urlscan.io logo urlscan.io
SecurityTrails logo

www-southernrecipesmallbatch-com.filesusr.com Open in urlscan Pro
34.102.176.152  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://gvwy.io/rc11ndj9
Effective URL: https://www-southernrecipesmallbatch-com.filesusr.com/html/91f255_64aec80bf99aad353350392346fdeed5.html
Submission: On October 29 via api from RU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 11 HTTP transactions. The main IP is 34.102.176.152, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www-southernrecipesmallbatch-com.filesusr.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 27th 2022. Valid for: 6 months.
This is the only time www-southernrecipesmallbatch-com.filesusr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 99.86.63.63 16509 (AMAZON-02)
1 1 198.58.119.213 63949 (LINODE-AP...)
1 1 173.255.204.176 63949 (LINODE-AP...)
1 34.102.176.152 396982 (GOOGLE-CL...)
5 108.138.17.105 16509 (AMAZON-02)
1 52.222.214.15 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 18.66.121.153 16509 (AMAZON-02)
1 151.101.66.133 54113 (FASTLY)
11 6
1    99.86.63.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-63-63.yto50.r.cloudfront.net
gvwy.io
1    198.58.119.213 (Richardson, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li649-213.members.linode.com
slingshot.rafflecopter.com
1    173.255.204.176 (Richardson, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li214-176.members.linode.com
slingshot.rafflecopter.com
1    34.102.176.152 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 152.176.102.34.bc.googleusercontent.com
www-southernrecipesmallbatch-com.filesusr.com
5    108.138.17.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-105.fra56.r.cloudfront.net
widget-prime.rafflecopter.com
1    52.222.214.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-15.fra56.r.cloudfront.net
customizer-css.rafflecopter.com
2    2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    18.66.121.153 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-121-153.fra60.r.cloudfront.net
d1bg42r4siwejx.cloudfront.net
1    151.101.66.133 (United States)

ASN54113 (FASTLY, US)
www.filepicker.io
Apex Domain
Subdomains		 Transfer
8 rafflecopter.com
slingshot.rafflecopter.com
widget-prime.rafflecopter.com — Cisco Umbrella Rank: 347826
customizer-css.rafflecopter.com — Cisco Umbrella Rank: 519236
146 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 145
87 KB
1 filepicker.io
www.filepicker.io — Cisco Umbrella Rank: 24443
403 KB
1 cloudfront.net
d1bg42r4siwejx.cloudfront.net
2 KB
1 filesusr.com
www-southernrecipesmallbatch-com.filesusr.com
987 B
1 gvwy.io
gvwy.io
736 B
11 6
Domain Requested by
5 widget-prime.rafflecopter.com www-southernrecipesmallbatch-com.filesusr.com
widget-prime.rafflecopter.com
2 connect.facebook.net widget-prime.rafflecopter.com
connect.facebook.net
2 slingshot.rafflecopter.com 2 redirects
1 www.filepicker.io
1 d1bg42r4siwejx.cloudfront.net
1 customizer-css.rafflecopter.com widget-prime.rafflecopter.com
1 www-southernrecipesmallbatch-com.filesusr.com
1 gvwy.io 1 redirects
11 8

This site contains no links.

Subject Issuer Validity Valid
*.filesusr.com
Sectigo RSA Domain Validation Secure Server CA		 2022-09-27 -
2023-03-26		 6 months crt.sh
*.rafflecopter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-16 -
2023-02-21		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-08-08 -
2022-11-06		 3 months crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
*.filepicker.io
R3		 2022-10-04 -
2023-01-02		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www-southernrecipesmallbatch-com.filesusr.com/html/91f255_64aec80bf99aad353350392346fdeed5.html
Frame ID: B6078DC3378919E66C3D13EE927AB026
Requests: 3 HTTP requests in this frame

Frame: https://widget-prime.rafflecopter.com/classic/19dbbbb/main.html
Frame ID: 4F4AC09A46E350C1CEA40CF07B6225D2
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://gvwy.io/rc11ndj9 HTTP 301
    http://slingshot.rafflecopter.com/rcapi/v5/r?e=7s8fplh55h69tis27l0rl0o9tt4nfn4i5ep6luf6fu7rs453ou7331jrodjju2r... HTTP 301
    https://slingshot.rafflecopter.com/rcapi/v5/r?e=7s8fplh55h69tis27l0rl0o9tt4nfn4i5ep6luf6fu7rs453ou7331jrodjju2r... HTTP 301
    https://www-southernrecipesmallbatch-com.filesusr.com/html/91f255_64aec80bf99aad353350392346fdeed5.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

11
Requests

100 %
HTTPS

11 %
IPv6

6
Domains

8
Subdomains

6
IPs

2
Countries

639 kB
Transfer

1011 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://gvwy.io/rc11ndj9 HTTP 301
    http://slingshot.rafflecopter.com/rcapi/v5/r?e=7s8fplh55h69tis27l0rl0o9tt4nfn4i5ep6luf6fu7rs453ou7331jrodjju2rqtsu0ij6tiagv7a7o1sdqbc9t89ihjfg9n1u94u8&u=jj24eqld51sr80bsgmplqq48g3796bteq0367nmnu1qfchsei914u8lmccghtr8m0nl3vi1dng0igcuokg6ti53bq2s24rrdc0t9ilcekkot0902ulduveplapjg8jbnhh0brmpqdf1j5mj5gbam3ithjg2scfpjbmq95971ontvo0l8nbuj4qckfdosfbqrug3gt2s25no486qtucvfvjpjd4ilhbbs49p4efo HTTP 301
    https://slingshot.rafflecopter.com/rcapi/v5/r?e=7s8fplh55h69tis27l0rl0o9tt4nfn4i5ep6luf6fu7rs453ou7331jrodjju2rqtsu0ij6tiagv7a7o1sdqbc9t89ihjfg9n1u94u8&u=jj24eqld51sr80bsgmplqq48g3796bteq0367nmnu1qfchsei914u8lmccghtr8m0nl3vi1dng0igcuokg6ti53bq2s24rrdc0t9ilcekkot0902ulduveplapjg8jbnhh0brmpqdf1j5mj5gbam3ithjg2scfpjbmq95971ontvo0l8nbuj4qckfdosfbqrug3gt2s25no486qtucvfvjpjd4ilhbbs49p4efo HTTP 301
    https://www-southernrecipesmallbatch-com.filesusr.com/html/91f255_64aec80bf99aad353350392346fdeed5.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 91f255_64aec80bf99aad353350392346fdeed5.html
www-southernrecipesmallbatch-com.filesusr.com/html/
Redirect Chain
  • http://gvwy.io/rc11ndj9
  • http://slingshot.rafflecopter.com/rcapi/v5/r?e=7s8fplh55h69tis27l0rl0o9tt4nfn4i5ep6luf6fu7rs453ou7331jrodjju2rqtsu0ij6tiagv7a7o1sdqbc9t89ihjfg9n1u94u8&u=jj24eqld51sr80bsgmplqq48g3796bteq0367nmnu1qf...
  • https://slingshot.rafflecopter.com/rcapi/v5/r?e=7s8fplh55h69tis27l0rl0o9tt4nfn4i5ep6luf6fu7rs453ou7331jrodjju2rqtsu0ij6tiagv7a7o1sdqbc9t89ihjfg9n1u94u8&u=jj24eqld51sr80bsgmplqq48g3796bteq0367nmnu1q...
  • https://www-southernrecipesmallbatch-com.filesusr.com/html/91f255_64aec80bf99aad353350392346fdeed5.html
301 B
987 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www-southernrecipesmallbatch-com.filesusr.com/html/91f255_64aec80bf99aad353350392346fdeed5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
3177cafc509707e40248d1784803714530be1fd67077c020e160cca376199e2d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2269904
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=15552000, immutable
content-length
301
content-type
text/html; charset=utf-8
date
Mon, 03 Oct 2022 16:04:02 GMT
etag
"64aec80bf99aad353350392346fdeed5"
expires
Mon, 03 Oct 2022 16:58:08 GMT
last-modified
Fri, 02 Sep 2022 14:03:56 GMT
server
openresty/1.21.4.1
timing-allow-origin
*
via
1.1 google
x-goog-generation
1662127436523796
x-goog-hash
crc32c=NVppiQ== md5=ZK7IC/marTUzUDkjRv3u1Q==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
301
x-guploader-uploadid
ADPycdvSBnwKZVK1GzMt8wvka2cUQDyZm5m8LA8g3mBzeRLSuJVsVbjndonG2M_MX79XXgEq_JOV0CKCmgJUyTkLd75cRfRUV4O5
x-seen-by
gcp.us-central-1.media-router-765d45dbd8-vj5hk

Redirect headers

Connection
keep-alive
Content-Length
184
Content-Type
text/html
Date
Sat, 29 Oct 2022 22:35:46 GMT
Location
https://www-southernrecipesmallbatch-com.filesusr.com/html/91f255_64aec80bf99aad353350392346fdeed5.html
Server
nginx/1.4.6
launch.js
widget-prime.rafflecopter.com/ 		361 B
806 B 		Script
General
Check archive.org
Download Go to
Full URL
https://widget-prime.rafflecopter.com/launch.js
Requested by
Host: www-southernrecipesmallbatch-com.filesusr.com
URL: https://www-southernrecipesmallbatch-com.filesusr.com/html/91f255_64aec80bf99aad353350392346fdeed5.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7b19cbc1080d745484c4951fc7cd28984ba34b6d0a4720e1d62d34c02510576a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www-southernrecipesmallbatch-com.filesusr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 00:44:27 GMT
Content-Encoding
gzip
Via
1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
Last-Modified
Fri, 21 Nov 2014 19:12:16 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P7
Age
4744280
ETag
"b3e777548d0e13cf1e51d04dc16be5c7"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Cache-Control
max-age=7200, s-maxage=31556900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
257
X-Amz-Cf-Id
wDYmt_etRt6Iv2-CaU9f9u2Ne4YN5Cb1OF1mfLU_NLKXsd3eV8PqZA==
load.js
widget-prime.rafflecopter.com/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget-prime.rafflecopter.com/load.js
Requested by
Host: widget-prime.rafflecopter.com
URL: https://widget-prime.rafflecopter.com/launch.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dc9c0210472da908d21e73701c914e53781c4688a7f4595ef8d0189b0a5070f4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www-southernrecipesmallbatch-com.filesusr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Sat, 29 Oct 2022 22:35:44 GMT
Content-Encoding
gzip
Via
1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
Last-Modified
Sun, 26 Jul 2020 04:37:47 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P7
Age
4
ETag
"b5c8176413f5bc6e3af22f14dfae3607"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Cache-Control
max-age=100, s-maxage=50
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2161
X-Amz-Cf-Id
ZNw6XSF3dDO_B9vol6PVkeTJXCQMWiqn06Sj8KgT5Wl26Klj4AJ2wg==
main.html
widget-prime.rafflecopter.com/classic/19dbbbb/ Frame 4F4A 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://widget-prime.rafflecopter.com/classic/19dbbbb/main.html
Requested by
Host: widget-prime.rafflecopter.com
URL: https://widget-prime.rafflecopter.com/load.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
860b1287e4802e8e88c02aff16f77ee81c71f6f18d9875c319b73df00f03c93a

Request headers

Referer
https://www-southernrecipesmallbatch-com.filesusr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Age
4744280
Cache-Control
max-age=31556900, s-maxage=31556900
Connection
keep-alive
Content-Encoding
gzip
Content-Length
611
Content-Type
text/html
Date
Mon, 05 Sep 2022 00:44:28 GMT
ETag
"18035c66656d53a208d5462df46a8fd4"
Expires
Sun Jul 25 2021 22:37:39 GMT-0600 (MDT)
Last-Modified
Sun, 26 Jul 2020 04:37:47 GMT
Server
AmazonS3
Via
1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
X-Amz-Cf-Id
iEdxyp2ZK0o73SFo9oVZMK4bHaSLVPAX7wWujZJb0PW94kHAD99wGA==
X-Amz-Cf-Pop
FRA56-P7
X-Cache
Hit from cloudfront
main.js
widget-prime.rafflecopter.com/classic/19dbbbb/ Frame 4F4A 		221 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget-prime.rafflecopter.com/classic/19dbbbb/main.js
Requested by
Host: widget-prime.rafflecopter.com
URL: https://widget-prime.rafflecopter.com/classic/19dbbbb/main.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
396e7a57b6d4cfd9f673f410832ac070cd8257282453b835211d2751501666aa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://widget-prime.rafflecopter.com/classic/19dbbbb/main.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Sat, 29 Oct 2022 01:05:40 GMT
Content-Encoding
gzip
Via
1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA56-P7
Age
77408
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
64819
Last-Modified
Sun, 26 Jul 2020 04:37:48 GMT
Server
AmazonS3
ETag
"82b7ee1f423e1887e003cfd95a7c8130"
Content-Type
application/javascript
Cache-Control
max-age=31556900, s-maxage=31556900
Accept-Ranges
bytes
X-Amz-Cf-Id
pzfeTuSLQqvPYvHdDaYZB_pqZ4vTW3XyAuHrGtZPsJDQyvyx6YVFFA==
Expires
Sun Jul 25 2021 22:37:39 GMT-0600 (MDT)
load.gif
widget-prime.rafflecopter.com/static/img/ Frame 4F4A 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widget-prime.rafflecopter.com/static/img/load.gif
Requested by
Host: widget-prime.rafflecopter.com
URL: https://widget-prime.rafflecopter.com/classic/19dbbbb/main.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.17.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-17-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2bfd8b569faf3aafd4fa3d3cdcb2058c76ce26852b7862e90b3a2af4fdfd5710

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://widget-prime.rafflecopter.com/classic/19dbbbb/main.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Sat, 29 Oct 2022 21:56:09 GMT
Via
1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
Last-Modified
Wed, 22 Oct 2014 23:54:07 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P7
Age
2584
ETag
"072f7b6d88ecdbfb9d53f977905f17ea"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6256
X-Amz-Cf-Id
upM31KeC3NgqFDJD9QKmCsSc1KfN5WaJ9cAbybgtfz8Sb7h9evXfEw==
5d139f6adff91af2048065d6_1561567082773.css
customizer-css.rafflecopter.com/-/19dbbbb/ Frame 4F4A 		70 KB
70 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://customizer-css.rafflecopter.com/-/19dbbbb/5d139f6adff91af2048065d6_1561567082773.css
Requested by
Host: widget-prime.rafflecopter.com
URL: https://widget-prime.rafflecopter.com/classic/19dbbbb/main.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-15.fra56.r.cloudfront.net
Software
nginx/1.4.5 / Express
Resource Hash
de7df090fe846efc9852efb4e082d4e3abdadb76c3ffc05de009776f0485aaca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://widget-prime.rafflecopter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Sat, 29 Oct 2022 03:39:20 GMT
Via
1.1 82514a5a8cf35fb3132b0b5ab9cb724c.cloudfront.net (CloudFront)
Server
nginx/1.4.5
X-Amz-Cf-Pop
FRA56-P3
Age
68187
X-Powered-By
Express
ETag
W/"11787-XRaPRdxcPePUrZVLqTmPLH2fk/M"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/css; charset=utf8
Cache-Control
max-age=31556900, s-maxage=604800;
Connection
keep-alive
Content-Length
71559
X-Amz-Cf-Id
KgJlJawVz0FfTDinFSe4uE0S9TpyOd-chYgcGpM8zBICd-PSMShyhQ==
Expires
Thu, 01 Dec 2016 20:00:00 GMT
sdk.js
connect.facebook.net/en_US/ Frame 4F4A 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: widget-prime.rafflecopter.com
URL: https://widget-prime.rafflecopter.com/classic/19dbbbb/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
890112a4d1177ce9d70432d3e3ef525b1cedffcd85d5c2b1f8fb9c5695901c96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://widget-prime.rafflecopter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 29 Oct 2022 22:35:47 GMT
content-md5
ixEm/vNaYq2kifPLd7I62w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1686
x-fb-rlafr
0
x-fb-debug
4EVnoDQhjAbWlgYLBnKoP98IZ0bvH52GQVBdDVQSJHKjUITELiK1xI2/yC1Ackt0lMweesqlpWX9ls/bAOS7mw==
x-fb-trip-id
686109401
x-fb-content-md5
6613cfa66d1cccaec3043e6616c40e77
cross-origin-opener-policy
same-origin-allow-popups
etag
"fcc0aca9b7a8a4cecd60e854ecf83f55"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 29 Oct 2022 22:52:16 GMT
fb-min.png
d1bg42r4siwejx.cloudfront.net/ Frame 4F4A 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1bg42r4siwejx.cloudfront.net/fb-min.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.121.153 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-121-153.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39df299896edba64a8ee29f14d9f2a9441594d6d5e1541b3d846737122464d69

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://widget-prime.rafflecopter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Sat, 29 Oct 2022 19:48:16 GMT
Via
1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)
Last-Modified
Thu, 25 Jul 2019 14:24:02 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P2
Age
64791
ETag
"3aaa41124a1231a77feeb05813fe1226"
X-Cache
Hit from cloudfront
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1188
X-Amz-Cf-Id
TYCXehvYLorES7EwV2K7ChEYjjGfhuvLMrfs2mMV1zrz0lODWdGzxA==
sdk.js
connect.facebook.net/en_US/ Frame 4F4A 		300 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=fe357dde3154f8cdd362bcdf5c343fa9
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a76aa244244fd0ba22ad415e4eb9abb9059cb54564a7160e7e16c3dee3753909
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://widget-prime.rafflecopter.com/
Origin
https://widget-prime.rafflecopter.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 29 Oct 2022 22:35:47 GMT
content-md5
lawyn2hqnP3oYAOU7cxDKA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
86940
x-fb-rlafr
0
x-fb-debug
Arog/BgfN5ZmYw/z5O6Gpxa6/o6f7TbYW19GgVXCQa+jlgttgkFaKfxYeetmV7gl9Q7iz47LiWZMzg8U9SsMvQ==
x-fb-content-md5
72ffe85d33c2333219482ca4a8222bff
cross-origin-opener-policy
same-origin-allow-popups
etag
"bc2ab2745d558cd58c6764663ba7b6d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sun, 29 Oct 2023 20:54:51 GMT
convert
www.filepicker.io/api/file/fuOhknztTSmKHTVBd4Fa/ Frame 4F4A 		403 KB
403 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.filepicker.io/api/file/fuOhknztTSmKHTVBd4Fa/convert?dl=false&crop=0,0,1200,1000&quality=95&fit=scale&cache=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
72e56d88d6996f2e2c1e918861e8ab492c8c253b8decdf79e706f5ce014a7070

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://widget-prime.rafflecopter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Sat, 29 Oct 2022 22:35:48 GMT
via
1.1 varnish, 1.1 varnish
age
2129881
x-cache
HIT, HIT
content-length
412364
x-served-by
cache-iad-kcgs7200088-IAD, cache-hhn4046-HHN
last-modified
Wed, 05 Oct 2022 06:57:48 GMT
x-timer
S1667082948.013382,VS0,VE3
etag
"5e96c89fe5c9bde9b6e7af11d5911d3d"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
filestack-trace-id
1664953067-9uJXJHbbSl
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
5263, 1

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| cptr

2 Cookies

Domain/Path Name / Value
.rafflecopter.com/ Name: rta_refr
Value:
.rafflecopter.com/ Name: raflrefer
Value: 166211158312593621b7f45d