urlscan.io logo urlscan.io
SecurityTrails logo

robot.wizlink.eu Open in urlscan Pro
85.128.138.250  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://appurl.io/auw7TFkmL_
Effective URL: https://robot.wizlink.eu/wp-admin/user/fr/
Submission: On October 26 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 21 HTTP transactions. The main IP is 85.128.138.250, located in Poland and belongs to NAZWA, PL. The main domain is robot.wizlink.eu.
TLS certificate: Issued by nazwaSSL on April 28th 2023. Valid for: a year.
This is the only time robot.wizlink.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: FR Government (Government) Impots Gouv (Government)

Domain & IP information

7    2606:4700:20::ac43:4856 (United States)

ASN13335 (CLOUDFLARENET, US)
appurl.io
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
2    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
2    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
2    85.128.138.250 (Poland)

ASN15967 (NAZWA, PL)
PTR: shared-akg250.rev.nazwa.pl
robot.wizlink.eu
Apex Domain
Subdomains		 Transfer
7 appurl.io
appurl.io — Cisco Umbrella Rank: 872164
38 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
region1.google-analytics.com — Cisco Umbrella Rank: 2250
21 KB
2 wizlink.eu
robot.wizlink.eu
154 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 45
91 KB
2 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 108
185 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1183
26 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 1200
601 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 56
81 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 925
23 KB
21 9
Domain Requested by
7 appurl.io 1 redirects appurl.io
2 robot.wizlink.eu 1 redirects appurl.io
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 www.google-analytics.com appurl.io
www.google-analytics.com
2 pagead2.googlesyndication.com appurl.io
pagead2.googlesyndication.com
2 maxcdn.bootstrapcdn.com appurl.io
1 partner.googleadservices.com pagead2.googlesyndication.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com www.google-analytics.com
1 code.jquery.com appurl.io
21 10
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-24 -
2024-04-23		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
*.wizlink.eu
nazwaSSL		 2023-04-28 -
2024-04-27		 a year crt.sh

This page contains 5 frames:

Primary Page: https://robot.wizlink.eu/wp-admin/user/fr/
Frame ID: FDCB0E11B6DDC15E05625B5B1F0D2F12
Requests: 25 HTTP requests in this frame

Frame: https://appurl.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js
Frame ID: FFFF30E13D825B8873138AB671CF6726
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231024/r20190131/zrt_lookup.html
Frame ID: 1A3860237E4ABD73768C243D602E726C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6503947100737582&output=html&h=280&slotname=1787055170&adk=646328967&adf=4134371643&pi=t.ma~as.1787055170&w=660&fwrn=4&fwrnh=100&lmt=1697543950&rafmt=1&format=660x280&url=https%3A%2F%2Fappurl.io%2Fauw7TFkmL_&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698299699651&bpp=3&bdt=301&idt=291&shv=r20231024&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&correlator=6017045759501&frm=20&pv=2&ga_vid=2057092644.1698299700&ga_sid=1698299700&ga_hid=1739463333&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=470&ady=590&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078238%2C31079097%2C42531706%2C44805931%2C44806738%2C31078301%2C31079150&oid=2&pvsid=3891258996538032&tmod=2038438169&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yQqyZO4vRT&p=https%3A//appurl.io&dtd=311
Frame ID: 83F921CBEC62390FF7151E66F8142AF5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6503947100737582&output=html&adk=1812271804&adf=3025194257&lmt=1697543950&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x1080_l%7C404x1080_r&format=0x0&url=https%3A%2F%2Fappurl.io%2Fauw7TFkmL_&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698299699670&bpp=4&bdt=321&idt=297&shv=r20231024&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x280&nras=1&correlator=6017045759501&frm=20&pv=1&ga_vid=2057092644.1698299700&ga_sid=1698299700&ga_hid=1739463333&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078238%2C31079097%2C42531706%2C44805931%2C44806738%2C31078301%2C31079150&oid=2&pvsid=3891258996538032&tmod=2038438169&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=307
Frame ID: FA3E4C244CEAA051830D839B5DAC2142
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Particuliers | authentification

Page URL History Show full URLs

  1. https://appurl.io/auw7TFkmL_ Page URL
  2. https://robot.wizlink.eu/wp-admin/user/fr HTTP 301
    https://robot.wizlink.eu/wp-admin/user/fr/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

86 %
HTTPS

90 %
IPv6

9
Domains

10
Subdomains

11
IPs

3
Countries

732 kB
Transfer

2073 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://appurl.io/auw7TFkmL_ Page URL
  2. https://robot.wizlink.eu/wp-admin/user/fr HTTP 301
    https://robot.wizlink.eu/wp-admin/user/fr/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://appurl.io/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://appurl.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
auw7TFkmL_
appurl.io/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://appurl.io/auw7TFkmL_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4856 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c245fae747440763be2c5279d1dfb5fd1ec4476bb16d16a4f7e76e81513c1b87

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

cache-control
max-age=60
cf-cache-status
DYNAMIC
cf-ray
81c0729f2868040f-CDG
content-encoding
br
content-type
text/html
date
Thu, 26 Oct 2023 05:54:59 GMT
last-modified
Tue, 17 Oct 2023 13:59:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gTCmEbIRvUcn7t7eJDc5tOKV%2Bud%2BWYoybdKm8sB%2FrbH6XbqvkxaeH45QRZcgJqp%2BDyRKPPw1yEChvYy1RVHx8mcI6bXn98dSza3B9m9n%2B8LyxDZlobkDkW211345O%2BK7CUI5ZL%2BUCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 71fab3812d3ca29aef88f4dc095b47da.cloudfront.net (CloudFront)
x-amz-cf-id
YeplhCHn0zHSW_DxDn7uWIWtn3M-iQLLgWbyBruAYI_Hgb5oqqdJAQ==
x-amz-cf-pop
CDG50-C1
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
GOBJS00T.d13vgArjnZGXq81XMxVZHAW
x-cache
RefreshHit from cloudfront
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by
Host: appurl.io
URL: https://appurl.io/auw7TFkmL_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
1073
age
20148534
cdn-cachedat
12/25/2022 15:18:49
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"ec3bb52a00e176a7181d454dffaea219"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
a861247b0714121d267aeedd0fbf7d9c
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
81c072a14b9d2a1b-CDG
cdn-requestpullsuccess
True
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/ 		26 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
Requested by
Host: appurl.io
URL: https://appurl.io/auw7TFkmL_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
946
age
25363725
cdn-cachedat
07/16/2022 17:19:38
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"0831cba6a670e405168b84aa20798347"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
6d37eafbfe3bcd69abe0a05b1db36756
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
81c072a14b9e2a1b-CDG
cdn-requestpullsuccess
True
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: appurl.io
URL: https://appurl.io/auw7TFkmL_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f874cec39877cac448596961e63dee6bdcc5ca1e4f3696fab15bf0aa654096e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51359
x-xss-protection
0
server
cafe
etag
7966933704877627977
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 26 Oct 2023 05:54:59 GMT
appurl-logo.png
appurl.io/images/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://appurl.io/images/appurl-logo.png
Requested by
Host: appurl.io
URL: https://appurl.io/auw7TFkmL_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4856 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0cca353da10587986b5da53a4ed0391880809af5c1101f3047b5fc5e3383742

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/auw7TFkmL_
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
via
1.1 343bfbd831f62ab698056c2ca0efaabc.cloudfront.net (CloudFront)
x-amz-version-id
7yXkJHZznTRQiEpUtdjqKx4EVy7qQMwS
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
341
x-amz-cf-pop
CDG50-C1
cf-polished
origFmt=png, origSize=25721
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="appurl-logo.webp"
content-length
23746
cf-bgj
imgq:85,h2pri
last-modified
Wed, 08 Dec 2021 22:04:29 GMT
server
cloudflare
etag
"85b2e8868db81fa9a39b35a70edc31e0"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ajUhPyoQn7aYU0e1vGeuVKSrUZ2%2FNzDY5%2BWAe%2FUgJGhXARzamt1BPbqYnNoDL20LNBkmxkpIEd1LApw%2Fab9y5KRs8qaP8N26%2BxnM7YujRW0w9tUfqdOzTIFiUkofja9%2FplCOLSmqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
81c072a0f9c7040f-CDG
x-amz-cf-id
kpxi_WVs7rJlXZd3wOeMETgndAMD7Rz0TvncdgkI7wNGUq5wlKNYog==
jquery-3.1.1.slim.min.js
code.jquery.com/ 		68 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.1.1.slim.min.js
Requested by
Host: appurl.io
URL: https://appurl.io/auw7TFkmL_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fd222b36abfc87a406283b8da0b180e22adeb7e9327ac0a41c6cd5514574b217

Request headers

Referer
https://appurl.io/
Origin
https://appurl.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
3499081
x-cache
HIT, HIT
content-length
23709
x-served-by
cache-lga21978-LGA, cache-lcy-eglc8600036-LCY
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1698299699.406367,VS0,VE0
etag
W/"28feccc0-10ebd"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
33, 374
ua-parser-min.js
appurl.io/javascripts/vendor/min/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appurl.io/javascripts/vendor/min/ua-parser-min.js
Requested by
Host: appurl.io
URL: https://appurl.io/auw7TFkmL_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4856 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4a1e8dfe89632088e1ec8147765e5a1faf08f7414ede4c9f3cce701f8b85b2f

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/auw7TFkmL_
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
x-amz-version-id
null
via
1.1 9a3c643f228eb943137621235dabf790.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
MXP64-P1
age
342
content-encoding
br
x-cache
Hit from cloudfront
last-modified
Mon, 07 Nov 2016 12:40:40 GMT
server
cloudflare
etag
W/"bb04355ce387383532230a11c09091aa"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bBYT1K6LSHFE9LJxVVIBYN46MgdkQeFYkQsrzDXqV86jiGvKja5%2F2EBrDzNjBJDtaWpwzf%2BfR1LozSruNN1CDntp0dvbtM9L1FyRnJilinyX5%2BCjXOouexB0zMC3lwcZLaoY9qTPoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
81c072a13a0d040f-CDG
x-amz-cf-id
FfrLsGX9k9143CJLKwGoVneaix2LQbXiuHvFTeVZTcS5YhSqix9RNw==
redirect-min.js
appurl.io/javascripts/min/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appurl.io/javascripts/min/redirect-min.js?version=1.0.0.1697551149440
Requested by
Host: appurl.io
URL: https://appurl.io/auw7TFkmL_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4856 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e41a7428c89d172ea125c6b0bd7a3e04250d8a949f82a4dd7d8f84586192aa8

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/auw7TFkmL_
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
x-amz-version-id
9M7B3iVhOibLRAgQIfsmO4Iy653N6J.p
via
1.1 4c636d1acba4193747390c896124ffcc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
CDG50-C1
age
1535
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 01 Feb 2021 01:26:50 GMT
server
cloudflare
etag
W/"10bb0164a9f84b027874e3f0efbe4b45"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nZFIJRLPCSe1NqCiJXHZb1YL4V19Jftl723HMSVJ%2Buwv8WGde1qIrqDA%2FcqBXySyI00JPH9%2BuCPTmpznwT7J%2F%2BIoSD3sZA5IoDh7DoCuZU9A1x1zzLiq7w5lSgdQLhbj39iVq4rd1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
81c072a16a3a040f-CDG
x-amz-cf-id
HY-HZm7ZPQiB3mSt9TiICD1oopzq3f0zR6a9_1Tj6On05xBcrbL2FQ==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: appurl.io
URL: https://appurl.io/auw7TFkmL_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 26 Oct 2023 05:49:42 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
317
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 26 Oct 2023 07:49:42 GMT
main.js
appurl.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/ Frame FFFF
Redirect Chain
  • https://appurl.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://appurl.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appurl.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js
Requested by
Host: appurl.io
URL: https://appurl.io/auw7TFkmL_
Protocol
H2
Server
2606:4700:20::ac43:4856 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3f556ef6e908463122266657eccb55cdd68858e72062612a5d79721f26d3075
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HTWXfg752d9zRVTsFkbQILDH53AeyUW%2BKW7z6t3es5lMRN3mIbTUiW9mUAOqYQk4v46%2Bh3i82zplGOfx%2FYKvOyFMZYTpRCgNQ3Hd8eMn1BmJZMZ%2FHa79LSNOBMdFAiHY1xYroXvMRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
81c072a1ea9a040f-CDG

Redirect headers

date
Thu, 26 Oct 2023 05:54:59 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sJQAF1Eu%2BCL0uNWiegJI%2BArnQQj2xFduNkqE%2FarjXgtB%2FcMDGljhg7fPkbW7%2Bcg87gUGU0eM4vlqjBgnfggCQgsB9EEOKfLHpSXdGyk1AQx3NVKbTlQ8Bk9nacIxs%2BYMbWC4W%2B%2BNrw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js
cache-control
max-age=300, public
cf-ray
81c072a1ba88040f-CDG
81c0729f2868040f
appurl.io/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame FFFF 		0
454 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://appurl.io/cdn-cgi/challenge-platform/h/g/jsd/r/81c0729f2868040f
Requested by
Host: appurl.io
URL: https://appurl.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4856 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
81c072a2bb35040f-CDG
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EkBt1uZO6x9umesDezRvNeIsXZXMulp7W0A5VVImXH67PHo2pNqlv%2F3i%2FmUk89CHccdifFi5ixp0qMAcr0Bwao26CK%2FGU9pQqngZTVo%2BTkDJibmP%2BWGgNLvf%2BNoNUnMWZp101kRaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
collect
www.google-analytics.com/j/ 		15 B
217 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1739463333&t=pageview&_s=1&dl=https%3A%2F%2Fappurl.io%2Fauw7TFkmL_&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAACAAI~&jid=227755586&gjid=636851871&cid=2057092644.1698299700&tid=UA-1416913-22&_gid=1340652637.1698299700&_r=1&_slc=1&z=1768170525
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
f8e703adf731c76be52f8ed94756940446a493cfb92f14a5432c33db5b2a7a36
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://appurl.io/
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 26 Oct 2023 05:54:59 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://appurl.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/ 		395 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6503947100737582&plah=appurl.io&bust=31079150
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4c098eb7b04a74d41d9f506019cfcca51ed507766e0424e7afc775386c9ca260
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137223
x-xss-protection
0
server
cafe
etag
14369889881995414833
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 26 Oct 2023 05:54:59 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20231024/r20190131/ Frame 1A38 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231024/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://appurl.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

age
9261
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4480
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 26 Oct 2023 03:20:38 GMT
etag
4569948109300706969
expires
Thu, 09 Nov 2023 03:20:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
js
www.googletagmanager.com/gtag/ 		229 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-L4PYPET04L&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2da06ac5b29bc868a7a290076e3e73410ea826b11f9c3e3094d03a4f3e4dc7bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:54:59 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
82962
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 26 Oct 2023 05:54:59 GMT
collect
region1.google-analytics.com/g/ 		0
250 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-L4PYPET04L&gtm=45je3an0v9135398817&_p=1739463333&gcd=11l1l1l1l2&ul=en-us&sr=1600x1200&cid=2057092644.1698299700&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fappurl.io%2Fauw7TFkmL_&sid=1698299699&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L4PYPET04L&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Oct 2023 05:54:59 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://appurl.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ 		385 B
601 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=appurl.io&callback=_gfp_s_&client=ca-pub-6503947100737582
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6503947100737582&plah=appurl.io&bust=31079150
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
46873d99058145c1aeeba1f5d8044e868aeca30908be59b1ac8907f91b021555
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://appurl.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 05:55:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
250
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 83F9 		0
0
ads
googleads.g.doubleclick.net/pagead/ Frame FA3E 		394 KB
87 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6503947100737582&output=html&adk=1812271804&adf=3025194257&lmt=1697543950&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x1080_l%7C404x1080_r&format=0x0&url=https%3A%2F%2Fappurl.io%2Fauw7TFkmL_&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698299699670&bpp=4&bdt=321&idt=297&shv=r20231024&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x280&nras=1&correlator=6017045759501&frm=20&pv=1&ga_vid=2057092644.1698299700&ga_sid=1698299700&ga_hid=1739463333&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078238%2C31079097%2C42531706%2C44805931%2C44806738%2C31078301%2C31079150&oid=2&pvsid=3891258996538032&tmod=2038438169&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=307
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6503947100737582&plah=appurl.io&bust=31079150
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://appurl.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
88411
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 26 Oct 2023 05:55:00 GMT
expires
Thu, 26 Oct 2023 05:55:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
Primary Request /
robot.wizlink.eu/wp-admin/user/fr/
Redirect Chain
  • https://robot.wizlink.eu/wp-admin/user/fr
  • https://robot.wizlink.eu/wp-admin/user/fr/
423 KB
154 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://robot.wizlink.eu/wp-admin/user/fr/
Requested by
Host: appurl.io
URL: https://appurl.io/javascripts/min/redirect-min.js?version=1.0.0.1697551149440
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.128.138.250 , Poland, ASN15967 (NAZWA, PL),
Reverse DNS
shared-akg250.rev.nazwa.pl
Software
Apache/2 /
Resource Hash
fbfbeba2efbe209c8b67b37fdc325b572d728eb77ce7d1084e25fe15f489e744

Request headers

Referer
https://appurl.io/auw7TFkmL_
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 26 Oct 2023 05:55:00 GMT
server
Apache/2
vary
Accept-Encoding
x-cdn-nazwa.pl-location
AMS
x-cdn-nazwa.pl-policyused
cdn=disabled

Redirect headers

content-length
250
content-type
text/html; charset=iso-8859-1
date
Thu, 26 Oct 2023 05:55:00 GMT
location
https://robot.wizlink.eu/wp-admin/user/fr/
server
Apache/2
x-cdn-nazwa.pl-location
AMS
x-cdn-nazwa.pl-policyused
cdn=disabled
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/ 		0
0
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfcae6bf0ca22253e333881e0bf7eb42d14057eb00024a5bd19943b04cbb95ec

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f38f88db94a67b5fcc8f90965a6623a509e35cb81b6b252f0c9d7fdd29ff1a88

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2be11b4cf348ebdb13674d8cf0d1938df9c71f0f64fb0fb70fa08ed40830f684

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
434c00e8f522092a173a70f7f6e95747cf8c2b75328bdf76c6ed1e4b2039cbbc

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
880cbec4f5672334414f9b979a09ad51f7158c92a694bbabfc8a83538c8e0e2e

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		18 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0284492d7ed7c4b3aa4caddde43e07d08cccc51bc25b11c8d20d515d3769d55a

Request headers

Referer
Origin
https://robot.wizlink.eu
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
text/plain
truncated
/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
254798574aeb4e94ef4b45f271e804f0b63eb45def80468d9af516213ebe13dd

Request headers

Referer
Origin
https://robot.wizlink.eu
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
application/x-font-woff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
googleads.g.doubleclick.net
URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6503947100737582&output=html&h=280&slotname=1787055170&adk=646328967&adf=4134371643&pi=t.ma~as.1787055170&w=660&fwrn=4&fwrnh=100&lmt=1697543950&rafmt=1&format=660x280&url=https%3A%2F%2Fappurl.io%2Fauw7TFkmL_&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698299699651&bpp=3&bdt=301&idt=291&shv=r20231024&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&correlator=6017045759501&frm=20&pv=2&ga_vid=2057092644.1698299700&ga_sid=1698299700&ga_hid=1739463333&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=470&ady=590&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078238%2C31079097%2C42531706%2C44805931%2C44806738%2C31078301%2C31079150&oid=2&pvsid=3891258996538032&tmod=2038438169&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yQqyZO4vRT&p=https%3A//appurl.io&dtd=311
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/reactive_library_fy2021.js?bust=31079150

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: FR Government (Government) Impots Gouv (Government)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 function| savepage_ShadowLoader function| validateAndLimit

8 Cookies

Domain/Path Name / Value
.appurl.io/ Name: _ga
Value: GA1.2.2057092644.1698299700
.appurl.io/ Name: _gid
Value: GA1.2.1340652637.1698299700
.appurl.io/ Name: _gat
Value: 1
.appurl.io/ Name: cf_clearance
Value: snA9jxPbLpT8paJ1L6LH2bkCQtI7ETsGAxo76LR1iwU-1698299699-0-1-8f693055.977ce856.d8686fb5-0.2.1698299699
.appurl.io/ Name: _ga_L4PYPET04L
Value: GS1.2.1698299699.1.0.1698299699.0.0.0
.appurl.io/ Name: __gads
Value: ID=bc6fa4ca496c53bf-2270e1ff0de30068:T=1698299700:RT=1698299700:S=ALNI_MYabz34SKRLoWTx0T3A0jt6VuopkA
.appurl.io/ Name: __gpi
Value: UID=00000d9ca59451c4:T=1698299700:RT=1698299700:S=ALNI_Ma8pnnPsoJ1RE_PEropSqbIGeQVKw
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

appurl.io
code.jquery.com
googleads.g.doubleclick.net
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
partner.googleadservices.com
region1.google-analytics.com
robot.wizlink.eu
www.google-analytics.com
www.googletagmanager.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
2001:4860:4802:32::36
2606:4700:20::ac43:4856
2606:4700::6812:bcf
2a00:1450:4001:803::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:811::2002
2a00:1450:4001:827::2008
2a00:1450:4001:831::200e
2a04:4e42:200::649
85.128.138.250
0284492d7ed7c4b3aa4caddde43e07d08cccc51bc25b11c8d20d515d3769d55a
254798574aeb4e94ef4b45f271e804f0b63eb45def80468d9af516213ebe13dd
2be11b4cf348ebdb13674d8cf0d1938df9c71f0f64fb0fb70fa08ed40830f684
2da06ac5b29bc868a7a290076e3e73410ea826b11f9c3e3094d03a4f3e4dc7bc
434c00e8f522092a173a70f7f6e95747cf8c2b75328bdf76c6ed1e4b2039cbbc
46873d99058145c1aeeba1f5d8044e868aeca30908be59b1ac8907f91b021555
4c098eb7b04a74d41d9f506019cfcca51ed507766e0424e7afc775386c9ca260
5e41a7428c89d172ea125c6b0bd7a3e04250d8a949f82a4dd7d8f84586192aa8
880cbec4f5672334414f9b979a09ad51f7158c92a694bbabfc8a83538c8e0e2e
90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
a3f556ef6e908463122266657eccb55cdd68858e72062612a5d79721f26d3075
ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001
c245fae747440763be2c5279d1dfb5fd1ec4476bb16d16a4f7e76e81513c1b87
c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfcae6bf0ca22253e333881e0bf7eb42d14057eb00024a5bd19943b04cbb95ec
e0cca353da10587986b5da53a4ed0391880809af5c1101f3047b5fc5e3383742
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a1e8dfe89632088e1ec8147765e5a1faf08f7414ede4c9f3cce701f8b85b2f
f38f88db94a67b5fcc8f90965a6623a509e35cb81b6b252f0c9d7fdd29ff1a88
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
f874cec39877cac448596961e63dee6bdcc5ca1e4f3696fab15bf0aa654096e9
f8e703adf731c76be52f8ed94756940446a493cfb92f14a5432c33db5b2a7a36
fbfbeba2efbe209c8b67b37fdc325b572d728eb77ce7d1084e25fe15f489e744
fd222b36abfc87a406283b8da0b180e22adeb7e9327ac0a41c6cd5514574b217