en.50kaweek.online Open in urlscan Pro
54.37.79.146 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/2J7BDM0?YFBl
Effective URL:
https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Submission: On June 01 via manual (June 1st 2018, 12:25:20 pm UTC) from US

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 16 domains to perform 21 HTTP transactions. The main IP is 54.37.79.146, located in Woodbridge, United States and belongs to OVH, FR. The main domain is en.50kaweek.online.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 31st 2018. Valid for: 3 months.

This is the only time en.50kaweek.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.11 67.199.248.11	395224 (BITLY-AS) (BITLY-AS - Bitly Inc)
2 2	199.188.200.13 199.188.200.13	22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap)
1 1	34.213.241.93 34.213.241.93	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	52.40.128.8 52.40.128.8	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	185.170.147.229 185.170.147.229	34934 (UKFAST) (UKFAST)
1 1	54.37.76.79 54.37.76.79	16276 (OVH) (OVH)
1 8	54.37.79.146 54.37.79.146	16276 (OVH) (OVH)
3	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
3	104.19.195.151 104.19.195.151	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	216.58.207.72 216.58.207.72	15169 (GOOGLE) (GOOGLE - Google LLC)
1	216.58.207.74 216.58.207.74	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.21.227 172.217.21.227	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	172.217.21.238 172.217.21.238	15169 (GOOGLE) (GOOGLE - Google LLC)
1	173.194.76.155 173.194.76.155	15169 (GOOGLE) (GOOGLE - Google LLC)
2	172.217.22.78 172.217.22.78	15169 (GOOGLE) (GOOGLE - Google LLC)
1	216.58.207.78 216.58.207.78	15169 (GOOGLE) (GOOGLE - Google LLC)
21	11

1 67.199.248.11 (United States) 1 redirects

ASN395224 (BITLY-AS - Bitly Inc, US)

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.188.200.13 (Los Angeles, United States) 2 redirects

ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium40-5.web-hosting.com

zenmaker.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.213.241.93 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-213-241-93.us-west-2.compute.amazonaws.com

jamtraxme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.40.128.8 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-40-128-8.us-west-2.compute.amazonaws.com

jbrotrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.170.147.229 (United Kingdom) 1 redirects

ASN34934 (UKFAST, GB)

jsanfran25.500awik.cpa.clicksure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.37.76.79 (Woodbridge, United States) 1 redirects

ASN16276 (OVH, FR)
PTR: 79.ip-54-37-76.eu

ai-redirect.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.37.79.146 (Woodbridge, United States) 1 redirects

ASN16276 (OVH, FR)
PTR: ip-54-37-79.eu

en.50kaweek.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.19.195.151 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.207.72 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.207.74 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.227 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.21.238 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f238.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.76.155 (Portage, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ws-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.22.78 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s17-in-f78.1e100.net

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.207.78 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f14.1e100.net

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	50kaweek.online 1 redirects en.50kaweek.online	204 KB
3	cloudflare.com cdnjs.cloudflare.com	41 KB
3	bootstrapcdn.com maxcdn.bootstrapcdn.com	92 KB
2	youtube.com www.youtube.com	1 KB
2	google-analytics.com 1 redirects www.google-analytics.com	14 KB
2	zenmaker.network 2 redirects zenmaker.network	421 B
1	ytimg.com s.ytimg.com	8 KB
1	doubleclick.net stats.g.doubleclick.net	102 B
1	gstatic.com fonts.gstatic.com	30 KB
1	googleapis.com fonts.googleapis.com	330 B
1	googletagmanager.com www.googletagmanager.com	29 KB
1	ai-redirect.me 1 redirects ai-redirect.me	183 B
1	clicksure.com 1 redirects jsanfran25.500awik.cpa.clicksure.com	1 KB
1	jbrotrk.com 1 redirects jbrotrk.com	692 B
1	jamtraxme.com 1 redirects jamtraxme.com	242 B
1	bit.ly 1 redirects bit.ly	424 B
21	16

	Domain	Requested by
8	en.50kaweek.online	1 redirects en.50kaweek.online
3	cdnjs.cloudflare.com	en.50kaweek.online
3	maxcdn.bootstrapcdn.com	en.50kaweek.online
2	www.youtube.com	en.50kaweek.online s.ytimg.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	zenmaker.network	2 redirects
1	s.ytimg.com	www.youtube.com
1	stats.g.doubleclick.net	en.50kaweek.online
1	fonts.gstatic.com	en.50kaweek.online
1	fonts.googleapis.com	en.50kaweek.online
1	www.googletagmanager.com	en.50kaweek.online
1	ai-redirect.me	1 redirects
1	jsanfran25.500awik.cpa.clicksure.com	1 redirects
1	jbrotrk.com	1 redirects
1	jamtraxme.com	1 redirects
1	bit.ly	1 redirects
21	16

This site contains no links.

Subject Issuer	Validity	Valid
en.50kaweek.online Let's Encrypt Authority X3	`2018-05-31` - `2018-08-29`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2018-05-15` - `2018-08-07`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Frame ID: 6D4C948C9EA3E07CE7241EBA281656F1
Requests: 21 HTTP requests in this frame

Frame: https://www.youtube.com/embed/?controls=1&rel=0&showinfo=0&mute=true&enablejsapi=1&origin=https%3A%2F%2Fen.50kaweek.online&widgetid=1
Frame ID: 901D94021849545CD90A7A7272F3A8FA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bit.ly/2J7BDM0?YFBl HTTP 301
http://zenmaker.network/?yHwvlI HTTP 302
http://zenmaker.network/indexa.php HTTP 302
http://jamtraxme.com/?a=1019&c=1414&s1=mail HTTP 302
http://jbrotrk.com/?a=1019&c=1414&s1=mail&ckmguid=c72efade-5b7e-46b2-88fa-bf92bff702ba HTTP 302
http://jsanfran25.500awik.cpa.clicksure.com/ HTTP 302
http://ai-redirect.me/JB0kO?a=6920&o=3726&s=1122432294 HTTP 302
http://en.50kaweek.online/?a=6920&o=3726&s=1122432294 HTTP 302
https://en.50kaweek.online/?a=6920&o=3726&s=1122432294 Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

21
Requests

38 %
HTTPS

0 %
IPv6

16
Domains

16
Subdomains

11
IPs

2
Countries

418 kB
Transfer

1249 kB
Size

13
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/2J7BDM0?YFBl HTTP 301
http://zenmaker.network/?yHwvlI HTTP 302
http://zenmaker.network/indexa.php HTTP 302
http://jamtraxme.com/?a=1019&c=1414&s1=mail HTTP 302
http://jbrotrk.com/?a=1019&c=1414&s1=mail&ckmguid=c72efade-5b7e-46b2-88fa-bf92bff702ba HTTP 302
http://jsanfran25.500awik.cpa.clicksure.com/ HTTP 302
http://ai-redirect.me/JB0kO?a=6920&o=3726&s=1122432294 HTTP 302
http://en.50kaweek.online/?a=6920&o=3726&s=1122432294 HTTP 302
https://en.50kaweek.online/?a=6920&o=3726&s=1122432294 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://www.google-analytics.com/r/collect?v=1&_v=j68&a=189952724&t=pageview&_s=1&dl=https%3A%2F%2Fen.50kaweek.online%2F%3Fa%3D6920%26o%3D3726%26s%3D1122432294&ul=en-us&de=UTF-8&dt=en.50kaweek.online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAAB~&jid=2017949459&gjid=231709627&cid=1606110517.1527855909&tid=UA-80184432-1&_gid=1598469981.1527855909&_r=1&gtm=G5oWFBL9N7&z=1968977603 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80184432-1&cid=1606110517.1527855909&jid=2017949459&_gid=1598469981.1527855909&gjid=231709627&_v=j68&z=1968977603

21 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
en.50kaweek.online/
Redirect Chain

https://bit.ly/2J7BDM0?YFBl
http://zenmaker.network/?yHwvlI
http://zenmaker.network/indexa.php
http://jamtraxme.com/?a=1019&c=1414&s1=mail
http://jbrotrk.com/?a=1019&c=1414&s1=mail&ckmguid=c72efade-5b7e-46b2-88fa-bf92bff702ba
http://jsanfran25.500awik.cpa.clicksure.com/
http://ai-redirect.me/JB0kO?a=6920&o=3726&s=1122432294
http://en.50kaweek.online/?a=6920&o=3726&s=1122432294
https://en.50kaweek.online/?a=6920&o=3726&s=1122432294

6 KB
2 KB

43ms
15ms

Document
text/html

54.37.79.146
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.79.146 Woodbridge, United States, ASN16276 (OVH, FR),
Reverse DNS: ip-54-37-79.eu
Software: nginx /
Resource Hash: 22161a17e0342b8ddb508a65a0557f1452b0e84c5bef4e0d64cad8735f366d57

Request headers

Host: en.50kaweek.online
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 6D4C948C9EA3E07CE7241EBA281656F1

Response headers

Server: nginx
Date: Fri, 01 Jun 2018 12:25:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"5b0feec6-1719"
X-Geo: DE
Content-Encoding: gzip

Redirect headers

Cache-Control: no-cache
Content-length: 0
Location: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Connection: close

GET
H/1.1 200
OK bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ 118 KB
20 KB 43ms
10ms Stylesheet
text/css 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
Requested by: Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 01 Jun 2018 12:25:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Feb 2018 05:57:55 GMT
Connection: Keep-Alive
ETag: "1519106275"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Accept-Ranges: bytes
Content-Length: 19747

GET
H/1.1 200
OK font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
7 KB 42ms
9ms Stylesheet
text/css 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Requested by: Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 01 Jun 2018 12:25:08 GMT
Content-Encoding: gzip
Last-Modified: Sat, 17 Feb 2018 21:46:17 GMT
Connection: Keep-Alive
ETag: "1518903977"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Accept-Ranges: bytes
Content-Length: 6241

GET
H/1.1 200
OK layout_50kweek.css
en.50kaweek.online/css/ 24 KB
4 KB 24ms
12ms Stylesheet
text/css 54.37.79.146
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://en.50kaweek.online/css/layout_50kweek.css
Requested by: Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.79.146 Woodbridge, United States, ASN16276 (OVH, FR),
Reverse DNS: ip-54-37-79.eu
Software: nginx /
Resource Hash: 13aa38e65146a1734db1726539ef7fa2129e69772171d03f230a8812cc757828

Request headers

Accept: text/css,*/*;q=0.1
Pragma: no-cache
Connection: keep-alive
Accept-Encoding: gzip, deflate
Host: en.50kaweek.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma: public
Date: Fri, 01 Jun 2018 12:25:08 GMT
Content-Encoding: gzip
Server: nginx
ETag: W/"5b0feedd-614a"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=21600 public
Transfer-Encoding: chunked
Expires: Fri, 01 Jun 2018 18:25:08 GMT

GET
H/1.1 200
OK app.js Show response
en.50kaweek.online/js/ 579 KB
141 KB 50ms
17ms Script
application/javascript 54.37.79.146
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://en.50kaweek.online/js/app.js
Requested by: Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.79.146 Woodbridge, United States, ASN16276 (OVH, FR),
Reverse DNS: ip-54-37-79.eu
Software: nginx /
Resource Hash: e23cca7e03476a9230883dbd4ded1d1b4ef3d8c062ee6f0cd7fad8c102059068

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: en.50kaweek.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: */*
Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Connection: keep-alive
Cache-Control: no-cache
Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma: public
Date: Fri, 01 Jun 2018 12:25:08 GMT
Content-Encoding: gzip
Server: nginx
ETag: W/"5b0feef2-90d28"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=21600 public
Transfer-Encoding: chunked
Expires: Fri, 01 Jun 2018 18:25:08 GMT

GET
S 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 63ms
15ms Script
application/javascript 104.19.195.151
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294

Protocol

SPDY

Server

104.19.195.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 01 Jun 2018 12:25:08 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2016 14:42:33 GMT
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 4241a9469b452348-FRA
expires: Wed, 22 May 2019 12:25:08 GMT

GET
S 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.1/ 2 KB
1 KB 65ms
17ms Script
application/javascript 104.19.195.151
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.1/js.cookie.min.js

Requested by

Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294

Protocol

SPDY

Server

104.19.195.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b56586ccc2a08b1ce24f1c198bd68743e94a0bc2d5bb78a195fe9dc421c77131

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 01 Jun 2018 12:25:08 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2016 14:42:34 GMT
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-security-policy-report-only: default-src https: data: wss: 'unsafe-eval' 'unsafe-inline'; report-uri https://cdnjs.cloudflare.com/cdn-cgi/beacon/csp?req_id=4241a9469b462348
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 4241a9469b462348-FRA
expires: Wed, 22 May 2019 12:25:08 GMT

GET
S 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/ 36 KB
10 KB 83ms
35ms Script
application/javascript 104.19.195.151
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js

Requested by

Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294

Protocol

SPDY

Server

104.19.195.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 01 Jun 2018 12:25:08 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 26 Jul 2016 07:16:08 GMT
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 4241a9469b472348-FRA
expires: Wed, 22 May 2019 12:25:08 GMT

GET
S 200 gtm.js Show response
www.googletagmanager.com/ 125 KB
29 KB 21ms
20ms Script
application/javascript 216.58.207.72
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WFBL9N7

Requested by

Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294

Protocol

SPDY

Server

216.58.207.72 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f8.1e100.net

Software

Google Tag Manager (scaffolding) /

Resource Hash

dce9519416c10e2bb0409807cf927280199c891dee5155ce0d2d8b3b3fea49da

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 01 Jun 2018 12:25:08 GMT
content-encoding: gzip
server: Google Tag Manager (scaffolding)
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 29386
x-xss-protection: 1; mode=block
expires: Fri, 01 Jun 2018 12:25:08 GMT

GET
S 200 css
fonts.googleapis.com/ 474 B
330 B 18ms
18ms Stylesheet
text/css 216.58.207.74
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Rajdhani:400,700&subset=latin,latin-ext

Requested by

Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294

Protocol

SPDY

Server

216.58.207.74 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f10.1e100.net

Software

ESF /

Resource Hash

467bc074ef4ba9ffc97b678b9b59251e607fc7d400f7f0a9b01d6c8cc98b937e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 01 Jun 2018 12:25:08 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
expires: Fri, 01 Jun 2018 12:25:08 GMT

GET
H/1.1 200
OK bgBluePattern.png
en.50kaweek.online/images/ 27 KB
27 KB 11ms
10ms Image
image/png 54.37.79.146
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://en.50kaweek.online/images/bgBluePattern.png
Requested by: Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.79.146 Woodbridge, United States, ASN16276 (OVH, FR),
Reverse DNS: ip-54-37-79.eu
Software: nginx /
Resource Hash: fe6468e53a8521e2795b2a4d0918fbcc44e620179069ec4e4ca45bea253bef85

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: en.50kaweek.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://en.50kaweek.online/css/layout_50kweek.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://en.50kaweek.online/css/layout_50kweek.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma: public
Date: Fri, 01 Jun 2018 12:25:08 GMT
Last-Modified: Thu, 31 May 2018 12:48:58 GMT
Server: nginx
ETag: "5b0fef3a-6c74"
Content-Type: image/png
Cache-Control: max-age=2507030 public
Accept-Ranges: bytes
Content-Length: 27764
Expires: Sat, 30 Jun 2018 12:48:58 GMT

GET
H/1.1 200
OK formPattern.png
en.50kaweek.online/images/ 958 B
1 KB 11ms
11ms Image
image/png 54.37.79.146
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://en.50kaweek.online/images/formPattern.png
Requested by: Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.79.146 Woodbridge, United States, ASN16276 (OVH, FR),
Reverse DNS: ip-54-37-79.eu
Software: nginx /
Resource Hash: 1045300bee15c28d5a98bf1a9ee88eea8d188a7c07ad5a86b48050dfe9b1d89f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: en.50kaweek.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://en.50kaweek.online/css/layout_50kweek.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://en.50kaweek.online/css/layout_50kweek.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma: public
Date: Fri, 01 Jun 2018 12:25:08 GMT
Last-Modified: Thu, 31 May 2018 12:48:58 GMT
Server: nginx
ETag: "5b0fef3a-3be"
Content-Type: image/png
Cache-Control: max-age=2507030 public
Accept-Ranges: bytes
Content-Length: 958
Expires: Sat, 30 Jun 2018 12:48:58 GMT

GET
H/1.1 200
OK videoBg.png
en.50kaweek.online/images/ 20 KB
20 KB 26ms
13ms Image
image/png 54.37.79.146
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://en.50kaweek.online/images/videoBg.png
Requested by: Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.79.146 Woodbridge, United States, ASN16276 (OVH, FR),
Reverse DNS: ip-54-37-79.eu
Software: nginx /
Resource Hash: 4b98d0ae0bee1ab393622be0f9c7edc2a4d84f89ab0786e4e7d76874f0d08564

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: en.50kaweek.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://en.50kaweek.online/css/layout_50kweek.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://en.50kaweek.online/css/layout_50kweek.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma: public
Date: Fri, 01 Jun 2018 12:25:09 GMT
Last-Modified: Thu, 31 May 2018 12:48:58 GMT
Server: nginx
ETag: "5b0fef3a-5030"
Content-Type: image/png
Cache-Control: max-age=2507029 public
Accept-Ranges: bytes
Content-Length: 20528
Expires: Sat, 30 Jun 2018 12:48:58 GMT

GET
H/1.1 200
OK freeAccessStripe.png
en.50kaweek.online/images/ 6 KB
6 KB 20ms
8ms Image
image/png 54.37.79.146
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://en.50kaweek.online/images/freeAccessStripe.png
Requested by: Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.37.79.146 Woodbridge, United States, ASN16276 (OVH, FR),
Reverse DNS: ip-54-37-79.eu
Software: nginx /
Resource Hash: b0a23ca17305ef42cf90037aefd2877a312bd437b1c6d7415f23e86cf3f999e5

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: en.50kaweek.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://en.50kaweek.online/css/layout_50kweek.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://en.50kaweek.online/css/layout_50kweek.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma: public
Date: Fri, 01 Jun 2018 12:25:09 GMT
Last-Modified: Thu, 31 May 2018 12:48:58 GMT
Server: nginx
ETag: "5b0fef3a-1890"
Content-Type: image/png
Cache-Control: max-age=2507029 public
Accept-Ranges: bytes
Content-Length: 6288
Expires: Sat, 30 Jun 2018 12:48:58 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ 65 KB
65 KB 36ms
20ms Font
application/font-woff2 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by: Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
Protocol: HTTP/1.1
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Origin: https://en.50kaweek.online

Response headers

Date: Fri, 01 Jun 2018 12:25:09 GMT
Content-Encoding: gzip
Last-Modified: Sat, 17 Feb 2018 21:46:23 GMT
Connection: Keep-Alive
ETag: "1518903983"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Accept-Ranges: bytes
Content-Length: 66632

GET
S 200 LDI2apCSOBg7S-QT7pa8FvOleeI.ttf
fonts.gstatic.com/s/rajdhani/v7/ 70 KB
30 KB 9ms
9ms Font
font/ttf 172.217.21.227
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rajdhani/v7/LDI2apCSOBg7S-QT7pa8FvOleeI.ttf

Requested by

Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294

Protocol

SPDY

Server

172.217.21.227 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f3.1e100.net

Software

sffe /

Resource Hash

66e4fe51ab191d871d798815101978b58539444236cf1ba2581342dd8c861c13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Rajdhani:400,700&subset=latin,latin-ext
Origin: https://en.50kaweek.online

Response headers

date: Thu, 24 May 2018 19:36:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 665297
status: 200
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 30757
x-xss-protection: 1; mode=block
last-modified: Tue, 10 Oct 2017 23:12:47 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 May 2019 19:36:51 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ 34 KB
14 KB 8ms
7ms Script
text/javascript 172.217.21.238
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WFBL9N7

Protocol

SPDY

Server

172.217.21.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f238.1e100.net

Software

Golfe2 /

Resource Hash

3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 18 May 2018 01:10:24 GMT
server: Golfe2
age: 6124
date: Fri, 01 Jun 2018 10:43:05 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 14386
expires: Fri, 01 Jun 2018 12:43:05 GMT

GET
S

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j68&a=189952724&t=pageview&_s=1&dl=https%3A%2F%2Fen.50kaweek.online%2F%3Fa%3D6920%26o%3D3726%26s%3D1122432294&ul=en-us&de=UTF-8&dt=en.50kaweek.onli...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80184432-1&cid=1606110517.1527855909&jid=2017949459&_gid=1598469981.1527855909&gjid=231709627&_v=j68&z=1968977603

35 B
102 B

15ms
14ms

Image
image/gif

173.194.76.155
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80184432-1&cid=1606110517.1527855909&jid=2017949459&_gid=1598469981.1527855909&gjid=231709627&_v=j68&z=1968977603

Requested by

Host: en.50kaweek.online
URL: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294

Protocol

SPDY

Server

173.194.76.155 Portage, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

ws-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 01 Jun 2018 12:25:09 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Jun 2018 12:25:09 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80184432-1&cid=1606110517.1527855909&jid=2017949459&_gid=1598469981.1527855909&gjid=231709627&_v=j68&z=1968977603
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 419
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 44ms
21ms Script
application/javascript 172.217.22.78
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: en.50kaweek.online
URL: https://en.50kaweek.online/js/app.js

Protocol

SPDY

Server

172.217.22.78 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f78.1e100.net

Software

YouTube Frontend Proxy /

Resource Hash

be54c985cc5600c1bb5f6d421492bea1ffca8e762bbf47a732ea26de9e7b0159

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube

Request headers

Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 01 Jun 2018 12:25:09 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 859
x-xss-protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
expires: Tue, 27 Apr 1971 19:44:06 EST

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53a38379592286cea290cd5315d36768edf6640aff3169573517fe82541e5a0a

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
S 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/ 20 KB
8 KB 31ms
6ms Script
text/javascript 216.58.207.78
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

SPDY

Server

216.58.207.78 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f14.1e100.net

Software

sffe /

Resource Hash

a599232b27762d0deef401c854b6c5f7f9f7b69c63a22fdf36b99bac156946fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Tue, 29 May 2018 00:44:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 301219
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 7696
x-xss-protection: 1; mode=block
last-modified: Sat, 26 May 2018 06:49:46 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Wed, 06 Jun 2018 00:44:50 GMT

GET
H2 200 /
www.youtube.com/embed/ Frame 901D 0
0 50ms
49ms Document
text/html 172.217.22.78
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/?controls=1&rel=0&showinfo=0&mute=true&enablejsapi=1&origin=https%3A%2F%2Fen.50kaweek.online&widgetid=1

Requested by

Host: s.ytimg.com
URL: https://s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/www-widgetapi.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.78 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f78.1e100.net

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/?controls=1&rel=0&showinfo=0&mute=true&enablejsapi=1&origin=https%3A%2F%2Fen.50kaweek.online&widgetid=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 6D4C948C9EA3E07CE7241EBA281656F1
Referer: https://en.50kaweek.online/?a=6920&o=3726&s=1122432294

Response headers

status: 200
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
content-type: text/html; charset=utf-8
expires: Tue, 27 Apr 1971 19:44:06 EST
cache-control: no-cache
content-encoding: gzip
strict-transport-security: max-age=31536000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
date: Fri, 01 Jun 2018 12:25:09 GMT
server: YouTube Frontend Proxy
set-cookie: VISITOR_INFO1_LIVE=sPN9dUYzGZE; path=/; domain=.youtube.com; expires=Wed, 28-Nov-2018 12:25:09 GMT; httponly GPS=1; path=/; domain=.youtube.com; expires=Fri, 01-Jun-2018 12:55:09 GMT YSC=9a_DsSY68jk; path=/; domain=.youtube.com; httponly VISITOR_INFO1_LIVE=sPN9dUYzGZE; path=/; domain=.youtube.com; expires=Wed, 28-Nov-2018 12:25:09 GMT; httponly PREF=f1=50000000; path=/; domain=.youtube.com; expires=Thu, 31-Jan-2019 00:18:09 GMT
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1970-01-18 22:14:53	Name: PREF Value: f1=50000000
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 9a_DsSY68jk
.youtube.com/	1970-01-18 20:43:27	Name: VISITOR_INFO1_LIVE Value: sPN9dUYzGZE
.en.50kaweek.online/	1970-01-18 16:25:42	Name: _gid Value: GA1.3.1598469981.1527855909
en.50kaweek.online/	1970-01-18 16:25:42	Name: lic_time_cookie Value: 1603
en.50kaweek.online/	1970-01-18 17:07:27	Name: s Value: 1122432294
en.50kaweek.online/	1970-01-18 16:25:42	Name: lic_time_helper_cookie Value: 21871
en.50kaweek.online/	1970-01-18 17:07:27	Name: o Value: 3726
.en.50kaweek.online/	1970-01-18 16:24:15	Name: _gat_UA-80184432-1 Value: 1
en.50kaweek.online/	1970-01-18 17:07:27	Name: a Value: 6920
.youtube.com/	1970-01-18 16:24:17	Name: GPS Value: 1
en.50kaweek.online/	1970-01-18 16:25:42	Name: spots_available Value: 30
.en.50kaweek.online/	1970-01-19 09:55:27	Name: _ga Value: GA1.3.1606110517.1527855909

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ai-redirect.me
bit.ly
cdnjs.cloudflare.com
en.50kaweek.online
fonts.googleapis.com
fonts.gstatic.com
jamtraxme.com
jbrotrk.com
jsanfran25.500awik.cpa.clicksure.com
maxcdn.bootstrapcdn.com
s.ytimg.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
www.youtube.com
zenmaker.network
104.19.195.151
172.217.21.227
172.217.21.238
172.217.22.78
173.194.76.155
185.170.147.229
199.188.200.13
209.197.3.15
216.58.207.72
216.58.207.74
216.58.207.78
34.213.241.93
52.40.128.8
54.37.76.79
54.37.79.146
67.199.248.11
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1045300bee15c28d5a98bf1a9ee88eea8d188a7c07ad5a86b48050dfe9b1d89f
13aa38e65146a1734db1726539ef7fa2129e69772171d03f230a8812cc757828
22161a17e0342b8ddb508a65a0557f1452b0e84c5bef4e0d64cad8735f366d57
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
467bc074ef4ba9ffc97b678b9b59251e607fc7d400f7f0a9b01d6c8cc98b937e
4b98d0ae0bee1ab393622be0f9c7edc2a4d84f89ab0786e4e7d76874f0d08564
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
53a38379592286cea290cd5315d36768edf6640aff3169573517fe82541e5a0a
66e4fe51ab191d871d798815101978b58539444236cf1ba2581342dd8c861c13
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a599232b27762d0deef401c854b6c5f7f9f7b69c63a22fdf36b99bac156946fc
b0a23ca17305ef42cf90037aefd2877a312bd437b1c6d7415f23e86cf3f999e5
b56586ccc2a08b1ce24f1c198bd68743e94a0bc2d5bb78a195fe9dc421c77131
be54c985cc5600c1bb5f6d421492bea1ffca8e762bbf47a732ea26de9e7b0159
dce9519416c10e2bb0409807cf927280199c891dee5155ce0d2d8b3b3fea49da
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e23cca7e03476a9230883dbd4ded1d1b4ef3d8c062ee6f0cd7fad8c102059068
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
fe6468e53a8521e2795b2a4d0918fbcc44e620179069ec4e4ca45bea253bef85
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

en.50kaweek.online Open in urlscan Pro 54.37.79.146 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

38 %HTTPS

0 %IPv6

16 Domains

16 Subdomains

11 IPs

2 Countries

418 kBTransfer

1249 kBSize

13 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

31 JavaScript Global Variables

13 Cookies

Indicators

en.50kaweek.online Open in urlscan Pro
54.37.79.146 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

38 %
HTTPS

0 %
IPv6

16
Domains

16
Subdomains

11
IPs

2
Countries

418 kB
Transfer

1249 kB
Size

13
Cookies

21 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!