www.winnerplay2019.com Open in urlscan Pro
143.204.214.10  Malicious Activity! Public Scan

URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Submission: On December 28 via api from BE

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 16 HTTP transactions. The main IP is 143.204.214.10, located in Seattle, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.winnerplay2019.com.
TLS certificate: Issued by Amazon on September 3rd 2019. Valid for: a year.
This is the only time www.winnerplay2019.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Tracking (Transportation)

Domain & IP information

IP Address AS Autonomous System
13 143.204.214.10 16509 (AMAZON-02)
1 2606:4700:30:... 13335 (CLOUDFLAR...)
2 188.42.160.79 35415 (WEBZILLA)
16 3
Domain Requested by
13 www.winnerplay2019.com www.winnerplay2019.com
2 my.rtmark.net www.winnerplay2019.com
1 country.yepshare.com www.winnerplay2019.com
16 3

This site contains no links.

Subject Issuer Validity Valid
*.winnerplay2019.com
Amazon
2019-09-03 -
2020-10-03
a year crt.sh
sni189508.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-08-20 -
2020-02-26
6 months crt.sh
my.rtmark.net
Let's Encrypt Authority X3
2019-12-09 -
2020-03-08
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Frame ID: 5FCA9650162415280FF667EB8341459E
Requests: 16 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
  • headers server /^AmazonS3$/i

Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i

Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

16
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

89 kB
Transfer

220 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.html
www.winnerplay2019.com/lt/multi/contest2/
14 KB
4 KB
Document
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8262af88328f79655920973f71f6d4a63c76e6b1adc0f2150896fe147860e951

Request headers

:method
GET
:authority
www.winnerplay2019.com
:scheme
https
:path
/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
content-type
text/html
last-modified
Wed, 20 Nov 2019 09:22:32 GMT
x-amz-version-id
JWVHlCq3Cqffom6Qgh6feD2MF53va7Jg
server
AmazonS3
content-encoding
gzip
date
Fri, 27 Dec 2019 21:31:57 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
Z4SHVQUZJrGjry75wFIhtEohtOIMMwO7dDq4cfScJaV8g8i3U4ufuw==
age
60610
styles.css
www.winnerplay2019.com/lt/multi/contest2/
32 KB
7 KB
Stylesheet
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/styles.css
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9158aae36be2004065168737f90058bf7ec534ac4d6c3b932e9b3c955c9efdd3

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
gGnY4dKUWk7gJkljVAVtzfkU0dIpHaH_
content-encoding
gzip
last-modified
Thu, 14 Nov 2019 12:52:46 GMT
server
AmazonS3
age
57066
date
Fri, 27 Dec 2019 22:31:02 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
4okFRA5NgckHJKQVQ6jH7qTfRcJfhrZXzf04qCRx9a3o2Pe_Akcmhg==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
modernizr.min.js
www.winnerplay2019.com/lt/multi/contest2/
11 KB
5 KB
Script
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/modernizr.min.js
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
jzkaVfscpVHY2E2U1LgIldHvMCA5LAuL
content-encoding
gzip
last-modified
Mon, 16 Sep 2019 13:58:29 GMT
server
AmazonS3
age
60610
date
Fri, 27 Dec 2019 21:31:58 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
swKSB-4wAVLmf8XKQKlg6FlPN1IqNGM2uPZ9P9g_qeiytJiXM9eehw==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
logo.svg
www.winnerplay2019.com/lt/multi/contest2/
922 B
1 KB
Image
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/logo.svg
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
192c954608ecc1bc65823d4e08f66d316492e233391808aadcde1d1c84020ca1

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
4s1.yjPV7zthJgbIHmVlsfxRJy0fH1J1
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
last-modified
Mon, 16 Sep 2019 13:58:29 GMT
server
AmazonS3
age
60609
etag
"b2c9bb76885227103d1d75769500d665"
x-cache
Hit from cloudfront
content-type
image/svg+xml
status
200
date
Fri, 27 Dec 2019 21:31:59 GMT
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
922
x-amz-cf-id
iYtmU4n9Mkk4gr1ePZYbVDC0tbUHrA-OR1EB83WYITHNz8ZfZcD09w==
icon-box.svg
www.winnerplay2019.com/lt/multi/contest2/
1 KB
829 B
Image
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/icon-box.svg
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
62f7ef6281d5e0db3f14298ca3707ee3a9f61d1ee85ac5fa5dade011eafb32e9

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
Nu3xC.7Jl2JMqYtiLYPTiGNaYhEuYZ7_
content-encoding
gzip
last-modified
Mon, 16 Sep 2019 13:58:28 GMT
server
AmazonS3
age
14950
date
Sat, 28 Dec 2019 10:12:58 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
B2rpE4vToxnpkkBhtyHupLHXUHbgZs5NGpA-EnPkxLe6nzrx0GlabA==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
s10plus-11.png
www.winnerplay2019.com/lt/multi/contest2/
19 KB
20 KB
Image
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/s10plus-11.png
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dbd8f7277d64322d3339639ada60d7c0dcb2999e683823dae814239af4e0dec8

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
6.2IM0jyBpP7DPVQWvXiKEfpAupY1rR9
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
last-modified
Mon, 16 Sep 2019 13:58:29 GMT
server
AmazonS3
age
57065
etag
"852e8b56ca8731b7629d3b56fef9687a"
x-cache
Hit from cloudfront
content-type
image/png
status
200
date
Fri, 27 Dec 2019 22:31:02 GMT
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
19662
x-amz-cf-id
l8VR227jjGD0syuaJY1Iz_0sQwNfY_Pz5AFxd8MfIZeWq9uH9tBSxA==
foot-icon01.svg
www.winnerplay2019.com/lt/multi/contest2/
8 KB
3 KB
Image
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/foot-icon01.svg
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
72b5508eefd5a9c85c53de4e82c9e8821dea88160cddd36d31644506c1cbfa13

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
vPZ.5Q6bn1msBMiw7atmx3.FXIcUtjuj
content-encoding
gzip
last-modified
Mon, 16 Sep 2019 13:58:30 GMT
server
AmazonS3
age
14949
date
Sat, 28 Dec 2019 10:12:58 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
rCC0sJoYOsihwW41lRFZuBhPtpsaGnrs05tgnG3-kuVjWcMjfEyvWA==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
foot-icon02.svg
www.winnerplay2019.com/lt/multi/contest2/
4 KB
2 KB
Image
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/foot-icon02.svg
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
00b79e96e2324306f897649364907340e7d6ed2199bd7cd928cc2bec37d7c287

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
1Btbadpe.Ai4ygyLHw4kdaXu2IJHMwSJ
content-encoding
gzip
last-modified
Mon, 16 Sep 2019 13:58:30 GMT
server
AmazonS3
age
13869
date
Sat, 28 Dec 2019 10:30:59 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
312CztGScicNhOV45Dc3DkXcQZgKbfxwHzWjGUc58eHFfpv2iNYi1w==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
foot-icon03.svg
www.winnerplay2019.com/lt/multi/contest2/
4 KB
2 KB
Image
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/foot-icon03.svg
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3263bb41c37e93568aa88421e753f4247c809c3dc7b8e21c701c966d16eee5b0

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
X_Wjo80PKFR_D5d6CZ9FXpp8IIt0ApIc
content-encoding
gzip
last-modified
Mon, 16 Sep 2019 13:58:28 GMT
server
AmazonS3
age
14949
date
Sat, 28 Dec 2019 10:12:58 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
EBbzQhdBnsi19H42SERym4qPlZPnRbnXNvtF9Bls69ilUKrbL_uH1w==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
jquery-latest.min.js
www.winnerplay2019.com/lt/multi/contest2/
94 KB
33 KB
Script
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/jquery-latest.min.js
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
L91HvgEjep2ILcjRTX4AkgSIPLyQTb3x
content-encoding
gzip
last-modified
Mon, 16 Sep 2019 13:58:29 GMT
server
AmazonS3
age
23655
date
Sat, 28 Dec 2019 07:47:53 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
fYmpUb-m1JrLeNTA4NwF_hQfNcQ6bSO5IplxwZ0n-zfpSovXrKFRgg==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
svg4everybody.min.js
www.winnerplay2019.com/lt/multi/contest2/
2 KB
1 KB
Script
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/svg4everybody.min.js
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f07f6a30a14463d06d1e492211b5a9291ee684f2a6d2c792363721297208e9fb

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
4d.pyq86_n_LKA0mInsNut_7WpuRq4SR
content-encoding
gzip
last-modified
Mon, 16 Sep 2019 13:58:30 GMT
server
AmazonS3
age
60610
date
Fri, 27 Dec 2019 21:31:58 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
1qRNd0NDemNeGZAFM3F22Wb0F6a8GjWWey87Ra0J4JKze_7EI_jHgw==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
country
country.yepshare.com/geoip/
534 B
888 B
Script
General
Full URL
https://country.yepshare.com/geoip/country?callback=get_geoip
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:570b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
de72b9c1416240a92928c1cec2e7b119e8b8122bedf295ba69c8ef0ac5ca0b4f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Dec 2019 14:22:07 GMT
via
1.1 varnish
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-fastly-country
DE
age
417
x-powered-by
Express
x-cache
HIT
status
200
content-encoding
br
x-served-by
cache-fra19168-FRA
server
cloudflare
x-timer
S1577542928.907235,VS0,VE0
etag
W/"216-5gHsBaW4YbK89wOAIo5Yq+xcb8A"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-cloudflare-country
DE
cf-ray
54c42f435b9bd6b9-FRA
access-control-allow-headers
X-Requested-With
x-cache-hits
2
p.js
my.rtmark.net/
709 B
1 KB
Script
General
Full URL
https://my.rtmark.net/p.js?f=sync&lr=1&partner=6ec4dd9b6c2415c7516714d098675141f7c59ec2bad694d3ad5a6660f0429f30
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
188.42.160.79 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash
8f2b9d8e6a6693d72b792e927a08beef4c78263f95d5fddc158b4cbb9d5718dc
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 14:22:07 GMT
X-Content-Type-Options
nosniff
Server
nginx
Strict-Transport-Security
max-age=1
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Authorization
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*, *
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
Content-Length
709
icons.svg
www.winnerplay2019.com/lt/multi/contest2/
28 KB
7 KB
Other
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/icons.svg
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f53b34ae730ede9ff78b6fbbedbf1aaff98ac97bb51ec0d29a282d6e5d410b5f

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
UDRb0S5yqBc4yFAYk8oxZG7LuOHBDl6v
content-encoding
gzip
last-modified
Wed, 20 Feb 2019 12:32:18 GMT
server
AmazonS3
age
30300
date
Sat, 28 Dec 2019 05:57:08 GMT
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
text/html
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
iIreqy6_luHTYcGs6D80Pa2PLXcB5NWSaET3SAB1KpFfmkpWLYlMqg==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
img.gif
my.rtmark.net/
43 B
707 B
Image
General
Full URL
https://my.rtmark.net/img.gif?f=sync&partner=6ec4dd9b6c2415c7516714d098675141f7c59ec2bad694d3ad5a6660f0429f30&ttl=&rurl=
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
188.42.160.79 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 14:22:07 GMT
X-Content-Type-Options
nosniff
Server
nginx
Strict-Transport-Security
max-age=1
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
image/gif
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Authorization
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*, *
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
Content-Length
43
en.json
www.winnerplay2019.com/lt/multi/contest2/lng/
2 KB
1 KB
XHR
General
Full URL
https://www.winnerplay2019.com/lt/multi/contest2/lng/en.json
Requested by
Host: www.winnerplay2019.com
URL: https://www.winnerplay2019.com/lt/multi/contest2/jquery-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-10.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4f759603b6f2f0dd5ea495e9f10c4e2dbea0c17cf2c1c4469e6012ede311d562

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
Ba5NAfqc55UzsQLwtH_S.Mym2omkC.yr
content-encoding
gzip
last-modified
Wed, 02 Oct 2019 14:50:04 GMT
server
AmazonS3
age
43400
date
Sat, 28 Dec 2019 02:18:48 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
Evo_IYXXuCRdx98b-kobE3MeZgqOvNEGN_6JVY0i1nq_Rb3OGWrliw==
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Tracking (Transportation)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| html5 object| Modernizr function| $ function| jQuery function| svg4everybody object| jQuery11110909746804701808 boolean| changed_title function| _10fn4h4386 string| country string| code string| continent string| lg function| get_geoip

0 Cookies

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4(Line 428)
Message:
EU