Submitted URL: http://ppc.netnet44.net:1080/508.html
Effective URL: http://lp.nightrush.com/DE/welcome/1405/
Submission: On July 17 via manual from US

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 20 HTTP transactions. The main IP is 94.130.106.52, located in Ukraine and belongs to HETZNER-AS, DE. The main domain is lp.nightrush.com.
This is the only time lp.nightrush.com was scanned on urlscan.io!

urlscan.io Verdict: No classification


Live information

Domain & IP information

IP Address AS Autonomous System
1 1 192.200.20.17 53889 (MICFO)
8 94.130.106.52 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 205.185.208.52 20446 (HIGHWINDS3)
1 205.185.216.10 20446 (HIGHWINDS3)
1 40.68.208.131 8075 (MICROSOFT...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 205.185.216.42 20446 (HIGHWINDS3)
20 10
Domain Requested by
8 lp.nightrush.com lp.nightrush.com
3 fonts.gstatic.com lp.nightrush.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 stats.g.doubleclick.net lp.nightrush.com
1 authorisation.mga.org.mt lp.nightrush.com
1 static.hotjar.com lp.nightrush.com
1 code.jquery.com lp.nightrush.com
1 fonts.googleapis.com lp.nightrush.com
1 www.googletagmanager.com lp.nightrush.com
1 ppc.netnet44.net 1 redirects
20 12

This site contains links to these domains. Also see Links.

Domain
wlnightrush.adsrv.eacdn.com
Subject Issuer Validity Valid
www.authorisation.mga.org.mt
DigiCert SHA2 Secure Server CA
2015-12-04 -
2018-12-12
3 years crt.sh
*.hotjar.com
Let's Encrypt Authority X3
2018-05-24 -
2018-08-22
3 months crt.sh

This page contains 3 frames:

Primary Page: http://lp.nightrush.com/DE/welcome/1405/
Frame ID: E8387B83910A91C5E2B4100FDA43EBD7
Requests: 18 HTTP requests in this frame

Frame: https://authorisation.mga.org.mt/handlers/seal-of-authorisation.aspx?company=0e2c8c9b-bab1-46ff-9317-5cdc696da1f8&lang=en&fullDetails=0&size=10
Frame ID: 5F8C5D550FA342012A2BD9E339C7140C
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
Frame ID: 5F196FF52733947F57D21402A3D1EA97
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://ppc.netnet44.net:1080/508.html HTTP 302
    http://lp.nightrush.com/DE/welcome/1405/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i

Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i

Overall confidence: 100%
Detected patterns
  • script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

20
Requests

10 %
HTTPS

45 %
IPv6

10
Domains

12
Subdomains

10
IPs

4
Countries

631 kB
Transfer

1178 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ppc.netnet44.net:1080/508.html HTTP 302
    http://lp.nightrush.com/DE/welcome/1405/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=312612766&t=pageview&_s=1&dl=http%3A%2F%2Flp.nightrush.com%2FDE%2Fwelcome%2F1405%2F&ul=en-us&de=UTF-8&dt=NightRush%20Willkommensbonus-Paket%20%E2%82%AC1000&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1220436797&gjid=1394815934&cid=207032389.1531852882&tid=UA-107352757-2&_gid=537381749.1531852882&_r=1&gtm=u6t&z=1940549024 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-107352757-2&cid=207032389.1531852882&jid=1220436797&_gid=537381749.1531852882&gjid=1394815934&_v=j68&z=1940549024

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
lp.nightrush.com/DE/welcome/1405/
Redirect Chain
  • http://ppc.netnet44.net:1080/508.html
  • http://lp.nightrush.com/DE/welcome/1405/
7 KB
8 KB
Document

Request headers

Host
lp.nightrush.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E8387B83910A91C5E2B4100FDA43EBD7

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified
Wed, 20 Jun 2018 11:43:35 GMT
ETag
"1cb4-56f114f0e07c0"
Accept-Ranges
bytes
Content-Length
7348
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Server
nginx
Date
Tue, 17 Jul 2018 18:41:21 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
nxshe=hWgsADgAAgALAAs7Tlv__ws7TltAAAEAAAALO05bMTAAAgASAAs7Tlv__ws7TlsA; expires=Wed, 17-Jul-2019 18:52:59 GMT; path=/; domain=ppc.netnet44.net
Location
http://lp.nightrush.com/DE/welcome/1405/
js
www.googletagmanager.com/gtag/
70 KB
25 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-107352757-2
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
2a00:1450:4001:81d::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
c5b4ad840dd99a302ee1d9b214f3ff5fbe3dae7df830c1a0fa27dc7f81bfd2f5
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 17 Jul 2018 18:41:22 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
25190
x-xss-protection
1; mode=block
expires
Tue, 17 Jul 2018 18:41:22 GMT
logo.svg
lp.nightrush.com/DE/welcome/1405/img/
16 KB
16 KB
Image
General
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/logo.svg
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash
60604904a1b3815555a5e02f9ed80f2663f739601180f6d20ef2aefffebc49db

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:41 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag
"3fba-5604d0ee0e002"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
16314
style.css
lp.nightrush.com/DE/welcome/1405/css/
9 KB
10 KB
Stylesheet
General
Full URL
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash
c6d2859eca7e87474bf4190dbd2f364246fa43a4b8cc8f4b46eb7c3c122dd758

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://lp.nightrush.com/DE/welcome/1405/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:35 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag
"25f0-5604d0e7c3a62"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
9712
css
fonts.googleapis.com/
7 KB
815 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
2a00:1450:4001:81d::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
c345fc13257023a5594f0be4a3b4643774ebfcba01a95d53c7842515d500ae7c
Security Headers
Name Value
Strict-Transport-Security max-age=600
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=600
content-encoding
gzip
last-modified
Tue, 17 Jul 2018 18:41:22 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
date
Tue, 17 Jul 2018 18:41:22 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection
1; mode=block
expires
Tue, 17 Jul 2018 18:41:22 GMT
jquery-1.9.1.js
code.jquery.com/
262 KB
95 KB
Script
General
Full URL
http://code.jquery.com/jquery-1.9.1.js
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip052.ssl.hwcdn.net
Software
nginx /
Resource Hash
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Content-Encoding
gzip
Last-Modified
Fri, 24 Oct 2014 00:16:07 GMT
Server
nginx
ETag
W/"54499a47-4185d"
Vary
Accept-Encoding
X-HW
1531852882.dop011.fr8.t,1531852882.cds029.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
97176
hotjar-648366.js
static.hotjar.com/c/
2 KB
1 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-648366.js?sv=6
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
a1191a954fbdd5f5f4e43d0f22d0da13aa88814499877fe4483f0fcf06591009
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-HW
1531852882.dop008.fr8.shc,1531852882.dop008.fr8.t,1531852882.cds008.fr8.p
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=60
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
871
Cookie set seal-of-authorisation.aspx
authorisation.mga.org.mt/handlers/ Frame 5F8C
0
0
Document
General
Full URL
https://authorisation.mga.org.mt/handlers/seal-of-authorisation.aspx?company=0e2c8c9b-bab1-46ff-9317-5cdc696da1f8&lang=en&fullDetails=0&size=10
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.208.131 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash

Request headers

Host
authorisation.mga.org.mt
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E8387B83910A91C5E2B4100FDA43EBD7
Referer
http://lp.nightrush.com/DE/welcome/1405/

Response headers

Cache-Control
private
Content-Length
705
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-AspNetMvc-Version
5.2
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Set-Cookie
ARRAffinity=a9eaba4eca5735852c61311a150116b894e8aefc93311ef7163d2fffe76aa181;Path=/;HttpOnly;Domain=authorisation.mga.org.mt
Date
Tue, 17 Jul 2018 18:41:21 GMT
bg.jpg
lp.nightrush.com/DE/welcome/1405/img/
174 KB
175 KB
Image
General
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/bg.jpg
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash
ed23264dad1878d050a423cca57790d3020fc90062099df9f95cd1dc367b986e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:37 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag
"2b94b-5604d0e9c978a"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
178507
ceg-seal.png
lp.nightrush.com/DE/welcome/1405/img/
26 KB
27 KB
Image
General
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/ceg-seal.png
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash
67eb1041fbf1467e104c101749f05dc041677066f17e081ab34478cc533bfa11

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:38 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag
"69f1-5604d0ead48fa"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
27121
provider-sprite.png
lp.nightrush.com/DE/welcome/1405/img/
40 KB
41 KB
Image
General
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/provider-sprite.png?v=1
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash
800f5873ca6ca9d2b5052d862adef3ef1b526a4e42450016e213fc46095fac24

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:43 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag
"a17e-5604d0efd9f62"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
41342
payment-sprite.png
lp.nightrush.com/DE/welcome/1405/img/
29 KB
30 KB
Image
General
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/payment-sprite.png
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash
8627e01beff65b3dbddf53ee19cc04832225f7cb2d138473ebeb50ee4e6c62ed

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:42 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag
"75a9-5604d0eee516a"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
30121
header-bg.jpg
lp.nightrush.com/DE/welcome/1405/img/
84 KB
85 KB
Image
General
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/header-bg.jpg
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash
0408664eab8ed6cca8aa9924638a7afa67c0b399bfc29b8dbf4df83bc0eeb9fa

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:41 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag
"15110-5604d0ed48faa"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
86288
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
2a00:1450:4001:816::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Origin
http://lp.nightrush.com

Response headers

date
Sat, 14 Jul 2018 13:15:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:46 GMT
server
sffe
age
278743
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
8892
x-xss-protection
1; mode=block
expires
Sun, 14 Jul 2019 13:15:39 GMT
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
2a00:1450:4001:816::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
50dda9aac0fcea362bdda27ae7833240485ad5a20ccc105c1cd13ea26802a8bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Origin
http://lp.nightrush.com

Response headers

date
Sat, 14 Jul 2018 14:45:18 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:48 GMT
server
sffe
age
273364
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
8916
x-xss-protection
1; mode=block
expires
Sun, 14 Jul 2019 14:45:18 GMT
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
2a00:1450:4001:816::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Origin
http://lp.nightrush.com

Response headers

date
Sun, 15 Jul 2018 00:36:15 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:39 GMT
server
sffe
age
237907
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
8800
x-xss-protection
1; mode=block
expires
Mon, 15 Jul 2019 00:36:15 GMT
analytics.js
www.google-analytics.com/
34 KB
14 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-107352757-2
Protocol
SPDY
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 18 May 2018 01:10:24 GMT
server
Golfe2
age
1733
date
Tue, 17 Jul 2018 18:12:29 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
14386
expires
Tue, 17 Jul 2018 20:12:29 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=312612766&t=pageview&_s=1&dl=http%3A%2F%2Flp.nightrush.com%2FDE%2Fwelcome%2F1405%2F&ul=en-us&de=UTF-8&dt=NightRush%20Willkommensbonus-Paket%2...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-107352757-2&cid=207032389.1531852882&jid=1220436797&_gid=537381749.1531852882&gjid=1394815934&_v=j68&z=1940549024
35 B
102 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-107352757-2&cid=207032389.1531852882&jid=1220436797&_gid=537381749.1531852882&gjid=1394815934&_v=j68&z=1940549024
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
2a00:1450:400c:c00::9c , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 17 Jul 2018 18:41:22 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 17 Jul 2018 18:41:22 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-107352757-2&cid=207032389.1531852882&jid=1220436797&_gid=537381749.1531852882&gjid=1394815934&_v=j68&z=1940549024
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
419
expires
Fri, 01 Jan 1990 00:00:00 GMT
modules-95102011c9bc6ff7092397363e33dbfb.js
script.hotjar.com/
389 KB
78 KB
Script
General
Full URL
https://script.hotjar.com/modules-95102011c9bc6ff7092397363e33dbfb.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-648366.js?sv=6
Protocol
HTTP/1.1
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
8fe082cbf6583bd0e84c7553c77524e1b93e46d00d2f1c718ed0018f75b77787
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Jul 2018 11:39:10 GMT
ETag
"1531827550"
X-HW
1531852882.dop006.fr8.shc,1531852882.dop006.fr8.t,1531852882.cds003.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31510679
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
79652
rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
vars.hotjar.com/ Frame 5F19
0
0
Document
General
Full URL
https://vars.hotjar.com/rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-648366.js?sv=6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash

Request headers

Host
vars.hotjar.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E8387B83910A91C5E2B4100FDA43EBD7
Referer
http://lp.nightrush.com/DE/welcome/1405/

Response headers

Date
Tue, 17 Jul 2018 18:41:22 GMT
Connection
Keep-Alive
Accept-Ranges
bytes
ETag
"1527087014"
Cache-Control
max-age=26789219
Content-Encoding
gzip
Content-Length
869
Content-Type
text/html
Last-Modified
Wed, 23 May 2018 14:50:14 GMT
X-HW
1531852882.dop008.fr8.shc,1531852882.dop008.fr8.t,1531852882.cds004.fr8.c

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| hj object| _hjSettings function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga function| $ function| jQuery object| gaplugins object| gaGlobal object| gaData object| hjSiteSettings function| hjBootstrap

4 Cookies

Domain/Path Name / Value
.authorisation.mga.org.mt/ Name: ARRAffinity
Value: a9eaba4eca5735852c61311a150116b894e8aefc93311ef7163d2fffe76aa181
.nightrush.com/ Name: _gat_gtag_UA_107352757_2
Value: 1
.nightrush.com/ Name: _gid
Value: GA1.2.537381749.1531852882
.nightrush.com/ Name: _ga
Value: GA1.2.207032389.1531852882

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

authorisation.mga.org.mt
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
lp.nightrush.com
ppc.netnet44.net
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
www.google-analytics.com
www.googletagmanager.com
192.200.20.17
205.185.208.52
205.185.216.10
205.185.216.42
2a00:1450:4001:816::2003
2a00:1450:4001:816::200e
2a00:1450:4001:81d::2008
2a00:1450:4001:81d::200a
2a00:1450:400c:c00::9c
40.68.208.131
94.130.106.52
0408664eab8ed6cca8aa9924638a7afa67c0b399bfc29b8dbf4df83bc0eeb9fa
2474afced30d9f7e249ae9ca3f3c49fee54bbef880b6b130da5312833be2c4ea
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
50dda9aac0fcea362bdda27ae7833240485ad5a20ccc105c1cd13ea26802a8bd
60604904a1b3815555a5e02f9ed80f2663f739601180f6d20ef2aefffebc49db
67eb1041fbf1467e104c101749f05dc041677066f17e081ab34478cc533bfa11
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
800f5873ca6ca9d2b5052d862adef3ef1b526a4e42450016e213fc46095fac24
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8627e01beff65b3dbddf53ee19cc04832225f7cb2d138473ebeb50ee4e6c62ed
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
8fe082cbf6583bd0e84c7553c77524e1b93e46d00d2f1c718ed0018f75b77787
a1191a954fbdd5f5f4e43d0f22d0da13aa88814499877fe4483f0fcf06591009
c345fc13257023a5594f0be4a3b4643774ebfcba01a95d53c7842515d500ae7c
c5b4ad840dd99a302ee1d9b214f3ff5fbe3dae7df830c1a0fa27dc7f81bfd2f5
c6d2859eca7e87474bf4190dbd2f364246fa43a4b8cc8f4b46eb7c3c122dd758
ed23264dad1878d050a423cca57790d3020fc90062099df9f95cd1dc367b986e
fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be