urlscan.io logo urlscan.io
SecurityTrails logo

www.geheimeaffaires.com Open in urlscan Pro
35.195.88.46  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://portaldate.com/dclick?campaign_id=cm_cf1&s2=102fadf268299cd6a8c90d79095a9f&s3=34910&lb=1&oid=41097_41099
Effective URL: https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
Submission: On March 14 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 35.195.88.46, located in Ascension Island and belongs to GOOGLE, US. The main domain is www.geheimeaffaires.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 10th 2020. Valid for: 3 months.
This is the only time www.geheimeaffaires.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 159.203.171.121 14061 (DIGITALOC...)
1 138.197.59.238 14061 (DIGITALOC...)
1 1 3.217.131.181 14618 (AMAZON-AES)
5 35.195.88.46 15169 (GOOGLE)
8 3
Domain Requested by
5 www.geheimeaffaires.com www.geheimeaffaires.com
2 portaldate.com
1 trackoptimise.com 1 redirects
1 svntrk.com portaldate.com
8 4

This site contains no links.

Subject Issuer Validity Valid
svntrk.com
Sectigo RSA Domain Validation Secure Server CA		 2019-04-11 -
2020-04-21		 a year crt.sh
geheimeaffaires.com
Let's Encrypt Authority X3		 2020-02-10 -
2020-05-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
Frame ID: 7E524AC792FF2AA7ED7F2C2D8F1D0C6E
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://portaldate.com/dclick?campaign_id=cm_cf1&s2=102fadf268299cd6a8c90d79095a9f&s3=34910&lb=1&oi... Page URL
  2. http://portaldate.com/r/dmt/37db13f2-b350-49b4-bb06-7328c28607ac-4-0320 Page URL
  3. https://trackoptimise.com/?a=3016&c=64408&s1=lnahqkcemyt&s3=37db13f2-b350-49b4-bb06-7328c28607ac-4-0320 HTTP 302
    https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

8
Requests

75 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

30 kB
Transfer

108 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://portaldate.com/dclick?campaign_id=cm_cf1&s2=102fadf268299cd6a8c90d79095a9f&s3=34910&lb=1&oid=41097_41099 Page URL
  2. http://portaldate.com/r/dmt/37db13f2-b350-49b4-bb06-7328c28607ac-4-0320 Page URL
  3. https://trackoptimise.com/?a=3016&c=64408&s1=lnahqkcemyt&s3=37db13f2-b350-49b4-bb06-7328c28607ac-4-0320 HTTP 302
    https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set dclick
portaldate.com/ 		584 B
1013 B 		Document
General
Check archive.org
Download Go to
Full URL
http://portaldate.com/dclick?campaign_id=cm_cf1&s2=102fadf268299cd6a8c90d79095a9f&s3=34910&lb=1&oid=41097_41099
Protocol
HTTP/1.1
Server
159.203.171.121 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d8471c2f2dc0331814c4c62d67411df90602f7a8c93768d65f4cefc56854c710

Request headers

Host
portaldate.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.10.3 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
no-cache, private
Date
Sat, 14 Mar 2020 07:49:42 GMT
Set-Cookie
sclick_uid=64464a8d-7df3-4eca-900e-723ea2602bcf-4-0320; expires=Thu, 13-Mar-2025 07:49:41 GMT; Max-Age=157679999; path=/; httponly sclick_sid=37db13f2-b350-49b4-bb06-7328c28607ac-4-0320; expires=Sat, 14-Mar-2020 08:49:41 GMT; Max-Age=3599; path=/; httponly sclick_extras=NTE4Mjk; expires=Tue, 17-Mar-2020 07:49:42 GMT; Max-Age=259200; path=/; httponly SRVNAME=s4; path=/
Content-Encoding
gzip
analytics_d2e.js
svntrk.com/assets/ 		0
200 B 		Script
General
Check archive.org
Download Go to
Full URL
https://svntrk.com/assets/analytics_d2e.js?r=37db13f2-b350-49b4-bb06-7328c28607ac-4-0320&c=cm_cf1&p=34910&s=&s2=102fadf268299cd6a8c90d79095a9f&s5=&lbid=&lb=1&lbcid=&dmn=portaldate.com&rot=
Requested by
Host: portaldate.com
URL: http://portaldate.com/dclick?campaign_id=cm_cf1&s2=102fadf268299cd6a8c90d79095a9f&s3=34910&lb=1&oid=41097_41099
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
138.197.59.238 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Sat, 14 Mar 2020 07:49:42 GMT
Cache-Control
no-cache, private
Server
nginx/1.10.3 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=UTF-8
37db13f2-b350-49b4-bb06-7328c28607ac-4-0320
portaldate.com/r/dmt/ 		374 B
490 B 		Document
General
Check archive.org
Download Go to
Full URL
http://portaldate.com/r/dmt/37db13f2-b350-49b4-bb06-7328c28607ac-4-0320
Protocol
HTTP/1.1
Server
159.203.171.121 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
b98d22a3bdacf60a491a2887bb3c1f6ffc5780bbe85785f895afdfba16995577

Request headers

Host
portaldate.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
sclick_uid=64464a8d-7df3-4eca-900e-723ea2602bcf-4-0320; sclick_sid=37db13f2-b350-49b4-bb06-7328c28607ac-4-0320; sclick_extras=NTE4Mjk; SRVNAME=s4
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.10.3 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
no-cache, private
Date
Sat, 14 Mar 2020 07:49:42 GMT
Content-Encoding
gzip
Primary Request landing1
www.geheimeaffaires.com/
Redirect Chain
  • https://trackoptimise.com/?a=3016&c=64408&s1=lnahqkcemyt&s3=37db13f2-b350-49b4-bb06-7328c28607ac-4-0320
  • https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.195.88.46 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
46.88.195.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.2.11
Resource Hash
189eed51b28734921dc37a07527794d0736562f764f67e502e6394588ce5a85d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
www.geheimeaffaires.com
:scheme
https
:path
/landing1?cat=milf&pi=3016&pt1=2825509513
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
http://portaldate.com/r/dmt/37db13f2-b350-49b4-bb06-7328c28607ac-4-0320

Response headers

status
200
server
nginx/1.10.3 (Ubuntu)
date
Sat, 14 Mar 2020 07:49:43 GMT
content-type
text/html;charset=UTF-8
x-powered-by
PHP/7.2.11
x-host
geheimeaffaires.com
content-encoding
gzip
x-cacheable
YES
cache-control
max-age=300
vary
Accept-Encoding
x-varnish
15994036
age
0
x-cache
MISS
accept-ranges
bytes
via
1.1 varnish (Varnish/6.0), 1.1 google
alt-svc
clear
strict-transport-security
max-age=63072000;
x-content-type-options
nosniff

Redirect headers

Cache-Control
private
Content-Length
197
Content-Type
text/html; charset=utf-8
Date
Sat, 14 Mar 2020 07:49:43 GMT
Location
https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
P3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
sid=VMitiLVWmIW8I/+4Uqh4bClJhSYn3cWgJYrsh0NwiQWBSZ3LHmoVfA==; domain=.trackoptimise.com; path=/; HttpOnly trk=P+4O9Zx0yOjlCFcH91sNuSlJhSYn3cWgJYrsh0NwiQWBSZ3LHmoVfA==; domain=.trackoptimise.com; expires=Fri, 14-Mar-2025 07:49:43 GMT; path=/; HttpOnly c18047=VMitiLVWmIVOa/TDhTrfQ+AfOSIOVCWpXjp1wIq6LSEuXeR1YAL7aQ==; domain=.trackoptimise.com; expires=Mon, 13-Apr-2020 07:49:43 GMT; path=/; HttpOnly
Connection
close
landing1.css
www.geheimeaffaires.com/landers/css/ 		36 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.geheimeaffaires.com/landers/css/landing1.css
Requested by
Host: www.geheimeaffaires.com
URL: https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.195.88.46 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
46.88.195.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.2.11
Resource Hash
0dc9c08a79ce19be0a01533a03cc37976a196dfdf2390b588d7da2788d77218b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Referer
https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Sat, 14 Mar 2020 07:49:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cacheable
YES
age
0
x-powered-by
PHP/7.2.11
x-cache
HIT
status
200
x-host
geheimeaffaires.com
alt-svc
clear
content-length
4971
server
nginx/1.10.3 (Ubuntu)
strict-transport-security
max-age=63072000;
x-varnish
15592250 12729578
via
1.1 varnish (Varnish/6.0), 1.1 google
vary
Accept-Encoding
cache-control
max-age=300
accept-ranges
bytes
content-type
text/css;charset=UTF-8
fontawesome-all.min.css
www.geheimeaffaires.com/landers/css/ 		50 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.geheimeaffaires.com/landers/css/fontawesome-all.min.css
Requested by
Host: www.geheimeaffaires.com
URL: https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.195.88.46 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
46.88.195.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.2.11
Resource Hash
5986f251d278ae72106ef1d7302798a2e14f69a4d35b80087b9e61905a15e75e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Referer
https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Sat, 14 Mar 2020 07:49:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cacheable
YES
age
0
x-powered-by
PHP/7.2.11
x-cache
HIT
status
200
alt-svc
clear
content-length
10650
server
nginx/1.10.3 (Ubuntu)
strict-transport-security
max-age=63072000;
x-varnish
15675294 15831005
via
1.1 varnish (Varnish/6.0), 1.1 google
vary
Accept-Encoding
cache-control
max-age=300
accept-ranges
bytes
content-type
text/css;charset=UTF-8
logo.png
www.geheimeaffaires.com/img/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.geheimeaffaires.com/img/logo.png
Requested by
Host: www.geheimeaffaires.com
URL: https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.195.88.46 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
46.88.195.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
7aa4551756597459a1c604b16b417fd02900aa4a4a2d63dbb2f866c7e848c157
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Referer
https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sat, 14 Mar 2020 07:49:43 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Apr 2019 06:40:10 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"140a-5876934c20680"
vary
X-Forwarded-Proto,Host
content-type
image/png
status
200
strict-transport-security
max-age=63072000;
accept-ranges
bytes
content-length
5130
x-ua-compatible
IE=edge,chrome=1
loading.gif
www.geheimeaffaires.com/landers/images/logos/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.geheimeaffaires.com/landers/images/logos/loading.gif
Requested by
Host: www.geheimeaffaires.com
URL: https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.195.88.46 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
46.88.195.35.bc.googleusercontent.com
Software
nginx/1.10.3 (Ubuntu) / PHP/7.2.11
Resource Hash
06f91f1bc360e7c486515b416a564445652e40585f94f2d089239b981d6421f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Referer
https://www.geheimeaffaires.com/landing1?cat=milf&pi=3016&pt1=2825509513
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sat, 14 Mar 2020 07:49:43 GMT
via
1.1 varnish (Varnish/6.0), 1.1 google
x-content-type-options
nosniff
x-cacheable
YES
age
0
x-powered-by
PHP/7.2.11
x-cache
HIT
status
200
alt-svc
clear
content-length
2892
server
nginx/1.10.3 (Ubuntu)
strict-transport-security
max-age=63072000;
x-varnish
13046730 15643472
cache-control
max-age=300
accept-ranges
bytes
content-type
image/gif

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| bootstrap

0 Cookies