www.winnerplay2019.com Open in urlscan Pro
143.204.214.10  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response www.winnerplay2019.com/lt/multi/contest2/	14 KB 4 KB	68ms 21ms	Document text/html	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash 8262af88328f79655920973f71f6d4a63c76e6b1adc0f2150896fe147860e951 Request headers :method GET :authority www.winnerplay2019.com :scheme https :path /lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-user ?1 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none sec-fetch-mode navigate accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-User ?1 Response headers status 200 content-type text/html last-modified Wed, 20 Nov 2019 09:22:32 GMT x-amz-version-id JWVHlCq3Cqffom6Qgh6feD2MF53va7Jg server AmazonS3 content-encoding gzip date Fri, 27 Dec 2019 21:31:57 GMT vary Accept-Encoding x-cache Hit from cloudfront via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront) x-amz-cf-pop FRA53-C1 x-amz-cf-id Z4SHVQUZJrGjry75wFIhtEohtOIMMwO7dDq4cfScJaV8g8i3U4ufuw== age 60610
GET H2	200	styles.css www.winnerplay2019.com/lt/multi/contest2/	32 KB 7 KB	22ms 21ms	Stylesheet text/css	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/styles.css Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash 9158aae36be2004065168737f90058bf7ec534ac4d6c3b932e9b3c955c9efdd3 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id gGnY4dKUWk7gJkljVAVtzfkU0dIpHaH_ content-encoding gzip last-modified Thu, 14 Nov 2019 12:52:46 GMT server AmazonS3 age 57066 date Fri, 27 Dec 2019 22:31:02 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type text/css status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id 4okFRA5NgckHJKQVQ6jH7qTfRcJfhrZXzf04qCRx9a3o2Pe_Akcmhg== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
GET H2	200	modernizr.min.js Show response www.winnerplay2019.com/lt/multi/contest2/	11 KB 5 KB	23ms 22ms	Script application/javascript	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/modernizr.min.js Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id jzkaVfscpVHY2E2U1LgIldHvMCA5LAuL content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:29 GMT server AmazonS3 age 60610 date Fri, 27 Dec 2019 21:31:58 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id swKSB-4wAVLmf8XKQKlg6FlPN1IqNGM2uPZ9P9g_qeiytJiXM9eehw== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
GET H2	200	logo.svg www.winnerplay2019.com/lt/multi/contest2/	922 B 1 KB	24ms 24ms	Image image/svg+xml	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/logo.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash 192c954608ecc1bc65823d4e08f66d316492e233391808aadcde1d1c84020ca1 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id 4s1.yjPV7zthJgbIHmVlsfxRJy0fH1J1 via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront) last-modified Mon, 16 Sep 2019 13:58:29 GMT server AmazonS3 age 60609 etag "b2c9bb76885227103d1d75769500d665" x-cache Hit from cloudfront content-type image/svg+xml status 200 date Fri, 27 Dec 2019 21:31:59 GMT x-amz-cf-pop FRA53-C1 accept-ranges bytes content-length 922 x-amz-cf-id iYtmU4n9Mkk4gr1ePZYbVDC0tbUHrA-OR1EB83WYITHNz8ZfZcD09w==
GET H2	200	icon-box.svg www.winnerplay2019.com/lt/multi/contest2/	1 KB 829 B	23ms 23ms	Image image/svg+xml	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/icon-box.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash 62f7ef6281d5e0db3f14298ca3707ee3a9f61d1ee85ac5fa5dade011eafb32e9 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id Nu3xC.7Jl2JMqYtiLYPTiGNaYhEuYZ7_ content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:28 GMT server AmazonS3 age 14950 date Sat, 28 Dec 2019 10:12:58 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id B2rpE4vToxnpkkBhtyHupLHXUHbgZs5NGpA-EnPkxLe6nzrx0GlabA== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
GET H2	200	s10plus-11.png www.winnerplay2019.com/lt/multi/contest2/	19 KB 20 KB	39ms 38ms	Image image/png	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/s10plus-11.png Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash dbd8f7277d64322d3339639ada60d7c0dcb2999e683823dae814239af4e0dec8 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id 6.2IM0jyBpP7DPVQWvXiKEfpAupY1rR9 via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront) last-modified Mon, 16 Sep 2019 13:58:29 GMT server AmazonS3 age 57065 etag "852e8b56ca8731b7629d3b56fef9687a" x-cache Hit from cloudfront content-type image/png status 200 date Fri, 27 Dec 2019 22:31:02 GMT x-amz-cf-pop FRA53-C1 accept-ranges bytes content-length 19662 x-amz-cf-id l8VR227jjGD0syuaJY1Iz_0sQwNfY_Pz5AFxd8MfIZeWq9uH9tBSxA==
GET H2	200	foot-icon01.svg www.winnerplay2019.com/lt/multi/contest2/	8 KB 3 KB	41ms 41ms	Image image/svg+xml	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/foot-icon01.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash 72b5508eefd5a9c85c53de4e82c9e8821dea88160cddd36d31644506c1cbfa13 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id vPZ.5Q6bn1msBMiw7atmx3.FXIcUtjuj content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:30 GMT server AmazonS3 age 14949 date Sat, 28 Dec 2019 10:12:58 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id rCC0sJoYOsihwW41lRFZuBhPtpsaGnrs05tgnG3-kuVjWcMjfEyvWA== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
GET H2	200	foot-icon02.svg www.winnerplay2019.com/lt/multi/contest2/	4 KB 2 KB	42ms 42ms	Image image/svg+xml	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/foot-icon02.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash 00b79e96e2324306f897649364907340e7d6ed2199bd7cd928cc2bec37d7c287 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id 1Btbadpe.Ai4ygyLHw4kdaXu2IJHMwSJ content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:30 GMT server AmazonS3 age 13869 date Sat, 28 Dec 2019 10:30:59 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id 312CztGScicNhOV45Dc3DkXcQZgKbfxwHzWjGUc58eHFfpv2iNYi1w== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
GET H2	200	foot-icon03.svg www.winnerplay2019.com/lt/multi/contest2/	4 KB 2 KB	42ms 41ms	Image image/svg+xml	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/foot-icon03.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash 3263bb41c37e93568aa88421e753f4247c809c3dc7b8e21c701c966d16eee5b0 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id X_Wjo80PKFR_D5d6CZ9FXpp8IIt0ApIc content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:28 GMT server AmazonS3 age 14949 date Sat, 28 Dec 2019 10:12:58 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id EBbzQhdBnsi19H42SERym4qPlZPnRbnXNvtF9Bls69ilUKrbL_uH1w== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
GET H2	200	jquery-latest.min.js Show response www.winnerplay2019.com/lt/multi/contest2/	94 KB 33 KB	29ms 28ms	Script application/javascript	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/jquery-latest.min.js Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id L91HvgEjep2ILcjRTX4AkgSIPLyQTb3x content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:29 GMT server AmazonS3 age 23655 date Sat, 28 Dec 2019 07:47:53 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id fYmpUb-m1JrLeNTA4NwF_hQfNcQ6bSO5IplxwZ0n-zfpSovXrKFRgg== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
GET H2	200	svg4everybody.min.js Show response www.winnerplay2019.com/lt/multi/contest2/	2 KB 1 KB	41ms 40ms	Script application/javascript	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/svg4everybody.min.js Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash f07f6a30a14463d06d1e492211b5a9291ee684f2a6d2c792363721297208e9fb Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id 4d.pyq86_n_LKA0mInsNut_7WpuRq4SR content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:30 GMT server AmazonS3 age 60610 date Fri, 27 Dec 2019 21:31:58 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id 1qRNd0NDemNeGZAFM3F22Wb0F6a8GjWWey87Ra0J4JKze_7EI_jHgw== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
GET H2	200	country Show response country.yepshare.com/geoip/	534 B 888 B	50ms 23ms	Script text/javascript	2606:4700:30::681f:570b Cloudflare
General Check archive.org Show headers Download Go to Full URL https://country.yepshare.com/geoip/country?callback=get_geoip Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:570b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Express Resource Hash de72b9c1416240a92928c1cec2e7b119e8b8122bedf295ba69c8ef0ac5ca0b4f Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 28 Dec 2019 14:22:07 GMT via 1.1 varnish x-content-type-options nosniff cf-cache-status DYNAMIC x-fastly-country DE age 417 x-powered-by Express x-cache HIT status 200 content-encoding br x-served-by cache-fra19168-FRA server cloudflare x-timer S1577542928.907235,VS0,VE0 etag W/"216-5gHsBaW4YbK89wOAIo5Yq+xcb8A" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/javascript; charset=utf-8 access-control-allow-origin * x-cloudflare-country DE cf-ray 54c42f435b9bd6b9-FRA access-control-allow-headers X-Requested-With x-cache-hits 2
GET H/1.1	200 OK	p.js Show response my.rtmark.net/	709 B 1 KB	72ms 17ms	Script text/javascript	188.42.160.79 WEBZILLA
General Check archive.org Show headers Download Go to Full URL https://my.rtmark.net/p.js?f=sync&lr=1&partner=6ec4dd9b6c2415c7516714d098675141f7c59ec2bad694d3ad5a6660f0429f30 Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 188.42.160.79 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software nginx / Resource Hash 8f2b9d8e6a6693d72b792e927a08beef4c78263f95d5fddc158b4cbb9d5718dc Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 28 Dec 2019 14:22:07 GMT X-Content-Type-Options nosniff Server nginx Strict-Transport-Security max-age=1 Access-Control-Allow-Methods POST, GET, OPTIONS, PUT, DELETE Content-Type text/javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Authorization Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin *, * Access-Control-Allow-Headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token Content-Length 709
GET H2	200	icons.svg www.winnerplay2019.com/lt/multi/contest2/	28 KB 7 KB	44ms 44ms	Other text/html	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/icons.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash f53b34ae730ede9ff78b6fbbedbf1aaff98ac97bb51ec0d29a282d6e5d410b5f Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id UDRb0S5yqBc4yFAYk8oxZG7LuOHBDl6v content-encoding gzip last-modified Wed, 20 Feb 2019 12:32:18 GMT server AmazonS3 age 30300 date Sat, 28 Dec 2019 05:57:08 GMT vary Accept-Encoding x-cache Error from cloudfront content-type text/html status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id iIreqy6_luHTYcGs6D80Pa2PLXcB5NWSaET3SAB1KpFfmkpWLYlMqg== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
GET H/1.1	200 OK	img.gif my.rtmark.net/	43 B 707 B	23ms 23ms	Image image/gif	188.42.160.79 WEBZILLA
General Check archive.org Show headers Download Go to Show image Full URL https://my.rtmark.net/img.gif?f=sync&partner=6ec4dd9b6c2415c7516714d098675141f7c59ec2bad694d3ad5a6660f0429f30&ttl=&rurl= Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 188.42.160.79 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software nginx / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 28 Dec 2019 14:22:07 GMT X-Content-Type-Options nosniff Server nginx Strict-Transport-Security max-age=1 Access-Control-Allow-Methods POST, GET, OPTIONS, PUT, DELETE Content-Type image/gif Access-Control-Allow-Origin * Access-Control-Expose-Headers Authorization Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin *, * Access-Control-Allow-Headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token Content-Length 43
GET H2	200	en.json Show response www.winnerplay2019.com/lt/multi/contest2/lng/	2 KB 1 KB	20ms 20ms	XHR application/json	143.204.214.10 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/lng/en.json Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/jquery-latest.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.214.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-214-10.fra53.r.cloudfront.net Software AmazonS3 / Resource Hash 4f759603b6f2f0dd5ea495e9f10c4e2dbea0c17cf2c1c4469e6012ede311d562 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4 X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id Ba5NAfqc55UzsQLwtH_S.Mym2omkC.yr content-encoding gzip last-modified Wed, 02 Oct 2019 14:50:04 GMT server AmazonS3 age 43400 date Sat, 28 Dec 2019 02:18:48 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type application/json status 200 x-amz-cf-pop FRA53-C1 x-amz-cf-id Evo_IYXXuCRdx98b-kobE3MeZgqOvNEGN_6JVY0i1nq_Rb3OGWrliw== via 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Tracking (Transportation)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| html5 object| Modernizr function| $ function| jQuery function| svg4everybody object| jQuery11110909746804701808 boolean| changed_title function| _10fn4h4386 string| country string| code string| continent string| lg function| get_geoip

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=s194_f32962c4(Line 428) Message: EU

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

country.yepshare.com
my.rtmark.net
www.winnerplay2019.com
143.204.214.10
188.42.160.79
2606:4700:30::681f:570b
00b79e96e2324306f897649364907340e7d6ed2199bd7cd928cc2bec37d7c287
192c954608ecc1bc65823d4e08f66d316492e233391808aadcde1d1c84020ca1
3263bb41c37e93568aa88421e753f4247c809c3dc7b8e21c701c966d16eee5b0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f759603b6f2f0dd5ea495e9f10c4e2dbea0c17cf2c1c4469e6012ede311d562
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
62f7ef6281d5e0db3f14298ca3707ee3a9f61d1ee85ac5fa5dade011eafb32e9
72b5508eefd5a9c85c53de4e82c9e8821dea88160cddd36d31644506c1cbfa13
8262af88328f79655920973f71f6d4a63c76e6b1adc0f2150896fe147860e951
8f2b9d8e6a6693d72b792e927a08beef4c78263f95d5fddc158b4cbb9d5718dc
9158aae36be2004065168737f90058bf7ec534ac4d6c3b932e9b3c955c9efdd3
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
dbd8f7277d64322d3339639ada60d7c0dcb2999e683823dae814239af4e0dec8
de72b9c1416240a92928c1cec2e7b119e8b8122bedf295ba69c8ef0ac5ca0b4f
f07f6a30a14463d06d1e492211b5a9291ee684f2a6d2c792363721297208e9fb
f53b34ae730ede9ff78b6fbbedbf1aaff98ac97bb51ec0d29a282d6e5d410b5f