17.high-benefits.com Open in urlscan Pro
2606:4700:3030::ac43:cf70  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response 17.high-benefits.com/0203-av-desktop-centered/	20 KB 7 KB	155ms 125ms	Document text/html	2606:4700:3030::ac43:cf70 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://17.high-benefits.com/0203-av-desktop-centered/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8bf8653be9b86cc674b379a81bcf18207695fcbea650fafefda22ff49c7f61d2 Request headers :method GET :authority 17.high-benefits.com :scheme https :path /0203-av-desktop-centered/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 18 Jun 2021 05:58:14 GMT content-type text/html last-modified Thu, 17 Jun 2021 09:17:53 GMT cf-cache-status DYNAMIC cf-request-id 0abf4be08c0000c2db5e9d7000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Qx13GPT6G3tA01pSIIztzQzEmi2A79LFnOtGFJ%2BY6XM1OOVisM7Kt%2BDYvsgQUxZ%2FTBKUsZOZb2xnnt7eDeXBV28wlEM7o28YRIjZtRpV5f%2F%2FPOXa%2BT2Q27yRETAxUPxopkF%2Fv11rIZqeEYbxx4c%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 661248e0e981c2db-FRA content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET H2	200	style.css 17.high-benefits.com/0203-av-desktop-centered/css/	3 KB 1 KB	120ms 120ms	Stylesheet text/css	2606:4700:3030::ac43:cf70 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://17.high-benefits.com/0203-av-desktop-centered/css/style.css Requested by Host: 17.high-benefits.com URL: https://17.high-benefits.com/0203-av-desktop-centered/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6841d8eb4d765ac90a70bac4ac6eb7143d131b1eb7b3bb16c69ad85cac5fe8d3 Request headers :path /0203-av-desktop-centered/css/style.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority 17.high-benefits.com referer https://17.high-benefits.com/0203-av-desktop-centered/ :scheme https sec-fetch-site same-origin :method GET Referer https://17.high-benefits.com/0203-av-desktop-centered/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 18 Jun 2021 05:58:14 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Jun 2021 09:17:53 GMT server cloudflare etag W/"60cb1341-b69" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NPUkb3iBnxK20vOpXYpwyQvJn12ZM7yohdq2kiYBXRZMbZ1Yrh9B%2BZNjPigzcvNTs3wtCmo657kdt4uGrk62Zxw%2FzKgHxIDMX3QhHa7%2FseWBmEY685z7baButy5QFEbV1hgBOHGYPOd%2Byt0VwMI%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 661248e1bb04c2db-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0abf4be10f0000c2db55a12000000001
GET H2	200	a20b1e26ff1fc332122533c2df99c0a7.png d3rlh0lneatqqc.cloudfront.net/sqp-assets/	4 KB 4 KB	63ms 31ms	Image image/png	2600:9000:21f3:c600:5:5907:a500:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d3rlh0lneatqqc.cloudfront.net/sqp-assets/a20b1e26ff1fc332122533c2df99c0a7.png Requested by Host: 17.high-benefits.com URL: https://17.high-benefits.com/0203-av-desktop-centered/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:c600:5:5907:a500:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 635c644a168c62bdf5677752608e10ffeec7879ab6cca5f48d64f8e53f7877d6 Request headers Referer https://17.high-benefits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 13:40:59 GMT via 1.1 32e3b86ae254a231182567c0124af893.cloudfront.net (CloudFront) last-modified Fri, 11 Jun 2021 13:40:27 GMT server AmazonS3 age 577036 etag "5a61ff254b0669d78d39e62e41de5793" x-cache Hit from cloudfront x-amz-version-id DDNGA3EV3LtDYntWR4FgMoAWZ3SIpe.9 cache-control public, max-age=31536000 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/png content-length 4013 x-amz-cf-id IDpdK1YJ4d-Xt6YNPUtDZCyHDugwXARJv8B_rRpvCL9TShNP1DAtkA==
GET H3-29	200	jquery.min.js Show response 17.high-benefits.com/0203-av-desktop-centered/js/	94 KB 32 KB	166ms 165ms	Script application/javascript	2606:4700:3030::ac43:cf70 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://17.high-benefits.com/0203-av-desktop-centered/js/jquery.min.js Requested by Host: 17.high-benefits.com URL: https://17.high-benefits.com/0203-av-desktop-centered/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Request headers :path /0203-av-desktop-centered/js/jquery.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority 17.high-benefits.com referer https://17.high-benefits.com/0203-av-desktop-centered/ :scheme https sec-fetch-site same-origin :method GET Referer https://17.high-benefits.com/0203-av-desktop-centered/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 18 Jun 2021 05:58:14 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Jun 2021 09:17:53 GMT server cloudflare etag W/"60cb1341-1787d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=CO3CSY6%2FLbS5kIy%2F0zgK7wfRhtPTqEq1DIqOym9wuIRF62jGVliOrdPIggUTP%2FdfvE4wPtl1WB43qA0Y0sjdpq73DzACU7evcDUwXVUwLZE%2F0ZiKZ%2F%2F8R6WunTlLk6ouoW7cObOv%2FdD4Q28gGnE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 661248e21946d6b5-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0abf4be14f0000d6b576aa3000000001
GET H2	200	arrow.png d3rlh0lneatqqc.cloudfront.net/	6 KB 6 KB	14ms 14ms	Image image/png	2600:9000:21f3:c600:5:5907:a500:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d3rlh0lneatqqc.cloudfront.net/arrow.png Requested by Host: 17.high-benefits.com URL: https://17.high-benefits.com/0203-av-desktop-centered/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:c600:5:5907:a500:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 141effde5b1ea7048e38e202d32c4557a693bbbc88a24b9bbb7009780126f4e5 Request headers Referer https://17.high-benefits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 12:30:29 GMT via 1.1 32e3b86ae254a231182567c0124af893.cloudfront.net (CloudFront) last-modified Fri, 04 Jun 2021 12:35:15 GMT server AmazonS3 age 581266 etag "9d18b4f0455e7403e4e05ce70304e2ae" x-cache Hit from cloudfront x-amz-version-id zhqE28UOPg_YLxyZbbNF5.plhnvfabwQ cache-control public, max-age=31536000 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/png content-length 6044 x-amz-cf-id 4NxqZ5EZ2v5_whBjMYDMqQLM0TEJhpxyXGgxWX6WsulbIDzeG_0yJQ==
GET H3-29	200	functions.js Show response 17.high-benefits.com/	7 KB 3 KB	126ms 126ms	Script application/javascript	2606:4700:3030::ac43:cf70 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://17.high-benefits.com/functions.js Requested by Host: 17.high-benefits.com URL: https://17.high-benefits.com/0203-av-desktop-centered/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 789711910a2e15db69102eeeac9213e2052101ee35eee6819133a0366c295d68 Request headers :path /functions.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority 17.high-benefits.com referer https://17.high-benefits.com/0203-av-desktop-centered/ :scheme https sec-fetch-site same-origin :method GET Referer https://17.high-benefits.com/0203-av-desktop-centered/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 18 Jun 2021 05:58:14 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Jun 2021 09:18:33 GMT server cloudflare etag W/"60cb1369-1abb" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uc1hOkbBcXzXHSkf1QnwZuj7FQUnKpWnbcHWicrghPZ5Laincye%2B%2BJNxczcD%2FP0IZ4f6J6jcSiGdc%2FkyQvRQ1pUixmhpDiEMhPhjdBxZm6u8mllt%2FQbBdw8xw%2FNgDbULlGRkktDhGdvhnbbS%2FxM%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 661248e279fbd6b5-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0abf4be1890000d6b54431c000000001
GET H3-29	200	ml.js Show response 17.high-benefits.com/	2 KB 1 KB	129ms 129ms	Script application/javascript	2606:4700:3030::ac43:cf70 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://17.high-benefits.com/ml.js Requested by Host: 17.high-benefits.com URL: https://17.high-benefits.com/0203-av-desktop-centered/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 73878ea01a2996740c8670ce7881bed92f6f968cf7e00c4f5adbc0d45e94249a Request headers :path /ml.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority 17.high-benefits.com referer https://17.high-benefits.com/0203-av-desktop-centered/ :scheme https sec-fetch-site same-origin :method GET Referer https://17.high-benefits.com/0203-av-desktop-centered/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 18 Jun 2021 05:58:14 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Jun 2021 09:18:33 GMT server cloudflare etag W/"60cb1369-65f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ecPvr%2FOE09pY5z7dFWHeQiThO%2BBHj0QZOonwD8BjRFWcAkjaf%2Fckel2sd1cJ7d%2F92tKiXN%2BR8%2FWQFSMWY8xSLZvfdwuP4EW2XPnWm91iEImG6m71QlEUwV9jkPuEAxo6qt57%2FU%2FgYakgRozXaUY%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 661248e27a00d6b5-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0abf4be18b0000d6b577acf000000001
GET H/1.1	200 OK	unique.js Show response subscriber.pushcentric.com/	5 KB 5 KB	220ms 82ms	Script text/javascript	95.217.102.66 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://subscriber.pushcentric.com/unique.js?domain=1010:PAyUU2LJYu8ovb0ruX7Gdy3R3Ck Requested by Host: 17.high-benefits.com URL: https://17.high-benefits.com/0203-av-desktop-centered/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 95.217.102.66 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS dashboard Software nginx/1.14.0 (Ubuntu) / Resource Hash 5cb5f0ad4ad966534be4db3b5d07f62abc8f413e6a99809dfbb723fdb1a6776d Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://17.high-benefits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 18 Jun 2021 05:58:14 GMT Server nginx/1.14.0 (Ubuntu) Connection keep-alive X-Frame-Options SAMEORIGIN Content-Length 5329 Vary Cookie Content-Type text/javascript

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| BACK_BUTTON_REDIRECT_URL function| $ function| jQuery object| domains function| arrayFromRange function| isolateUsedSubDomains function| getRandomArayItem function| getCurrentLanderName function| getLanderVisitsCounter function| increaseLanderVisitCounter function| getDefaultCookieParams function| redirectToDomainRedirectEndpoint function| redirectToURLWithQS function| redirectToSubdomainWithQS function| getNextURLWithQS function| parseCookieObject function| markDomainAsUsed function| getRootDomainHost function| getSubdomain function| getCookie function| mobileRedirect function| desktopRedirect function| setCookie function| getURLParameter function| getLocationURL function| getRandomDomainByGeo function| overwriteDefaultEventHandlers object| fullSet object| domainsRecord object| availableSubDomains number| currentLanderVisitsCounter string| landerName number| currentSubdomain number| nextSubdomain string| next string| rootDomain object| domainConf object| callbackProvider function| ML object| langs object| ml string| _key string| key function| checkZero function| timer function| tapped function| css_browser_selector object| popupPointerElement string| c object| settingsProvider

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: Warning! [object HTMLTitleElement]
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: Your <span class="browser"></span> is infected with <span class="blink">(3)</span> adware viruses! [object HTMLHeadingElement]
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: These viruses cause major spam and reduce battery life. We recommend subscribing for anti-spam protection. [object HTMLHeadingElement]
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: Protect your phone now to: [object HTMLParagraphElement]
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: Eliminate all spam advertising <span class="green">instantly</span> [object HTMLParagraphElement]
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: Improve battery life: <span class="green">65%</span> [object HTMLParagraphElement]
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: Please follow these 2 simple steps: [object HTMLParagraphElement]
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: <span class="blink">Step 1:</span> Press the button below, then subscribe to 24/7 Spam Protection on the next page. [object HTMLParagraphElement]
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: <span class="blink">Step 2:</span> Run the powerful Google-approved application to instantly clear your phone from spam ads. [object HTMLParagraphElement]
console-api	log	URL: https://17.high-benefits.com/ml.js(Line 53) Message: ALLOW AND PROCEED [object HTMLButtonElement]
console-api	log	URL: https://subscriber.pushcentric.com/unique.js?domain=1010:PAyUU2LJYu8ovb0ruX7Gdy3R3Ck(Line 61) Message: Error registering SW: ReferenceError: Notification is not defined

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

17.high-benefits.com
d3rlh0lneatqqc.cloudfront.net
subscriber.pushcentric.com
2600:9000:21f3:c600:5:5907:a500:21
2606:4700:3030::ac43:cf70
95.217.102.66
141effde5b1ea7048e38e202d32c4557a693bbbc88a24b9bbb7009780126f4e5
5cb5f0ad4ad966534be4db3b5d07f62abc8f413e6a99809dfbb723fdb1a6776d
635c644a168c62bdf5677752608e10ffeec7879ab6cca5f48d64f8e53f7877d6
6841d8eb4d765ac90a70bac4ac6eb7143d131b1eb7b3bb16c69ad85cac5fe8d3
73878ea01a2996740c8670ce7881bed92f6f968cf7e00c4f5adbc0d45e94249a
789711910a2e15db69102eeeac9213e2052101ee35eee6819133a0366c295d68
8bf8653be9b86cc674b379a81bcf18207695fcbea650fafefda22ff49c7f61d2
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682