urlscan.io logo urlscan.io
SecurityTrails logo

7htl5ppf1o.gunetakeru.tech Open in urlscan Pro
149.100.138.182  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://djz6vt04.eu1.hubspotlinksfree.com/Ctc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW6lZ3kDW7gS3Mc27jMgSW...
Effective URL: https://7htl5ppf1o.gunetakeru.tech/?email=
Submission Tags: falconsandbox
Submission: On February 13 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 7 domains to perform 7 HTTP transactions. The main IP is 149.100.138.182, located in La Courneuve, France and belongs to AS-HOSTINGER, CY. The main domain is 7htl5ppf1o.gunetakeru.tech.
TLS certificate: Issued by R3 on January 25th 2024. Valid for: 3 months.
This is the only time 7htl5ppf1o.gunetakeru.tech was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 172.65.230.173 13335 (CLOUDFLAR...)
1 2 2400:8500:130... 7506 (INTERQ GM...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:2800:233... 15133 (EDGECAST)
1 37.120.234.46 9009 (M247)
1 149.100.138.182 47583 (AS-HOSTINGER)
7 8
2    172.65.230.173 (United States)

ASN13335 (CLOUDFLARENET, US)
djz6vt04.eu1.hubspotlinksfree.com
2    2400:8500:1301:162::19:1 (Japan)

ASN7506 (INTERQ GMO Internet,Inc, JP)
eventsplc.click
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:2800:233:78b9:f44e:2c1f:31aa:d9ef (United States)

ASN15133 (EDGECAST, US)
aadcdn.msftauth.net
1    37.120.234.46 (Sydney, Australia)

ASN9009 (M247, RO)
PTR: no-rdns.m247.com
rw6vpk.unitedarabemiratestube.com
1    149.100.138.182 (La Courneuve, France)

ASN47583 (AS-HOSTINGER, CY)
PTR: vps.mainpage.host
7htl5ppf1o.gunetakeru.tech
Apex Domain
Subdomains		 Transfer
2 eventsplc.click
eventsplc.click
8 KB
2 hubspotlinksfree.com
djz6vt04.eu1.hubspotlinksfree.com
3 KB
1 gunetakeru.tech
7htl5ppf1o.gunetakeru.tech
34 KB
1 unitedarabemiratestube.com
rw6vpk.unitedarabemiratestube.com
531 B
1 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 903
17 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223
28 KB
7 7
Domain Requested by
2 eventsplc.click 1 redirects djz6vt04.eu1.hubspotlinksfree.com
2 djz6vt04.eu1.hubspotlinksfree.com 1 redirects
1 7htl5ppf1o.gunetakeru.tech rw6vpk.unitedarabemiratestube.com
1 rw6vpk.unitedarabemiratestube.com eventsplc.click
1 aadcdn.msftauth.net eventsplc.click
1 fonts.googleapis.com eventsplc.click
1 cdnjs.cloudflare.com eventsplc.click
7 7

This site contains no links.

Subject Issuer Validity Valid
hubspotlinksfree.com
Cloudflare Inc ECC CA-3		 2023-04-17 -
2024-04-16		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2023-12-01 -
2024-12-01		 a year crt.sh
7htl5ppf1o.gunetakeru.tech
R3		 2024-01-25 -
2024-04-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://7htl5ppf1o.gunetakeru.tech/?email=
Frame ID: 71C503847AD9F324F0FCB58898188C49
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Loading... Wait...

Page URL History Show full URLs

  1. https://djz6vt04.eu1.hubspotlinksfree.com/Ctc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW... Page URL
  2. https://djz6vt04.eu1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6... HTTP 307
    http://eventsplc.click/093adspas/033oewa?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5M... HTTP 301
    http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5... Page URL
  3. http://rw6vpk.unitedarabemiratestube.com/ Page URL
  4. https://7htl5ppf1o.gunetakeru.tech/?email= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

71 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

8
IPs

5
Countries

92 kB
Transfer

263 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://djz6vt04.eu1.hubspotlinksfree.com/Ctc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW6lZ3kDW7gS3Mc27jMgSW7mWL-N3055STN6bVhQ4wjxBhW5wt8wm1dXzs-W3Q2XqX43zNyNW3s-NnP6WhN0KW33s2sq8tTZVgN7bhBrVGtqpfN4dYdpnRwVvJW4297Tk5PzK1mW4DL3XS4QP99CN4xDRztDtQDnW3Y_0qW19Y3YTW3gyrDw3ymjw0W5gYYK-7DhswxW92RL9t8Zvpm9N6v7hKDBpCRgW8D87Cg1XnvScW2bsHjX7ZYjZyW5vyjpB3S6FmqW3ZM1PL9l1K4lN2QtcTBS4RC-V4SYDk4vt10YW1DSZhr8mq4zXf3FhJ8-04 Page URL
  2. https://djz6vt04.eu1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW6lZ3kDW7gS3Mc27jMgSW7mWL-N3055STN6bVhQ4wjxBhW5wt8wm1dXzs-W3Q2XqX43zNyNW3s-NnP6WhN0KW33s2sq8tTZVgN7bhBrVGtqpfN4dYdpnRwVvJW4297Tk5PzK1mW4DL3XS4QP99CN4xDRztDtQDnW3Y_0qW19Y3YTW3gyrDw3ymjw0W5gYYK-7DhswxW92RL9t8Zvpm9N6v7hKDBpCRgW8D87Cg1XnvScW2bsHjX7ZYjZyW5vyjpB3S6FmqW3ZM1PL9l1K4lN2QtcTBS4RC-V4SYDk4vt10YW1DSZhr8mq4zXf3FhJ8-04?_ud=c39147f7-ac2c-41b7-9ec6-1e579d7e0e80&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    http://eventsplc.click/093adspas/033oewa?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email HTTP 301
    http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email Page URL
  3. http://rw6vpk.unitedarabemiratestube.com/ Page URL
  4. https://7htl5ppf1o.gunetakeru.tech/?email= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://djz6vt04.eu1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW6lZ3kDW7gS3Mc27jMgSW7mWL-N3055STN6bVhQ4wjxBhW5wt8wm1dXzs-W3Q2XqX43zNyNW3s-NnP6WhN0KW33s2sq8tTZVgN7bhBrVGtqpfN4dYdpnRwVvJW4297Tk5PzK1mW4DL3XS4QP99CN4xDRztDtQDnW3Y_0qW19Y3YTW3gyrDw3ymjw0W5gYYK-7DhswxW92RL9t8Zvpm9N6v7hKDBpCRgW8D87Cg1XnvScW2bsHjX7ZYjZyW5vyjpB3S6FmqW3ZM1PL9l1K4lN2QtcTBS4RC-V4SYDk4vt10YW1DSZhr8mq4zXf3FhJ8-04?_ud=c39147f7-ac2c-41b7-9ec6-1e579d7e0e80&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
  • http://eventsplc.click/093adspas/033oewa?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email HTTP 301
  • http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW6lZ3kDW7gS3Mc27jMgSW7mWL-N3055STN6bVhQ4wjxBhW5wt8wm1dXzs-W3Q2XqX43zNyNW3s-NnP6WhN0KW33s2sq8tTZVgN7bhBrVGtqpfN4dYdpnRwVvJW4297Tk5PzK1mW4DL3XS4...
djz6vt04.eu1.hubspotlinksfree.com/Ctc/DQ+113/djZ6vt04/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://djz6vt04.eu1.hubspotlinksfree.com/Ctc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW6lZ3kDW7gS3Mc27jMgSW7mWL-N3055STN6bVhQ4wjxBhW5wt8wm1dXzs-W3Q2XqX43zNyNW3s-NnP6WhN0KW33s2sq8tTZVgN7bhBrVGtqpfN4dYdpnRwVvJW4297Tk5PzK1mW4DL3XS4QP99CN4xDRztDtQDnW3Y_0qW19Y3YTW3gyrDw3ymjw0W5gYYK-7DhswxW92RL9t8Zvpm9N6v7hKDBpCRgW8D87Cg1XnvScW2bsHjX7ZYjZyW5vyjpB3S6FmqW3ZM1PL9l1K4lN2QtcTBS4RC-V4SYDk4vt10YW1DSZhr8mq4zXf3FhJ8-04
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.230.173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
cf-cache-status
DYNAMIC
cf-ray
854d241c1ed42c46-FRA
content-encoding
br
content-type
text/html;charset=utf-8
date
Tue, 13 Feb 2024 12:40:39 GMT
referrer-policy
no-referrer
server
cloudflare
vary
origin
x-content-type-options
nosniff
x-envoy-upstream-service-time
4
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
fra04/event-tracking-td/envoy-proxy-7b89646b5c-2h9n2
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
9706b380-8e83-4ca5-a2dd-9c98e8388908
x-request-id
9706b380-8e83-4ca5-a2dd-9c98e8388908
x-robots-tag
none
/
eventsplc.click/093adspas/033oewa/
Redirect Chain
  • https://djz6vt04.eu1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW6lZ3kDW7gS3Mc27jMgSW7mWL-N3055STN6bVhQ4wjxBhW5wt8...
  • http://eventsplc.click/093adspas/033oewa?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=8252...
  • http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=825...
42 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email
Requested by
Host: djz6vt04.eu1.hubspotlinksfree.com
URL: https://djz6vt04.eu1.hubspotlinksfree.com/Ctc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW6lZ3kDW7gS3Mc27jMgSW7mWL-N3055STN6bVhQ4wjxBhW5wt8wm1dXzs-W3Q2XqX43zNyNW3s-NnP6WhN0KW33s2sq8tTZVgN7bhBrVGtqpfN4dYdpnRwVvJW4297Tk5PzK1mW4DL3XS4QP99CN4xDRztDtQDnW3Y_0qW19Y3YTW3gyrDw3ymjw0W5gYYK-7DhswxW92RL9t8Zvpm9N6v7hKDBpCRgW8D87Cg1XnvScW2bsHjX7ZYjZyW5vyjpB3S6FmqW3ZM1PL9l1K4lN2QtcTBS4RC-V4SYDk4vt10YW1DSZhr8mq4zXf3FhJ8-04
Protocol
HTTP/1.1
Server
2400:8500:1301:162::19:1 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1f73f96d504b4ebec42d4353c1745d866ef33e2ac322fb34c63f6c2fdd3988cb

Request headers

Referer
https://djz6vt04.eu1.hubspotlinksfree.com/Ctc/DQ+113/djZ6vt04/VVSYWZ6K82mqN5JhNN5w4jnMW6YVQGc59cZnkN44_Dbq3m2ndW7lCdLW6lZ3kDW7gS3Mc27jMgSW7mWL-N3055STN6bVhQ4wjxBhW5wt8wm1dXzs-W3Q2XqX43zNyNW3s-NnP6WhN0KW33s2sq8tTZVgN7bhBrVGtqpfN4dYdpnRwVvJW4297Tk5PzK1mW4DL3XS4QP99CN4xDRztDtQDnW3Y_0qW19Y3YTW3gyrDw3ymjw0W5gYYK-7DhswxW92RL9t8Zvpm9N6v7hKDBpCRgW8D87Cg1XnvScW2bsHjX7ZYjZyW5vyjpB3S6FmqW3ZM1PL9l1K4lN2QtcTBS4RC-V4SYDk4vt10YW1DSZhr8mq4zXf3FhJ8-04
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
accept-ranges
bytes
content-encoding
gzip
content-length
7730
content-type
text/html
date
Tue, 13 Feb 2024 12:40:39 GMT
etag
"a62c-65c3bd18-dec9d2e4d08008e8;gz"
last-modified
Wed, 07 Feb 2024 17:25:44 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent

Redirect headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
content-length
707
content-type
text/html
date
Tue, 13 Feb 2024 12:40:39 GMT
location
http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email
server
LiteSpeed
vary
User-Agent
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: eventsplc.click
URL: http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
http://eventsplc.click/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 13 Feb 2024 12:40:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
4254111
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27938
last-modified
Tue, 02 Mar 2021 18:58:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"603e8adc-15d9d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zq9N%2BQ%2Bc6V%2BjAMbdPC%2BVO5BlVznrn9Mqk22qtrInukHMhOEsFsYUmaokVwI%2FYLW%2FuVP9szySpSoCrMFCDz99UDDSBk7gFIxqEWM17DeUS6jpgxbWq7rfBB2xHNEJy9b8l4KlWnMz71ubR2STrkuWgqDQ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
854d2422bc742bb8-FRA
expires
Sun, 02 Feb 2025 12:40:40 GMT
css2
fonts.googleapis.com/ 		21 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap
Requested by
Host: eventsplc.click
URL: http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
90c4f0951056e5a82b2150c8b3fe6d011a08ea2abc957453d080b8179504e2d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://eventsplc.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 13 Feb 2024 12:40:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 13 Feb 2024 10:53:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 13 Feb 2024 12:40:40 GMT
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msftauth.net/shared/1.0/content/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Requested by
Host: eventsplc.click
URL: http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CBA) /
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://eventsplc.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 13 Feb 2024 12:40:40 GMT
content-md5
EuPayFgGHQiAI7K9SOL6lg==
age
13091406
x-cache
HIT
content-length
17174
x-ms-lease-status
unlocked
last-modified
Sun, 18 Oct 2020 03:02:30 GMT
server
ECAcc (frc/4CBA)
etag
0x8D8731240E548EB
content-type
image/x-icon
access-control-allow-origin
*
x-ms-request-id
25f90f65-201e-001d-4569-e7351f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
truncated
/ 		586 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://eventsplc.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Content-Type
image/png
/
rw6vpk.unitedarabemiratestube.com/ 		323 B
531 B 		Document
General
Check archive.org
Download Go to
Full URL
http://rw6vpk.unitedarabemiratestube.com/
Requested by
Host: eventsplc.click
URL: http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email
Protocol
HTTP/1.1
Server
37.120.234.46 Sydney, Australia, ASN9009 (M247, RO),
Reverse DNS
no-rdns.m247.com
Software
Apache /
Resource Hash

Request headers

Referer
http://eventsplc.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Tue, 13 Feb 2024 12:40:40 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
Primary Request /
7htl5ppf1o.gunetakeru.tech/ 		87 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://7htl5ppf1o.gunetakeru.tech/?email=
Requested by
Host: rw6vpk.unitedarabemiratestube.com
URL: http://rw6vpk.unitedarabemiratestube.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
149.100.138.182 La Courneuve, France, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
vps.mainpage.host
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1k / PHP/7.4.1
Resource Hash
5c4384dc98721b115669feb2fad58f92da8fea39cdd0c8c1bc2747c97dfada9d

Request headers

Referer
http://rw6vpk.unitedarabemiratestube.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
34588
Content-Type
text/html; charset=UTF-8
Date
Tue, 13 Feb 2024 12:40:41 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache/2.4.57 (Unix) OpenSSL/1.1.1k
Vary
Accept-Encoding,User-Agent
X-Powered-By
PHP/7.4.1

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _0xcd187f function| _0x1b3e5e function| _0x5520 function| _0x406f4d function| _0x67835c function| myFunction function| goto function| setCookie function| _0x5528 function| _0x1ec508 function| _0x5b0ed0

1 Cookies

Domain/Path Name / Value
7htl5ppf1o.gunetakeru.tech/ Name: PHPSESSID
Value: f1c33f442739bd4688405f1e76a78a31

2 Console Messages

Source Level URL
Text
javascript warning URL: http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: http://eventsplc.click/093adspas/033oewa/?utm_medium=email&_hsmi=82526927&_hsenc=p2ANqtz-8IdqR8t6G5MZ2_lwhtH9aE3qgd2vMtQhn8eqxbjJVM2vpl3tL2J4DkYmEjRqXxXmPU8Y-__1hCHlqZVS5-pDTwuB8hDQ&utm_content=82526927&utm_source=hs_email
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff