Submitted URL: https://www.payingemails4u.com/
Effective URL: https://www.payingemails4u.com/pages/index.php?refid=
Submission: On January 27 via automatic, source certstream-suspicious

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 64.15.155.75, located in Montreal, Canada and belongs to IWEB-AS, CA. The main domain is www.payingemails4u.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 27th 2020. Valid for: 3 months.
This is the only time www.payingemails4u.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 9 64.15.155.75 32613 (IWEB-AS)
1 65.9.7.121 16509 (AMAZON-02)
1 104.245.16.111 13649 (ASN-VINS)
1 70.38.71.173 32613 (IWEB-AS)
12 5
Domain Requested by
8 www.payingemails4u.com 1 redirects www.payingemails4u.com
1 www.legitorquit.com www.payingemails4u.com
1 www.donkeymails.com www.payingemails4u.com
1 i1085.photobucket.com www.payingemails4u.com
1 payingemails4u.com 1 redirects
0 banneradvertising.adclickmedia.com Failed www.payingemails4u.com
12 6
Subject Issuer Validity Valid
payingemails4u.com
Let's Encrypt Authority X3
2020-11-27 -
2021-02-25
3 months crt.sh
photobucket.com
Amazon
2020-10-05 -
2021-11-04
a year crt.sh
donkeymails.com
cPanel, Inc. Certification Authority
2021-01-16 -
2021-04-16
3 months crt.sh
mail.legitorquit.com
R3
2020-12-20 -
2021-03-20
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.payingemails4u.com/pages/index.php?refid=
Frame ID: C6113A0F9304EF265582DB5CB88AAF34
Requests: 12 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://www.payingemails4u.com/ HTTP 302
    https://www.payingemails4u.com/pages/index.php?refid= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

83 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

252 kB
Transfer

249 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.payingemails4u.com/ HTTP 302
    https://www.payingemails4u.com/pages/index.php?refid= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://payingemails4u.com/scripts/runner.php?REDIRECT=http%3A%2F%2Fi1085.photobucket.com%2Falbums%2Fj430%2Foldamsterdampost%2Fdreammails%2Fdreammails2.gif&hash=4b08e7fb1ffc7b54d69dc1675b2eb16b HTTP 302
  • https://i1085.photobucket.com/albums/j430/oldamsterdampost/dreammails/dreammails2.gif

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set index.php
www.payingemails4u.com/pages/
Redirect Chain
  • https://www.payingemails4u.com/
  • https://www.payingemails4u.com/pages/index.php?refid=
13 KB
14 KB
Document
General
Full URL
https://www.payingemails4u.com/pages/index.php?refid=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.15.155.75 Montreal, Canada, ASN32613 (IWEB-AS, CA),
Reverse DNS
concho.maderitehosting.com
Software
Apache / PHP/5.2.17
Resource Hash
82146dbe299edcd3bacee7526cd0ea24b4e78ebcb89b6852e00ebb4df0f49c01

Request headers

Host
www.payingemails4u.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 27 Jan 2021 07:46:03 GMT
Server
Apache
X-Powered-By
PHP/5.2.17
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
autoipsec=deleted; expires=Tue, 28-Jan-2020 07:46:02 GMT; path=/; domain=.payingemails4u.com autousername=deleted; expires=Tue, 28-Jan-2020 07:46:02 GMT; path=/; domain=.payingemails4u.com autopassword=deleted; expires=Tue, 28-Jan-2020 07:46:02 GMT; path=/; domain=.payingemails4u.com domain=deleted; expires=Tue, 28-Jan-2020 07:46:02 GMT; path=/; domain=.payingemails4u.com PHPSESSID=1e4be466a1b31e5838826ea706e3b29cxnswofxhyockbzuzgfknxutkzs024603; path=/; domain=.payingemails4u.com
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html

Redirect headers

Date
Wed, 27 Jan 2021 07:46:03 GMT
Server
Apache
X-Powered-By
PHP/5.2.17
location
/pages/index.php?refid=
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
pe4u-valentine-header.jpg
www.payingemails4u.com/images/occasions/
81 KB
81 KB
Image
General
Full URL
https://www.payingemails4u.com/images/occasions/pe4u-valentine-header.jpg
Requested by
Host: www.payingemails4u.com
URL: https://www.payingemails4u.com/pages/index.php?refid=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.15.155.75 Montreal, Canada, ASN32613 (IWEB-AS, CA),
Reverse DNS
concho.maderitehosting.com
Software
Apache /
Resource Hash
33129048d48ed75aa4b7cfc8a5e3a92df9a20619eaa8a5354b77bc2e0ed3f8ec

Request headers

Referer
https://www.payingemails4u.com/pages/index.php?refid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 27 Jan 2021 07:46:03 GMT
Last-Modified
Wed, 18 Mar 2020 07:41:04 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
83116
PE4U-button.jpg
www.payingemails4u.com/images/
65 KB
65 KB
Image
General
Full URL
https://www.payingemails4u.com/images/PE4U-button.jpg
Requested by
Host: www.payingemails4u.com
URL: https://www.payingemails4u.com/pages/index.php?refid=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.15.155.75 Montreal, Canada, ASN32613 (IWEB-AS, CA),
Reverse DNS
concho.maderitehosting.com
Software
Apache /
Resource Hash
4dc0f90711511c45d8021914cb6579117aa63b72b265395c747c17554fc36605

Request headers

Referer
https://www.payingemails4u.com/pages/index.php?refid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 27 Jan 2021 07:46:03 GMT
Last-Modified
Thu, 09 Jan 2020 13:36:33 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
66192
dreammails2.gif
i1085.photobucket.com/albums/j430/oldamsterdampost/dreammails/
Redirect Chain
  • https://payingemails4u.com/scripts/runner.php?REDIRECT=http%3A%2F%2Fi1085.photobucket.com%2Falbums%2Fj430%2Foldamsterdampost%2Fdreammails%2Fdreammails2.gif&hash=4b08e7fb1ffc7b54d69dc1675b2eb16b
  • https://i1085.photobucket.com/albums/j430/oldamsterdampost/dreammails/dreammails2.gif
34 KB
34 KB
Image
General
Full URL
https://i1085.photobucket.com/albums/j430/oldamsterdampost/dreammails/dreammails2.gif
Requested by
Host: www.payingemails4u.com
URL: https://www.payingemails4u.com/pages/index.php?refid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.121 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
photobucket /
Resource Hash
0374b95800893a87b1d10ba24508513db44853abbd1348c21a91345143af2efd

Request headers

Referer
https://www.payingemails4u.com/pages/index.php?refid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 Jan 2021 07:46:05 GMT
via
1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
content-disposition
inline; filename="dreammails2.gif"
content-length
34306
x-request-id
4kCkQ3zeJVBLaQ4kimJVR
server
photobucket
vary
Accept
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600, public
access-control-allow-headers
*
x-amz-cf-id
lTG99D9aHtlEIDH6Sz6zMiKGHRaOpgNRKJ_Ck1mvDIGsPSpQKTxcPg==
expires
Wed, 27 Jan 2021 08:46:05 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 27 Jan 2021 07:46:03 GMT
Server
Apache
X-Powered-By
PHP/5.2.17
Content-Type
text/html
Location
http://i1085.photobucket.com/albums/j430/oldamsterdampost/dreammails/dreammails2.gif
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
0
Expires
Thu, 19 Nov 1981 08:52:00 GMT
banner120x60b.jpg
www.donkeymails.com/images/
9 KB
9 KB
Image
General
Full URL
https://www.donkeymails.com/images/banner120x60b.jpg
Requested by
Host: www.payingemails4u.com
URL: https://www.payingemails4u.com/pages/index.php?refid=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.245.16.111 , United States, ASN13649 (ASN-VINS, US),
Reverse DNS
ips111.ips.ch
Software
Apache /
Resource Hash
c880626eef61af754333bb307ac99675a7cd8fa436fcfd4e65c04b30efa35736

Request headers

Referer
https://www.payingemails4u.com/pages/index.php?refid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 27 Jan 2021 07:36:45 GMT
Last-Modified
Thu, 10 Dec 2009 14:23:09 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
9269
Content-Type
image/jpeg
style.css
www.payingemails4u.com/pages/
0
0

bannerrotate.cgi
banneradvertising.adclickmedia.com/cgi-bin/
0
0

cream.jpg
www.payingemails4u.com/images/
4 KB
4 KB
Image
General
Full URL
https://www.payingemails4u.com/images/cream.jpg
Requested by
Host: www.payingemails4u.com
URL: https://www.payingemails4u.com/pages/index.php?refid=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.15.155.75 Montreal, Canada, ASN32613 (IWEB-AS, CA),
Reverse DNS
concho.maderitehosting.com
Software
Apache /
Resource Hash
64f03f6da888e1b7ea668b7a172846f03d2e251100762df695361cd993ca7173

Request headers

Referer
https://www.payingemails4u.com/pages/index.php?refid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 27 Jan 2021 07:46:03 GMT
Last-Modified
Thu, 09 Jan 2020 13:06:29 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
4188
Roseglitter.gif
www.payingemails4u.com/images/NewImages/
566 B
566 B
Image
General
Full URL
https://www.payingemails4u.com/images/NewImages/Roseglitter.gif
Requested by
Host: www.payingemails4u.com
URL: https://www.payingemails4u.com/pages/index.php?refid=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.15.155.75 Montreal, Canada, ASN32613 (IWEB-AS, CA),
Reverse DNS
concho.maderitehosting.com
Software
Apache /
Resource Hash
187c1afff995e796d543594c2312ca02285cdc304b20d3b792c4c1e0ed7d7a1a

Request headers

Referer
https://www.payingemails4u.com/pages/index.php?refid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 27 Jan 2021 07:46:03 GMT
Server
Apache
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Transfer-Encoding
chunked
Content-Type
text/html
flake.png
www.payingemails4u.com/pages/falling/
4 KB
4 KB
Image
General
Full URL
https://www.payingemails4u.com/pages/falling/flake.png
Requested by
Host: www.payingemails4u.com
URL: https://www.payingemails4u.com/pages/index.php?refid=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.15.155.75 Montreal, Canada, ASN32613 (IWEB-AS, CA),
Reverse DNS
concho.maderitehosting.com
Software
Apache /
Resource Hash
31e05fe730f090b8bd4e6bbc16c30f3b5a18b38d3db4e229266870f1088b37dd

Request headers

Referer
https://www.payingemails4u.com/pages/index.php?refid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 27 Jan 2021 07:46:03 GMT
Last-Modified
Sun, 22 Dec 2019 21:57:48 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3681
heart.png
www.payingemails4u.com/pages/falling/
3 KB
3 KB
Image
General
Full URL
https://www.payingemails4u.com/pages/falling/heart.png
Requested by
Host: www.payingemails4u.com
URL: https://www.payingemails4u.com/pages/index.php?refid=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.15.155.75 Montreal, Canada, ASN32613 (IWEB-AS, CA),
Reverse DNS
concho.maderitehosting.com
Software
Apache /
Resource Hash
ca464cf5061190eefafcfcd1eec0b366c59ddd1650015c5064a47c2c9629a140

Request headers

Referer
https://www.payingemails4u.com/pages/index.php?refid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 27 Jan 2021 07:46:03 GMT
Last-Modified
Sun, 22 Dec 2019 21:40:30 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2928
badge.png
www.legitorquit.com/images/
36 KB
37 KB
Image
General
Full URL
https://www.legitorquit.com/images/badge.png
Requested by
Host: www.payingemails4u.com
URL: https://www.payingemails4u.com/pages/index.php?refid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
70.38.71.173 Montreal, Canada, ASN32613 (IWEB-AS, CA),
Reverse DNS
wichita.maderitehosting.com
Software
Apache /
Resource Hash
8969adf58bb4c050ed63818e9651f1a84f8c07cbc65f1272758d4e94aac3a40d

Request headers

Referer
https://www.payingemails4u.com/pages/index.php?refid=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 27 Jan 2021 07:46:04 GMT
Last-Modified
Mon, 20 May 2019 03:51:11 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
37360

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.payingemails4u.com
URL
http://www.payingemails4u.com/pages/style.css
Domain
banneradvertising.adclickmedia.com
URL
http://banneradvertising.adclickmedia.com/cgi-bin/bannerrotate.cgi?theherards6::68791

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| MM_reloadPage number| P function| fall object| grphcs object| Image0 object| Image1 object| Image2 object| Image3 object| Image4 object| Image5 number| Amount object| Ypos object| Xpos object| Speed object| Step object| Cstep number| ns number| ns6 string| rndPic number| WinHeight number| WinWidth number| sy number| sx

1 Cookies

Domain/Path Name / Value
.payingemails4u.com/ Name: PHPSESSID
Value: 1e4be466a1b31e5838826ea706e3b29cxnswofxhyockbzuzgfknxutkzs024603