTTP 302
http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM. Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set redirect.html Show response
velocecdn.com/prod/ 294 B
1 KB 123ms
118ms Document
text/html 104.16.119.230
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://velocecdn.com/prod/redirect.html?lu=http%3A%2F%2Fservicesforoffers.life%2Fadvertising%2F%3Fcamp%3D11251%26net%3D9401%26pub_sd%3D1788055%26cid%3D15230942023392439038210534266278008%20
Protocol: HTTP/1.1
Server: 104.16.119.230 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f90f62f606f4486ffbc1ae6bef40a1c3a7b879fac1c389f5c980038095e89b9f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: velocecdn.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 09 Apr 2018 10:44:39 GMT
Content-Encoding: gzip
X-GUploader-UploadID: AEnB2Uo_i-g4JKRhO2VHJMj_codquWvu9HzbbVifg928_lWbV1x3TYwInQnbt6GJ5OjE8htCvfFVJ3uNkC0XHJsg3wh-7JP8EA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
Connection: keep-alive
Last-Modified: Wed, 13 Sep 2017 08:50:19 GMT
Server: cloudflare
x-goog-hash: crc32c=HmOS+Q== md5=JF+uLexlGCNwRXsKRhEnxQ==
Content-Type: text/html
x-goog-generation: 1505292619361983
Cache-Control: public, max-age=3600
Transfer-Encoding: chunked
x-goog-stored-content-length: 294
Set-Cookie: __cfduid=d67152f5a0887eac330205c94ce5dcea41523270679; expires=Tue, 09-Apr-19 10:44:39 GMT; path=/; domain=.velocecdn.com; HttpOnly
CF-RAY: 408c6132b64d2666-FRA
Expires: Mon, 09 Apr 2018 11:44:39 GMT

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
howtoupdate.greatandonlygoodplaceforcontentsafegood.win/
Redirect Chain

http://servicesforoffers.life/advertising/?camp=11251&net=9401&pub_sd=1788055&cid=15230942023392439038210534266278008
http://servicesforoffers.life/advertising/process.php?net=9401&ref=5&pub_sd=1788055&2&prod=9&ad_unit_id=4&creative_id=4&sid=2&t=1457603843840&rh=9&utm_source=8=referral&adserver=adsrv1&aff=11251&re...
http://www.placesetnowforcontentsafenow.bid/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8ZouOb_fNXvIFcRVkGZfcUBL2CTpN6ELeZYTupQBlYXN7mw..&cid=15230942023392439038210534266278008&SUB_ID=1788055
http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&...

28 KB
6 KB

118ms
96ms

Document
text/html

51.15.157.171
AS12876

General

Check archive.org

Show headers Download Go to

Full URL: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
Protocol: HTTP/1.1
Server: 51.15.157.171 , France, ASN12876 (AS12876, FR),
Reverse DNS: 51-15-157-171.rev.poneytelecom.eu
Software: nginx/1.13.9 / PHP/7.0.27-0+deb9u1
Resource Hash: 1137f290fdf189de9d1e5fdd1220e5b65e2a6ba232420e8e4e0e02dec26d50dc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: howtoupdate.greatandonlygoodplaceforcontentsafegood.win
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://velocecdn.com/prod/redirect.html?lu=http%3A%2F%2Fservicesforoffers.life%2Fadvertising%2F%3Fcamp%3D11251%26net%3D9401%26pub_sd%3D1788055%26cid%3D15230942023392439038210534266278008%20
Connection: keep-alive
Cache-Control: no-cache
Referer: http://velocecdn.com/prod/redirect.html?lu=http%3A%2F%2Fservicesforoffers.life%2Fadvertising%2F%3Fcamp%3D11251%26net%3D9401%26pub_sd%3D1788055%26cid%3D15230942023392439038210534266278008%20
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 09 Apr 2018 10:44:39 GMT
Content-Encoding: gzip
Server: nginx/1.13.9
X-Powered-By: PHP/7.0.27-0+deb9u1
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Set-Cookie: channel=mibo_pc_achn_ffie_yib_12401; expires=Mon, 09-Apr-2018 11:04:39 GMT; Max-Age=1200; path=/ dist_id=6704; expires=Mon, 09-Apr-2018 11:04:39 GMT; Max-Age=1200; path=/ lp_id=2401; expires=Mon, 09-Apr-2018 11:04:39 GMT; Max-Age=1200; path=/
Connection: keep-alive

Redirect headers

Location: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
Date: Mon, 09 Apr 2018 10:44:39 GMT
Server: nginx/1.11.6
Connection: keep-alive
X-Powered-By: PHP/7.0.23-1~dotdeb+8.1
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
S 200 css
fonts.googleapis.com/ 2 KB
653 B 17ms
16ms Stylesheet
text/css 216.58.205.234
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: howtoupdate.greatandonlygoodplaceforcontentsafegood.win
URL: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.

Protocol

SPDY

Server

216.58.205.234 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s24-in-f234.1e100.net

Software

ESF /

Resource Hash

853f90b3f3829a8cb42b31b7ba0058aae3127bb5da43174157cdf85073460461

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 09 Apr 2018 10:44:39 GMT
content-encoding: gzip
last-modified: Mon, 09 Apr 2018 10:44:39 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
x-xss-protection: 1; mode=block
expires: Mon, 09 Apr 2018 10:44:39 GMT

GET
H/1.1 200
OK dl.min.js Show response
js.bestquickcontentfiles.com/ 2 KB
2 KB 185ms
8ms Script
application/javascript 13.32.218.227
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://js.bestquickcontentfiles.com/dl.min.js
Requested by: Host: howtoupdate.greatandonlygoodplaceforcontentsafegood.win
URL: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
Protocol: HTTP/1.1
Server: 13.32.218.227 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-218-227.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3e9b1e419ce53f556d21d94b8e3deb4cc772040d5b871a3fe1412f1d42fc0b49

Request headers

Referer: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 27 Dec 2017 17:28:54 GMT
Via: 1.1 4212187803e21d93459a7f54ccbb680a.cloudfront.net (CloudFront)
Last-Modified: Thu, 10 Aug 2017 07:40:39 GMT
Server: AmazonS3
Age: 62090
ETag: "61cc842cd45a9714f8cf3596b9ae82d0"
X-Cache: Hit from cloudfront
x-amz-version-id: 3kg27hHZEF.jyft4m.8HfrJ2gYVRK1XF
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 1621
X-Amz-Cf-Id: P7gL26cE-otfbFwnvkpfUqSSxIL_9-fgGuHlbEauDrguuhVdNFjWGA==

GET
H/1.1 200
OK flash_windows.gif
d1ylwlpty6udeh.cloudfront.net/lps/FlashOfficial_T/images/ 146 KB
146 KB 25ms
13ms Image
image/gif 13.32.218.14
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d1ylwlpty6udeh.cloudfront.net/lps/FlashOfficial_T/images/flash_windows.gif
Requested by: Host: howtoupdate.greatandonlygoodplaceforcontentsafegood.win
URL: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
Protocol: HTTP/1.1
Server: 13.32.218.14 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-218-14.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cdd38b4c23dbec02fed7f20d0e4c470e0a7f50c89aa8d82cae27402631f8654a

Request headers

Referer: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Fri, 23 Mar 2018 20:51:55 GMT
Via: 1.1 4212187803e21d93459a7f54ccbb680a.cloudfront.net (CloudFront)
x-amz-meta-crossftp-original-file-date-iso8601: 2014-12-26T13:35:55.719Z
Server: AmazonS3
Age: 49072
ETag: "bf771c49285d3a93393599e2be71ae03"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Last-Modified: Mon, 06 Jun 2016 13:27:45 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 149331
X-Amz-Cf-Id: bWC1lYp3rvP83-jY6hEY0Q0_qE83r_uICxN4xxwtIL4DYFCO-ryMjQ==

GET
H/1.1 200
OK flash_windows.png
d1ylwlpty6udeh.cloudfront.net/lps/om_flash/images/ 17 KB
17 KB 19ms
8ms Image
image/png 13.32.218.14
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d1ylwlpty6udeh.cloudfront.net/lps/om_flash/images/flash_windows.png
Requested by: Host: howtoupdate.greatandonlygoodplaceforcontentsafegood.win
URL: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
Protocol: HTTP/1.1
Server: 13.32.218.14 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-218-14.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a758ae0536764924b776fcfda61e99b776cc29bd0770395187f3adedadf0bc32

Request headers

Referer: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Fri, 23 Mar 2018 22:43:17 GMT
Via: 1.1 177d9edea4bc2d9db934cc4080f20342.cloudfront.net (CloudFront)
x-amz-meta-crossftp-original-file-date-iso8601: 2017-09-27T08:27:59.434Z
Server: AmazonS3
Age: 42406
ETag: "1bb793fb8bd52a0d150d3821ca31e8f4"
X-Cache: Hit from cloudfront
Content-Type: image/png
Last-Modified: Wed, 27 Sep 2017 08:28:59 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16970
X-Amz-Cf-Id: -33Ov5CXCijHmTkmwQ7b0X2dNywxQVWGfh508ef14iW9YuH9OZqa_w==

GET
H/1.1 200
OK d.min.js Show response
js.bestquickcontentfiles.com/ 1 KB
2 KB 167ms
7ms Script
application/javascript 13.32.218.227
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://js.bestquickcontentfiles.com/d.min.js
Requested by: Host: howtoupdate.greatandonlygoodplaceforcontentsafegood.win
URL: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
Protocol: HTTP/1.1
Server: 13.32.218.227 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-218-227.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5851c6ce0f1a72400ab4707a69ba52250f5d1121bb67906035b583dbdfb488b6

Request headers

Referer: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 20 Nov 2017 07:52:53 GMT
Via: 1.1 170fdbe261f5e85186a08817806feba2.cloudfront.net (CloudFront)
Last-Modified: Sun, 05 Nov 2017 09:39:10 GMT
Server: AmazonS3
Age: 67098
ETag: "076327acad248ed10948c6accd370b0d"
X-Cache: Hit from cloudfront
x-amz-version-id: NE6VH5YJ8JvSaFOGN4nGek8SP4bXMoRc
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 1410
X-Amz-Cf-Id: E5fOSZ8Fiuz55ALIldWvUSsn1sXyqUxjQgNhe8KXakqtVM_YFfJmoA==

GET
H/1.1 200
OK logo.png
d1ylwlpty6udeh.cloudfront.net/lps/FlashOfficial_T/images/ 851 B
1 KB 18ms
8ms Image
image/png 13.32.218.14
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d1ylwlpty6udeh.cloudfront.net/lps/FlashOfficial_T/images/logo.png
Requested by: Host: howtoupdate.greatandonlygoodplaceforcontentsafegood.win
URL: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
Protocol: HTTP/1.1
Server: 13.32.218.14 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-218-14.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 437732c13947ebcfbc91f7a808671fbdb87f2b697cadf3833c44682e942e19e9

Request headers

Referer: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win/?pcl=4IzofGifhKonKXZVGmX_ApeSegNjUSzFrKz1TUM8Zouvrk03UMxoKdKrKSjUyA_ISsK4TrVPupPOpSEEBHjzNA..&cid=15230942023392439038210534266278008&SUB_ID=1788055&v_id=pNuXlssvYd583GA2E6Uv4i3b57Elx3yfOQ4gPcvghhM.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Fri, 23 Mar 2018 20:51:55 GMT
Via: 1.1 9740f884e58cfb465c19a8a2b144f34f.cloudfront.net (CloudFront)
x-amz-meta-crossftp-original-file-date-iso8601: 2014-12-26T12:57:40.154Z
Server: AmazonS3
Age: 49096
ETag: "c1650ca2560fae927569486121db8ec9"
X-Cache: Hit from cloudfront
Content-Type: image/png
Last-Modified: Mon, 06 Jun 2016 13:27:45 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 851
X-Amz-Cf-Id: pm1lJx6tWCh9wWsevl0_pYKsyosaAQHazpl-LPUGTExisK0SQf8qOg==

GET
S 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
6ms Font
font/woff2 216.58.205.227
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Protocol

SPDY

Server

216.58.205.227 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s24-in-f3.1e100.net

Software

sffe /

Resource Hash

8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans
Origin: http://howtoupdate.greatandonlygoodplaceforcontentsafegood.win

Response headers

date: Tue, 20 Mar 2018 08:29:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:46 GMT
server: sffe
age: 1736088
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length: 8892
x-xss-protection: 1; mode=block
expires: Wed, 20 Mar 2019 08:29:52 GMT

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
howtoupdate.greatandonlygoodplaceforcontentsafegood.win/	1970-01-18 15:07:51	Name: lp_id Value: 2401
howtoupdate.greatandonlygoodplaceforcontentsafegood.win/	1970-01-18 15:07:51	Name: dist_id Value: 6704
howtoupdate.greatandonlygoodplaceforcontentsafegood.win/	1970-01-18 15:07:51	Name: channel Value: mibo_pc_achn_ffie_yib_12401

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d1ylwlpty6udeh.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
howtoupdate.greatandonlygoodplaceforcontentsafegood.win
js.bestquickcontentfiles.com
servicesforoffers.life
velocecdn.com
www.placesetnowforcontentsafenow.bid
104.16.119.230
13.32.218.14
13.32.218.227
212.129.56.50
216.58.205.227
216.58.205.234
51.15.153.219
51.15.157.171
1137f290fdf189de9d1e5fdd1220e5b65e2a6ba232420e8e4e0e02dec26d50dc
3e9b1e419ce53f556d21d94b8e3deb4cc772040d5b871a3fe1412f1d42fc0b49
437732c13947ebcfbc91f7a808671fbdb87f2b697cadf3833c44682e942e19e9
5851c6ce0f1a72400ab4707a69ba52250f5d1121bb67906035b583dbdfb488b6
853f90b3f3829a8cb42b31b7ba0058aae3127bb5da43174157cdf85073460461
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
a758ae0536764924b776fcfda61e99b776cc29bd0770395187f3adedadf0bc32
cdd38b4c23dbec02fed7f20d0e4c470e0a7f50c89aa8d82cae27402631f8654a
f90f62f606f4486ffbc1ae6bef40a1c3a7b879fac1c389f5c980038095e89b9f

howtoupdate.greatandonlygoodplaceforcontentsafegood.win Open in urlscan Pro 51.15.157.171 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

0 %HTTPS

0 %IPv6

8 Domains

8 Subdomains

6 IPs

2 Countries

185 kBTransfer

205 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

3 Cookies

Indicators

howtoupdate.greatandonlygoodplaceforcontentsafegood.win Open in urlscan Pro
51.15.157.171 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

0 %
IPv6

8
Domains

8
Subdomains

6
IPs

2
Countries

185 kB
Transfer

205 kB
Size

3
Cookies

9 HTTP transactions
0 data transactions