Submitted URL: http://itsgreatnatural.xyz/RHC1GmEJiJ
Effective URL: http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1595954599.437.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120
Submission: On July 28 via manual from US

Summary

This website contacted 3 IPs in 4 countries across 6 domains to perform 4 HTTP transactions. The main IP is 34.196.13.28, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is quatrefeuillepolonaise.xyz.
This is the only time quatrefeuillepolonaise.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 8.210.219.134 45102 (CNNIC-ALI...)
1 1 212.7.204.100 60781 (LEASEWEB-...)
1 2 91.228.153.25 44066 (DE-FIRSTC...)
1 2a03:90c0:999... 199524 (GCORE)
1 1 40.118.239.198 8075 (MICROSOFT...)
2 34.196.13.28 14618 (AMAZON-AES)
4 3
Domain Requested by
2 dsfffmb.mobi 1 redirects
1 quatrefeuillepolonaise.xyz
1 saltiersilurus.xyz dsfffmb.mobi
1 www.track4cr.com 1 redirects
1 dadbab.info dsfffmb.mobi
1 buy.itsgreatnatural.xyz 1 redirects
1 itsgreatnatural.xyz 1 redirects
4 7

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1595954599.437.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120
Frame ID: 7F261123A481BA7255D55E062842E959
Requests: 4 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://itsgreatnatural.xyz/RHC1GmEJiJ HTTP 302
    http://buy.itsgreatnatural.xyz/5e631c530a91860001656cc5?pubid=%7Bpubid%7D HTTP 302
    http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=... Page URL
  2. http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=... HTTP 302
    http://www.track4cr.com/click.track?CID=425460&AFID=432697&ADID=2260746&AffiliateReferenceID=-7EBRQC... HTTP 302
    http://saltiersilurus.xyz/ Page URL
  3. http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1595954599.437.2.1.c2FsdGllcnNpbHVydXMue... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

4
Requests

0 %
HTTPS

17 %
IPv6

6
Domains

7
Subdomains

3
IPs

4
Countries

16 kB
Transfer

31 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://itsgreatnatural.xyz/RHC1GmEJiJ HTTP 302
    http://buy.itsgreatnatural.xyz/5e631c530a91860001656cc5?pubid=%7Bpubid%7D HTTP 302
    http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf Page URL
  2. http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf&fingerprint_=74910b49e6ea53267228083d4441d11d HTTP 302
    http://www.track4cr.com/click.track?CID=425460&AFID=432697&ADID=2260746&AffiliateReferenceID=-7EBRQCgQAAHMP2kO4AwOuXAODXjAuBgMKQQACD-dUIF8RDRoRDSIRDUIRDVoDTkwHbmwxf2FkY29tYm__a3hWelJjZHoAA1dr&SID=pid5d36eb203bd6158d4eab533424830c26&subid1={pixel_id} HTTP 302
    http://saltiersilurus.xyz/ Page URL
  3. http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1595954599.437.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://itsgreatnatural.xyz/RHC1GmEJiJ HTTP 302
  • http://buy.itsgreatnatural.xyz/5e631c530a91860001656cc5?pubid=%7Bpubid%7D HTTP 302
  • http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf
Request Chain 2
  • http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf&fingerprint_=74910b49e6ea53267228083d4441d11d HTTP 302
  • http://www.track4cr.com/click.track?CID=425460&AFID=432697&ADID=2260746&AffiliateReferenceID=-7EBRQCgQAAHMP2kO4AwOuXAODXjAuBgMKQQACD-dUIF8RDRoRDSIRDUIRDVoDTkwHbmwxf2FkY29tYm__a3hWelJjZHoAA1dr&SID=pid5d36eb203bd6158d4eab533424830c26&subid1={pixel_id} HTTP 302
  • http://saltiersilurus.xyz/

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
dsfffmb.mobi/
Redirect Chain
  • http://itsgreatnatural.xyz/RHC1GmEJiJ
  • http://buy.itsgreatnatural.xyz/5e631c530a91860001656cc5?pubid=%7Bpubid%7D
  • http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf
1 KB
1 KB
Document
General
Full URL
http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf
Protocol
HTTP/1.1
Server
91.228.153.25 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software
openresty /
Resource Hash
5cffd0efa04cc91e6eaa0e4eb3618fb0f2404f56b658647981aa2e86af3f163b

Request headers

Host
dsfffmb.mobi
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
openresty
Date
Tue, 28 Jul 2020 16:40:07 GMT
Content-Type
text/html
Content-Length
1245
Connection
keep-alive
X-Node
slave-nl1
Referrer-Policy
unsafe-url
Cache-Control
private, no-transform,no-cache
X-Edge-Node
slave-nl1 dsde252

Redirect headers

Server
nginx
Date
Tue, 28 Jul 2020 16:40:07 GMT
Content-Type
text/html; charset=utf-8
Content-Length
165
Connection
keep-alive
Location
http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf
Set-Cookie
redhash=NWYyMDU0ZTc5NmI1YjEwMDAxOGU2MmNmfDB8NWU2MzFjNTMwYTkxODYwMDAxNjU2Y2M1fHw1NDc2MmY3Yy0yNWMwLTQzMzYtYmY2MS1lNjgwOWFiZTkyOGV8MTU5NTk1NDQwNw==; Path=/; Domain=buy.itsgreatnatural.xyz; Expires=Wed, 28 Jul 2021 16:40:07 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
fingerprint2.2.1.0.min.js
dadbab.info/content/!common_files/js/
29 KB
12 KB
Script
General
Full URL
http://dadbab.info/content/!common_files/js/fingerprint2.2.1.0.min.js
Requested by
Host: dsfffmb.mobi
URL: http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf
Protocol
HTTP/1.1
Server
2a03:90c0:9997::9997 , Germany, ASN199524 (GCORE, AT),
Reverse DNS
Software
nginx /
Resource Hash
b6c65ab685234e744044e9b94c2a52db31b84c54ff3a00044aa188012ad61365

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-ID
cec-up-gc10
Date
Tue, 28 Jul 2020 16:40:07 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Cached-Since
2020-07-26T13:10:31+00:00
Connection
keep-alive
Pragma
public
Last-Modified
Thu, 16 Jan 2020 09:58:32 GMT
Server
nginx
ETag
W/"5e2033c8-73a6"
Vary
Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Cache
HIT
Expires
Tue, 28 Jul 2020 17:40:07 GMT
/
saltiersilurus.xyz/
Redirect Chain
  • http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf&fingerprint_=74910b49e6ea53267228083d4441d11d
  • http://www.track4cr.com/click.track?CID=425460&AFID=432697&ADID=2260746&AffiliateReferenceID=-7EBRQCgQAAHMP2kO4AwOuXAODXjAuBgMKQQACD-dUIF8RDRoRDSIRDUIRDVoDTkwHbmwxf2FkY29tYm__a3hWelJjZHoAA1dr&SID=p...
  • http://saltiersilurus.xyz/
932 B
1 KB
Document
General
Full URL
http://saltiersilurus.xyz/
Requested by
Host: dsfffmb.mobi
URL: http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf
Protocol
HTTP/1.1
Server
34.196.13.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
8b30ad6870317f6cda1f9c0c28f852bd4eabd69c0da331363eb57808c3116c80
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Host
saltiersilurus.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://dsfffmb.mobi/?rid=-7EBNQCgQAAHBDuAMABgEBEREKEQkKEQ1CEQ0SAAF_YWRjb21ibwEx&subpub=55823&sr=1&clickid=5f2054e796b5b100018e62cf

Response headers

Server
nginx
Date
Tue, 28 Jul 2020 16:43:19 GMT
Content-Type
text/html
Content-Length
932
Connection
close
Expires
Mon, 31 Dec 2001 23:59:59 GMT
Pragma
no-cache
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
X-Content-Type-Options
nosniff

Redirect headers

Server
nginx
Date
Tue, 28 Jul 2020 16:40:08 GMT
Content-Type
text/html; charset=utf-8
Content-Length
142
Connection
keep-alive
Cache-Control
private
Location
http://saltiersilurus.xyz
P3P
policyref="/p3p/P3P.www.track4cr.com.xml", CP="NOI DSP COR NID ADM DEV OUR STP OTC"
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Primary Request Cookie set /
quatrefeuillepolonaise.xyz/
415 B
1 KB
Document
General
Full URL
http://quatrefeuillepolonaise.xyz/?k=62478511882e13b995ebd33a04d9a0c7.1595954599.437.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120
Protocol
HTTP/1.1
Server
34.196.13.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
26c0b7bd93a6d20d75f9027c582602b42c8197536208422faf9e13a092f2709f

Request headers

Host
quatrefeuillepolonaise.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Tue, 28 Jul 2020 16:43:19 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
close
Set-Cookie
tpp_u=0%3B1596040808; expires=Thu, 30-Jul-2020 16:40:08 GMT; path=/ tpp_6546459_l=16%3B1596040808; expires=Thu, 30-Jul-2020 16:40:08 GMT; path=/ tpp_ov=102652%3B1596040808; expires=Thu, 30-Jul-2020 16:40:08 GMT; path=/ tpp_ov=102652%2C102907%3B1596040808; expires=Thu, 30-Jul-2020 16:40:08 GMT; path=/ tpp_ov=102652%2C102907%2C102970%3B1596040808; expires=Thu, 30-Jul-2020 16:40:08 GMT; path=/ tpp_oc=102970%3B1596040808; expires=Thu, 30-Jul-2020 16:40:08 GMT; path=/
Expires
Mon, 31 Dec 2001 23:59:59 GMT
Pragma
no-cache

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Domain/Path Name / Value
quatrefeuillepolonaise.xyz/ Name: tpp_oc
Value: 102970%3B1596040808
quatrefeuillepolonaise.xyz/ Name: tpp_ov
Value: 102652%2C102907%2C102970%3B1596040808
quatrefeuillepolonaise.xyz/ Name: tpp_6546459_l
Value: 16%3B1596040808
quatrefeuillepolonaise.xyz/ Name: tpp_u
Value: 0%3B1596040808