takethisoffer.com
Open in
urlscan Pro
95.216.123.230
Public Scan
Submitted URL: https://www.mega-deals.mobi/prizewheel_agecheck_girl/?spin=1&lang=ar&country=dz&tracker=5kdbdejj5cxr71d8yp68swggc,14018202,5...
Effective URL: https://takethisoffer.com/win_push?click_id=20191004_9cd6aa41-e68a-11e9-92c4-e5031b3dee5d&country=dz&ctrack=1570181863.295...
Submission: On October 04 via manual from US
Effective URL: https://takethisoffer.com/win_push?click_id=20191004_9cd6aa41-e68a-11e9-92c4-e5031b3dee5d&country=dz&ctrack=1570181863.295...
Submission: On October 04 via manual from US
Summary
This website contacted 2 IPs
in 2 countries
across 3 domains to perform 9 HTTP transactions.
The main IP is 95.216.123.230, located in
Finland and
belongs to HETZNER-AS, DE.
The main domain is takethisoffer.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 2nd 2019. Valid for: 3 months.
This is the only time takethisoffer.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on September 2nd 2019. Valid for: 3 months.
This is the only time takethisoffer.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 8 | 95.216.123.228 95.216.123.228 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 2 | 95.216.123.230 95.216.123.230 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 1 | 52.209.168.28 52.209.168.28 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 9 | 2 |
8
95.216.123.228
(Finland)
ASN24940 (HETZNER-AS, DE)
PTR: static.228.123.216.95.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.228.123.216.95.clients.your-server.de
| www.mega-deals.mobi |
2
95.216.123.230
(Finland)
ASN24940 (HETZNER-AS, DE)
PTR: static.230.123.216.95.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.230.123.216.95.clients.your-server.de
| takethisoffer.com |
1
52.209.168.28
(Dublin, Ireland)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-209-168-28.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-209-168-28.eu-west-1.compute.amazonaws.com
| tr.acker.site |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
mega-deals.mobi
www.mega-deals.mobi |
156 KB |
| 2 |
takethisoffer.com
1 redirects
takethisoffer.com |
4 KB |
| 1 |
acker.site
1 redirects
tr.acker.site |
730 B |
| 9 | 3 |
| Domain | Requested by | |
|---|---|---|
| 8 | www.mega-deals.mobi |
www.mega-deals.mobi
|
| 2 | takethisoffer.com |
1 redirects
www.mega-deals.mobi
|
| 1 | tr.acker.site | 1 redirects |
| 9 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.mega-deals.mobi Let's Encrypt Authority X3 |
2019-08-02 - 2019-10-31 |
3 months | crt.sh |
| *.takethisoffer.com Let's Encrypt Authority X3 |
2019-09-02 - 2019-12-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://takethisoffer.com/win_push?click_id=20191004_9cd6aa41-e68a-11e9-92c4-e5031b3dee5d&country=dz&ctrack=1570181863.2953205587&lang=ar&media_type=mainstream&p=5947&pi=Uzo1ODAwLFNCOiosTDoxODk3MCxDOjg0NzY%3D&round=1&spin=1&tid=5kdbdejj5cxr71d8yp68swggc%2C14018202%2C5%2C5947&tracker=5kdbdejj5cxr71d8yp68swggc%2C14018202%2C5%2C5947&identified=1
Frame ID: F25D6C73CC3697F1ECCB3580046CD2BF
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.mega-deals.mobi/prizewheel_agecheck_girl/?spin=1&lang=ar&country=dz&tracker=5kdbdejj5cxr71d8... Page URL
-
https://takethisoffer.com/win_push?round=1&pi=fallback&click_id=20191004_9cd6aa41-e68a-11e9-92c4-e5031...
HTTP 302
https://tr.acker.site/tracker?source=https%3A%2F%2Ftakethisoffer.com%2Fwin_push%3Fclick_id%3D20191... HTTP 302
https://takethisoffer.com/win_push?click_id=20191004_9cd6aa41-e68a-11e9-92c4-e5031b3dee5d&country=dz&c... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.mega-deals.mobi/prizewheel_agecheck_girl/?spin=1&lang=ar&country=dz&tracker=5kdbdejj5cxr71d8yp68swggc,14018202,5,5947&tid=5kdbdejj5cxr71d8yp68swggc,14018202,5,5947&ctrack=1570181863.2953205587&media_type=mainstream&p=5947&pi=Uzo1ODAwLFNCOiosTDoxODk3MCxDOjg0NzY%3D&click_id=20191004_9cd6aa41-e68a-11e9-92c4-e5031b3dee5dhttps://www.mega-deals.mobi/prizewheel_agecheck_girl/?spin=1&lang=ar&country=dz&tracker=5kdbdejj5cxr71d8yp68swggc,14018202,5,5947&tid=5kdbdejj5cxr71d8yp68swggc,14018202,5,5947&ctrack=1570181863.2953205587&media_type=mainstream&p=5947&pi=Uzo1ODAwLFNCOiosTDoxODk3MCxDOjg0NzY%3D&click_id=20191004_9cd6aa41-e68a-11e9-92c4-e5031b3dee5d Page URL
-
https://takethisoffer.com/win_push?round=1&pi=fallback&click_id=20191004_9cd6aa41-e68a-11e9-92c4-e5031b3dee5d&country=dz&ctrack=1570181863.2953205587&lang=ar&media_type=mainstream&p=5947&pi=Uzo1ODAwLFNCOiosTDoxODk3MCxDOjg0NzY%3D&spin=1&tid=5kdbdejj5cxr71d8yp68swggc%2C14018202%2C5%2C5947&tracker=5kdbdejj5cxr71d8yp68swggc%2C14018202%2C5%2C5947
HTTP 302
https://tr.acker.site/tracker?source=https%3A%2F%2Ftakethisoffer.com%2Fwin_push%3Fclick_id%3D20191004_9cd6aa41-e68a-11e9-92c4-e5031b3dee5d%26country%3Ddz%26ctrack%3D1570181863.2953205587%26lang%3Dar%26media_type%3Dmainstream%26p%3D5947%26pi%3DUzo1ODAwLFNCOiosTDoxODk3MCxDOjg0NzY%253D%26round%3D1%26spin%3D1%26tid%3D5kdbdejj5cxr71d8yp68swggc%252C14018202%252C5%252C5947%26tracker%3D5kdbdejj5cxr71d8yp68swggc%252C14018202%252C5%252C5947&visitor_identifier=5kdbdejj5cxr71d8yp68swggc%2C14018202%2C5%2C5947 HTTP 302
https://takethisoffer.com/win_push?click_id=20191004_9cd6aa41-e68a-11e9-92c4-e5031b3dee5d&country=dz&ctrack=1570181863.2953205587&lang=ar&media_type=mainstream&p=5947&pi=Uzo1ODAwLFNCOiosTDoxODk3MCxDOjg0NzY%3D&round=1&spin=1&tid=5kdbdejj5cxr71d8yp68swggc%2C14018202%2C5%2C5947&tracker=5kdbdejj5cxr71d8yp68swggc%2C14018202%2C5%2C5947&identified=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
www.mega-deals.mobi/prizewheel_agecheck_girl/ |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app.css
www.mega-deals.mobi/css/offers/prizewheel_agecheck_girl/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
arrow.png
www.mega-deals.mobi/img/offers/agecheck/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prizewheel.jpg
www.mega-deals.mobi/img/offers/prizewheel_agecheck_girl/ |
44 KB 44 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prizewheel_border.png
www.mega-deals.mobi/img/offers/prizewheel_agecheck_girl/ |
37 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prize.png
www.mega-deals.mobi/img/offers/prizewheel_agecheck_girl/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
girl1.png
www.mega-deals.mobi/img/offers/prizewheel_agecheck_girl/ |
40 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app.js
www.mega-deals.mobi/js/offers/prizewheel_agecheck_girl/ |
27 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
win_push
takethisoffer.com/ Redirect Chain
|
20 B 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| takethisoffer.com/ | Name: SESS_TRAF Value: eyJpdiI6IkRCRlRlcmFVaEJqWTdTb2hkZ25IUFE9PSIsInZhbHVlIjoiOGM1OUVjZzZhVjg5cnMzdkN5QmZCSzZ6Wk1NeGtUaDdGMFlnN25sSzJBclI5VmkxOStQZElpM3RkV2JzVkprTjd6ZjZSMGxNZHZCODlTV05WVURHTU15cEdPRGFnVVZJXC90SDNnMHpPY0JYVGIwQnQzVWw4dFA2dnYySklSMFhIbVJPc2NKaXNKUFwvMXpNSTcrS08rMlgzUllYTkVBNFpBN1wvSzdTNXdmclZNbnlcL3M2RWt6Q2lTTUhPb2dyejZmZ2t4bUNWUGZMT2NSZFQ0em4yb2RhUm1aWWs4YXpqSSsyczl3ZWQweXdVT2NqQVpSNE1qUjZaNkxadnlUQVZNOWR3ZXNZYzFtS3FjXC9OSVA4T0Z1N3BMTW9jajFZdlhqV2w2Zk9hTHpta2s4ZFwvNzZkQStBZjJjNG5NT1N1RUcrYmFKN3hIckI4WUUxWnhYTVNxckJ6aUlyRkVWTjhBaHBkMFFxSEhqM3JCQ3BiWXp1eVoxOU1QWmpzRTdKVEhwWEQwR083VUt0VFZOV3NHd2JPdzF2ZlRQMklhRU5ZVHBONE1jRk1tbkkrQnhadEE2YzRVN3BWSzUxeGpreGlRS1lyN29qMENWM2RoOTdXYVRsV1wvSXgxRWpBPT0iLCJtYWMiOiI2NGRjMTIzYWM5YjJhNWVmZmUxZTVmZjFkZWQ3MDAzODUwOGYzNjcyMTEzYTRiMjFiNTllMTM3ZjMzZDc5OGIyIn0%3D |
|
| takethisoffer.com/ | Name: ivr_offers_session Value: eyJpdiI6InA4S1p3Z3E0OTBaZk1YUnVMdUxaTnc9PSIsInZhbHVlIjoiWUx6aGRhS2RRU3l2UUZYZEJuRlwvTFZha0hQcG5YQk5FcGhyV2RaVVwvZHNRYVdmNXRLUnNKMkJWMktpNzRzTDZGIiwibWFjIjoiMTk3MzUxZjI0Y2I4YzZmM2UwMGQzNTI4MGQ0ZDNiNjA1ODI3ZDY4NTU4YmVkYjNlYmRkMjkyMTI2Yzc2NjQ4MCJ9 |
|
| takethisoffer.com/ | Name: OZnUSeafThcbcVs5AQR0CY3LzOJLWekk9MuYmmTE Value: eyJpdiI6IlUwSGRmOE50STBHTHJ5ek9qa0RQN0E9PSIsInZhbHVlIjoiUEtlRE9nK1hHN3ZSY3QyNENodkJCR1Z4K1VubklnQk4rTmF6WkZQeDdzSkhJVWNBaHlEMG1Dc1ZSUGJiald6YUUwWmNvVDN0UTNrM0RRek9mXC9rbFwvRGZzRWEwQU9rajlWbWlBdktVNktON3NrUHNmK3VsMUNDZHFPVUVEaG5iVHU0VTZCTHpZSncrYkI2eUZEOVU5NkZVb3JkOXpTOGZWa0d1Znd0aHQ0NnJtMWpFMlNlZHdmWk85OTVXUUlrcVhhZ205bFwvUTNZWm93MGJWQVwvdGx5NkJOXC9sVGVVVVhKYjFRcDMwbzRPZklZYjgyVk80S2JoMUljOTJNbExWQUFsTlcxODN4cjVxZ3c5ZjlUWUs0dHN3cVBkNHFZZkNxRUdvQng5eURDU01kYnlKYlRNUTBSeG03M1VjOHFUK09jdmFadHhWOGZFTWR4NkdoMlY0Rk9sd2xiOEhXRUN4elNuWFMwU1FZTGw5OHA4V0FZcHo3RDlObzVBRnlydWlzbzJES1BpVWxTWFZBZG1IWlo5dmNlR2JXR0t6WCt4eEhQNW9tY1BidUxYRVhOajNMRGJJaG1uWXNZaUZxSVBnUndcL2JUR0xJQkt4ck10NnM1dEJcL3VTcU9hbkVENCs4cGtzbTFuUXhSVzk2QjhyTXROK003ZkQ4MTI0Z1lXamZ0a2xaZHpSTVJSd0JEQXRIV084WUFEaFFPM1NLcnp3MDBBS0NScW8zaHNFSmxWYkYzRWpXRlR6WjhLM2tmRmNYR214ZnFPMFwvaDUyRU5BUDFZY3ZwXC95SkI2WlFacmNKK2kyQXZ3M0lzRkIwaWJwUzB2UzBsNXcwYzZwQlpmWEdhVUMrTWtNNXpPZ1Y5ZVRUckdnVDMyWFFNM29QWWxQTkNUUmtcL3Z0YlcwdFcrWEphSWw4SkZsNk12OExFRk80M2lCbnRPQmRpNDl6Z25VTUkweGROS0FRbFl4U1BHZStiXC9iNUQ2cFlJdURFc2o0XC9JPSIsIm1hYyI6IjMyZGVjNWM5ZGQ0YjYwOWUzYjc4M2QxYTdjNjE2YzkzNDI2ZGY0NDVmNGIxMDcxYmI5ODIzOTYxMDE4ODM3ODkifQ%3D%3D |
|
| takethisoffer.com/ | Name: XSRF-TOKEN Value: eyJpdiI6Img4am1idkRpN1duQk81c2NFWkUrOUE9PSIsInZhbHVlIjoiRTY0WXRZZndTd3VwMjZYRHIrd0ZrNW8wNHN5T2hwMTJpSnRrQk80YkFFSjllNWt6cDJtMEpXRWJ4MmlTWkxiZCIsIm1hYyI6IjIyOTcxZTViNDFiOTI3OWVjOWQwYjQ0OTQwN2I5OGI4NDVhYmRmNTcyYWY4MTk0NjRlMmNhZjZiZmE5N2Q3MDUifQ%3D%3D |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
takethisoffer.com
tr.acker.site
www.mega-deals.mobi
52.209.168.28
95.216.123.228
95.216.123.230
37537f8e6266e92a743d119c0f25d44630051707824c9fd0de23eaef7bfa2c87
4d5b617d68df51339e7da28b7cdd961c6ca10a2c52281fae2c311e2f05364073
6f6d22bc35f9cc0c0282ac12c6a6abc9e84b3fa6956572f333d986725279a913
89ac33c7a314b7092f5613e430e58918788059f63923ac03bef1deeb15849292
9b944c8ca2db0150a12286fa1c8a0e5d8b032dacf5880cff219462b8b485d882
b72f2de2f30f4a59589a9b2774eeb287bacb1044d1deb34210328a42cd014929
ca5d18d970ffbe0454acb1686aafa5bb93ac585f0923e51460051edd3789ffc0