best-usa3.sa.com Open in urlscan Pro
2606:4700:3035::6815:df9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://best-usa3.sa.com/
Effective URL:
https://best-usa3.sa.com/
Submission: On October 30 via manual (October 30th 2023, 2:20:48 am UTC) from JP — Scanned from JP

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 24 HTTP transactions. The main IP is 2606:4700:3035::6815:df9, located in United States and belongs to CLOUDFLARENET, US. The main domain is best-usa3.sa.com.
TLS certificate: Issued by E1 on October 3rd 2023. Valid for: 3 months.

This is the only time best-usa3.sa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tech Support Scam (Consumer)

Downloads These files were downloaded by the website

UltraViewer_setup_6.6_en.exe 3 MB application/x-dosexec

SHA256: 88451e23b6263e95bb26e69c68a0c7b9e3458d2723fd8ee691a5443e465bb14f

MIME: PE32 executable (GUI) Intel 80386, for MS Windows

Size: 3 MB (3576040 bytes, 100% done)

Downloaded from: https://dl2.ultraviewer.net/UltraViewer_setup_6.6_en.exe

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3031::ac43:858e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	2606:4700:303... 2606:4700:3035::6815:df9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	103.126.138.87 103.126.138.87	40676 (AS40676) (AS40676)
1	2606:4700::68... 2606:4700::6812:1b32	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.176.240 172.67.176.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	157.230.246.25 157.230.246.25	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	68.183.86.211 68.183.86.211	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
24	6

1 2606:4700:3031::ac43:858e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

best-usa3.sa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700:3035::6815:df9 (United States)

ASN13335 (CLOUDFLARENET, US)

best-usa3.sa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.126.138.87 (Singapore, Singapore)

ASN40676 (AS40676, US)
PTR: unassigned.psychz.net

ipwho.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1b32 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.176.240 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnstat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.230.246.25 (Singapore, Singapore) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

www.ultraviewer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.183.86.211 (Bengaluru, India)

ASN14061 (DIGITALOCEAN-ASN, US)

dl2.ultraviewer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	sa.com 1 redirects best-usa3.sa.com	271 KB
2	ultraviewer.net 1 redirects www.ultraviewer.net — Cisco Umbrella Rank: 525839 dl2.ultraviewer.net — Cisco Umbrella Rank: 900504	428 B
1	cdnstat.net cdnstat.net — Cisco Umbrella Rank: 273955	698 B
1	mouseflow.com cdn.mouseflow.com — Cisco Umbrella Rank: 7012	431 B
1	ipwho.is ipwho.is — Cisco Umbrella Rank: 86087	930 B
0	Failed function sub() { [native code] }. Failed
24	6

	Domain	Requested by
21	best-usa3.sa.com	1 redirects best-usa3.sa.com
1	dl2.ultraviewer.net
1	www.ultraviewer.net	1 redirects
1	cdnstat.net	best-usa3.sa.com
1	cdn.mouseflow.com	best-usa3.sa.com
1	ipwho.is	best-usa3.sa.com
0	truncated Failed	best-usa3.sa.com
24	7

This site contains no links.

Subject Issuer	Validity	Valid
best-usa3.sa.com E1	`2023-10-03` - `2024-01-01`	3 months	crt.sh
ipwho.is GoGetSSL ECC DV CA	`2023-04-05` - `2024-04-05`	a year	crt.sh
cdn.mouseflow.com Cloudflare Inc ECC CA-3	`2023-10-25` - `2024-10-23`	a year	crt.sh
cdnstat.net E1	`2023-09-18` - `2023-12-17`	3 months	crt.sh
*.ultraviewer.net Sectigo RSA Domain Validation Secure Server CA	`2023-04-25` - `2024-05-01`	a year	crt.sh

This page contains 1 frames:

Frame: https://dl2.ultraviewer.net/UltraViewer_setup_6.6_en.exe
Frame ID: 78891FD5B9162A95168D0C3B633C7668
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

C0mputer Err00r 020x1V7GT0Vx07B

Page URL History Show full URLs

http://best-usa3.sa.com/ HTTP 301
https://best-usa3.sa.com/ Page URL

Detected technologies

Mouse Flow (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.mouseflow\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

43 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

272 kB
Transfer

635 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://best-usa3.sa.com/ HTTP 301
https://best-usa3.sa.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://www.ultraviewer.net/en/UltraViewer_setup_6.6_en.exe HTTP 302
https://dl2.ultraviewer.net/UltraViewer_setup_6.6_en.exe

24 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
best-usa3.sa.com/
Redirect Chain

http://best-usa3.sa.com/
https://best-usa3.sa.com/

23 KB
7 KB

688ms
665ms

Document
text/html

2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-usa3.sa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a9361d452191ace184d1178492a2138f4107f98f0affb360367ed2d9760050c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 81e02e38e837dedb-NRT
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 30 Oct 2023 02:20:42 GMT
expires: Mon, 30 Oct 2023 02:20:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ejCvjWeUIxY0NKTCmxXoDevSnnVCWI4FLSQXNiKrpKKzhl%2BS6BKG3Vidrk38D%2Bi4uUTOuOrNrOgD7zMYD65Qb%2FoyDmteqNQMfPpUlgH%2FCgU%2B3psW263ODEWSlKbV8lveIHHksajbGip7DGAzxPZk"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
CF-RAY: 81e02e349c19f64d-NRT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Date: Mon, 30 Oct 2023 02:20:41 GMT
Expires: Mon, 30 Oct 2023 02:20:41 GMT
Location: https://best-usa3.sa.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEkj03Jsp3fqe8XIAP3qDxe%2BP%2FCm%2BvTo2BXLOR1njnpDUqqB2hWoEnnqi0DPBGok6LgtvmwTs8hEVv%2BkeDIEgfc0jyT34cNJBzPKCWYkgrAuQaze1mshrqHHc6E9ftAOlfivz8Q6SOAtYnNhj0SC"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 tapa.css
best-usa3.sa.com/lander/win/css/ 18 KB
4 KB 33ms
29ms Stylesheet
text/css 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-usa3.sa.com/lander/win/css/tapa.css
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab17a007419c5502fd7c8404e03c8bc13d8d66659478f7ace39fd3a0cd4d721a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 694218
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: W/"6533dcbc-46c6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLIjGDRnR8w5iZztr%2FovxIQ8G2aHB1XfiIm4%2FzHEocdJYXDaPojZ90vvacXyqKy%2FphOb%2BZO7RwPjpg2bKDffXR0isbS3mNSWNlnSfzXnWw5IxImYxJ5dSmpOrJfzO2IAwDucY4yVGYI1OygMFHPQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=864000
cf-ray: 81e02e3d2bbbdedb-NRT
expires: Wed, 01 Nov 2023 01:30:23 GMT

GET
H2 200 jquery-1.4.4.min.js Show response
best-usa3.sa.com/lander/win/js/ 77 KB
28 KB 34ms
30ms Script
application/javascript 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-usa3.sa.com/lander/win/js/jquery-1.4.4.min.js
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 694218
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: W/"6533dcbc-13309"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMAvnQkH5uMW4XOISuPhsygzUjiAu0iaA8kljij%2FhZ8XNeDzU9Y5EyX8QFZ2dU8PQKzXeWjmDIah2pfyuqYPJ6YH0UNc%2BerZTphd7CrX4lfLh2T3q3XyuwqJ8hvjwwvaygP%2BGdJgGJsHF0gfZkV9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=864000
cf-ray: 81e02e3d2bc0dedb-NRT
expires: Wed, 01 Nov 2023 01:30:24 GMT

GET
H2 200 noir.js Show response
best-usa3.sa.com/lander/win/js/ 83 KB
30 KB 27ms
24ms Script
application/javascript 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-usa3.sa.com/lander/win/js/noir.js
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6c1aaba2472531b8fc82fdaa9659b0a0fa556f80ab7e81e3f7ed2902fd3b845

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 694218
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: W/"6533dcbc-14a74"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZ%2BCxfwm8vw6z9UIx5kiBo3ibe9FcZMJ%2Fsu8f04TYozyIT%2Bv7MA1hW%2BydfyPYEVdvj8J%2B4uwWd%2FAYVqh9zsaMkEYnytm6angMc24eLu%2Bh57KNtXeX3lL746gwn7MYngXokztITcG2V%2BdRws5uPIv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=864000
cf-ray: 81e02e3d2bc1dedb-NRT
expires: Wed, 01 Nov 2023 01:30:24 GMT

GET
H3 200 a552e132-11e6-44b6-b4e3-418d9ba0a42f_eu.js Show response
best-usa3.sa.com/lander/win/js/ 180 KB
51 KB 1618ms
1616ms Script
application/javascript 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-usa3.sa.com/lander/win/js/a552e132-11e6-44b6-b4e3-418d9ba0a42f_eu.js
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10227e9567b16fbf1d3ce7078ad5b13bbb677a339381dc5237ead113b4b5f5bb

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:44 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6533dcbc-2cf49"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3XpSY7drWQerIlmsPv1dZ5GZFyLP53L0dnrJb5C6Ti4akxNzCcCjK9P%2Fe4Eh%2B5UkizyueeymtfIl2goCl5IbYw6gCVv96tKsOz9N15jQSClP1%2Feoj6shQSCFRsmBgz2b2D11Ya%2F1PQ0igt7FAA%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=864000
cf-ray: 81e02e3d7f7e80ef-NRT
alt-svc: h3=":443"; ma=86400
expires: Thu, 09 Nov 2023 02:20:43 GMT

GET
H2 200 f24.png
best-usa3.sa.com/lander/win/images/ 25 KB
25 KB 24ms
22ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/f24.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e0506e9f5736d25677b197cb223b3c6de29d52d06da4aa9a4b2006b28d5039a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 694218
alt-svc: h3=":443"; ma=86400
content-length: 25288
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-62c8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5QiWI6z0jIsnOaqG2%2BjxWYKmDwYeh6lu%2BeNuF9KfFZhPQg6eNE1VQktqzlJnn0B2%2BYhEVjhBoW26o4iXpnVuQ30Ty%2FdA60AcYls4YjpYrTAV7BIUWtB5RaO%2FgVzxduLMPuGa5fJ88DgNM8KFYFvJ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d2bc2dedb-NRT
expires: Wed, 01 Nov 2023 01:30:24 GMT

GET
H2 200 mnc.png
best-usa3.sa.com/lander/win/images/ 187 B
510 B 31ms
29ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/mnc.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5a324f181af16879b6c4c52b731b23392f2816def159b157c4de620cff1cd41

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 72079
alt-svc: h3=":443"; ma=86400
content-length: 187
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-bb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azwZl9aqeZDoCRNR0isEBkrQGX5dBZm4pRbK3en6aFdgrn1OUjIjUhq1aybjNbbt%2B2PPOOco0YKl6SEReYvcBm7T0ss0mZ9qndUoEDgi7z9TYIWp2UIGZQFZCR3V19CJaajLadSEinNoHCJei9sU"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d2bc3dedb-NRT
expires: Wed, 08 Nov 2023 06:19:22 GMT

GET
H3 200 msmm.png
best-usa3.sa.com/lander/win/images/ 168 B
702 B 11ms
11ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/msmm.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 692005
alt-svc: h3=":443"; ma=86400
content-length: 168
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-a8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86x57diE%2BMFualwIiBkRfDy%2FsF8S8EKWZrz78i5XnxkJ2dE3SulEdlnA%2BVKiIaCtaT1ugqlGE7nuJ9zk5Xs8UIOtXHdg7oWyH7%2B6q8bqHwG%2BD1SMSWD8f357EOOif4BV64Tc98RMNJ7xC%2FFdfVCM"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d6f4280ef-NRT
expires: Wed, 01 Nov 2023 02:07:17 GMT

GET
H3 200 set.png
best-usa3.sa.com/lander/win/images/ 364 B
865 B 12ms
12ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/set.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 692005
alt-svc: h3=":443"; ma=86400
content-length: 364
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-16c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oPgmXX9gkuLvGuCe8RzR%2By8NmAhcqGuKJf7KRyC6t6%2BKuEvWd%2Bk9kQTDYt1UJJJrfClVTjEaS8nPbT%2FINnThHWq%2BULNYj18OvoceAW8gcBgSG8uADyUvuxXN90Vl%2BoE9FxeeNAU4D4CXdi%2FdRpjv"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d6f4480ef-NRT
expires: Wed, 01 Nov 2023 02:07:17 GMT

GET
H3 200 vsc.png
best-usa3.sa.com/lander/win/images/ 722 B
1 KB 11ms
10ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/vsc.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31c6dbe9d867436244f38566adad57e3870f4c8489c6804280eb564bfac5c1bd

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 692005
alt-svc: h3=":443"; ma=86400
content-length: 722
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-2d2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxCosoalK002JHBc6BtiaURJPoSimG5eXLPhnnYHleEY9MTj0j69%2B4mxg0SAcTc2wqJ3A%2B8pBLhY2KTD5nqU2HESBg6%2FZxC4MuDCVVi8v9WCaExpdWupcP24SnzQFq4NJh3iMBCOFp22fW8HAeJr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d7f7080ef-NRT
expires: Wed, 01 Nov 2023 02:07:17 GMT

GET
H3 200 bx1.png
best-usa3.sa.com/lander/win/images/ 97 KB
98 KB 1349ms
1347ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/bx1.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93ab9ddc223156f5f4ba7ff8fc14a885e9b5946fc10917571022d7c2d9a08886

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 99389
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-1843d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7yo%2FQWbBeLH%2Bxc23KdZwK%2B9jgEtdYBMz8QPx52QLwbxeRL4P4mtOog7%2F2sPAkd9d9uNNSryaBaDw%2Fe2gisZA8P29NkA%2FOr%2BBaAKpszgzEA9Xlw8uA28Z5xsOGhkRWFXHNXXblF%2FxyeDcUvpor%2BPE"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d7f7f80ef-NRT
expires: Thu, 09 Nov 2023 02:20:42 GMT

GET
H3 200 bel.png
best-usa3.sa.com/lander/win/images/ 276 B
774 B 12ms
11ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/bel.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c1606563842cce5f1788329d4417ae3618b33c6365c56a7122439b6ab45c977

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 692005
alt-svc: h3=":443"; ma=86400
content-length: 276
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-114"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCHxjGjwvr62PhcxYjuPr%2B0T5J6G7z%2F9RSDL1sWxmU6gdHnH81tQ0CiUeeafhzbekQOPov3gKA6PG62JI0qZyqNjZV4mauRmEe64DXTJKYk%2B6AY%2BpMYRv7lMHDJbkOI6UdQSCN%2FPEOSHDQSBAbyN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d7f8080ef-NRT
expires: Wed, 01 Nov 2023 02:07:17 GMT

GET
H3 200 pcm.png
best-usa3.sa.com/lander/win/images/ 1 KB
2 KB 11ms
9ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/pcm.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe332157f4efe355f3181284e99f4331c4d19703ed1678b5316d2933f95e98e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 692005
alt-svc: h3=":443"; ma=86400
content-length: 1270
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-4f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gv%2BsHYPGjF0J9Y7wTahpHT0%2B9ZvOgr20J2WldVuVODLUZnJS5FgjaZfOasBgAE2QUcsLPeomNBkseX1HvBP23I2TnMIxkWY3CjlPi%2BMbGP2eD7EP6HmpjUz8aKbAncuuY1%2FMFrFw8ORqueopxcMT"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d7f8280ef-NRT
expires: Wed, 01 Nov 2023 02:07:17 GMT

GET
H3 200 dm.png
best-usa3.sa.com/lander/win/images/ 332 B
830 B 13ms
12ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/dm.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7df9f467d23ee1887edb2123cca10a1a9c4624cdcf7199c64e78a8430031f9f5

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 692005
alt-svc: h3=":443"; ma=86400
content-length: 332
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-14c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AsJKLQs%2Fd%2BPAZKV2GhUrSJTbT%2FTfe%2Bz2vituqu01cjNXbc%2F%2FA6gRw6uC5gBcd1e5TKqSzSIihEo9u7dyyyXUx9DkVkMkPZ0uaQQ0FJH4ywwn15FebvpuE1Gxljmu0s9uvJHe2hbktp%2FyEoDxfkA1"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d7f8480ef-NRT
expires: Wed, 01 Nov 2023 02:07:17 GMT

GET
H3 200 cs.png
best-usa3.sa.com/lander/win/images/ 3 KB
3 KB 15ms
14ms Image
image/png 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/cs.png
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b67a7c07a045d7cb0f2e216a557aec0d99405e17c36d1a6b1ff3e2733aa35348

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 692005
alt-svc: h3=":443"; ma=86400
content-length: 2681
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-a79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nWmUhqlhDBEUb5%2FMLK8HDy5HYPD994yXdnoAb%2FpZYiWlSnvVyheLbthkz7nF53NfNMvKLlgDgrt4%2Ff2s8ahHrOEq8ntyUThh4LyOWsyqDQ6NGFpzX6OLONmBz80OzDtivYfcSZmWt9H2G5a2IXBL"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d7f8580ef-NRT
expires: Wed, 01 Nov 2023 02:07:17 GMT

GET
H3 200 re.gif
best-usa3.sa.com/lander/win/images/ 14 KB
15 KB 943ms
941ms Image
image/gif 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://best-usa3.sa.com/lander/win/images/re.gif
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 14751
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-399f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cSh65WHKOBjYAmVC%2BBpntkK3hSnbTd6yr69wlIrzISkQaDAEtER5V6Wg3k%2BvdMeUmXIzxGkyUHKAscdv8Acc3%2F5PimQoaA3mGu4CK44J%2BoCs8YVp17DeCAXSl07ClpKH0EweCa796Vbxa8cJYZfH"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 81e02e3d7f8680ef-NRT
expires: Thu, 09 Nov 2023 02:20:42 GMT

GET
H3 200 nvidia.js Show response
best-usa3.sa.com/lander/win/js/ 2 KB
1 KB 10ms
9ms Script
application/javascript 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-usa3.sa.com/lander/win/js/nvidia.js
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4cbdd05d72f3f3aeafe26879dc8be7ff600386a8ee6f40b2389e0379ffa24c7a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 692005
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: W/"6533dcbc-835"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ClZ34%2FHxcGZT2WyjQ6AR%2BygQqMNoOObpoJZ6T1wjHLgcqXbDfjqei7T5K16dVWqzYmB1YtXSp7YMFMlHCsFHFhsDTlk%2FxSnN9HOZ1ObUplFd%2Bm8lG2%2BnI61%2BAE6Eyz5xhPh2WwvaBWdKETZeznW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=864000
cf-ray: 81e02e3d7f7c80ef-NRT
expires: Wed, 01 Nov 2023 02:07:17 GMT

GET
H3 200 jupiter.js Show response
best-usa3.sa.com/lander/win/js/ 339 B
660 B 621ms
620ms Script
application/javascript 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-usa3.sa.com/lander/win/js/jupiter.js
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3092f8eb26e853251345ee04b982f91a1f8bc46628df46d93d2f958e6e5cf39

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6533dcbc-153"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6RTRuZH5RybN5KvG8ST29VMV10Cpie0WiXPc0Jtq42W51gcZwtDv81VH0DwevnhgE8DRF9x154WYVcdDzZUDrfT28kB6pyKbFmqNt%2FC1YXLh2Qpp5v%2F%2FEtr6Isqh0IhSmWjyzQiQtTTFMIySEdRS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=864000
cf-ray: 81e02e3d7f7d80ef-NRT
alt-svc: h3=":443"; ma=86400
expires: Thu, 09 Nov 2023 02:20:42 GMT

GET
H/1.1 200
OK / Show response
ipwho.is/ 658 B
930 B 236ms
75ms XHR
application/json 103.126.138.87
AS40676

General

Check archive.org

Show headers Download Go to

Full URL: https://ipwho.is/?lang=en
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 103.126.138.87 Singapore, Singapore, ASN40676 (AS40676, US),
Reverse DNS: unassigned.psychz.net
Software: ipwhois /
Resource Hash: 783be7fe3c5776a2c8d09aa888ad397524ba6bb05dae9b44cb8e3f43f821ef9b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Mon, 30 Oct 2023 02:20:42 GMT
Server: ipwhois
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Robots-Tag: noindex
Access-Control-Allow-Headers: *

GET
H2 200 a552e132-11e6-44b6-b4e3-418d9ba0a42f.js Show response
cdn.mouseflow.com/projects/ 115 B
431 B 30ms
10ms Script
application/javascript 2606:4700::6812:1b32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mouseflow.com/projects/a552e132-11e6-44b6-b4e3-418d9ba0a42f.js

Requested by

Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1b32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d65e0bb2b93943ac7a72d8f70bda4f8931d6d07c9731bf28dc1d895c1dc4edf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:42 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 399753
x-mf-script: US
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 20 Oct 2023 08:40:40 GMT
server: cloudflare
etag: W/"65323d08-73"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=86400
cf-ray: 81e02e3d9ba43517-NRT
expires: Tue, 31 Oct 2023 02:20:42 GMT

GET truncated
/ 0
0

GET
H3 206 _Fm7-alert.mp3
best-usa3.sa.com/lander/win/media/ 110 KB
0 1202ms
1202ms Media
audio/mpeg 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-usa3.sa.com/lander/win/media/_Fm7-alert.mp3
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://best-usa3.sa.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 30 Oct 2023 02:20:43 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-231541/231542
alt-svc: h3=":443"; ma=86400
Content-Length: 231542
last-modified: Sat, 21 Oct 2023 14:14:20 GMT
server: cloudflare
etag: "6533dcbc-38876"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3PD2%2BdKft9EQh1mE8A8339tHCeXtiAaMxapaznrD2vNA4J24dEYxclp%2FwjCqfaOOKtERY%2FwL6NmXypDA9dO2QitOttaroZwXFdlLPfTABUcahp9tcGPmOI2lFirGwoEj5QDx3rcV5dn3B7lje%2BIc"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
access-control-allow-origin: *
cache-control: max-age=864000
cf-ray: 81e02e3dafa780ef-NRT
expires: Thu, 09 Nov 2023 02:20:42 GMT

GET
H2 200 script.js Show response
cdnstat.net/get/ 129 B
698 B 572ms
547ms Script
text/html 172.67.176.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnstat.net/get/script.js?referrer=https://best-usa3.sa.com/
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/lander/win/js/noir.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.176.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.1
Resource Hash: c59a3960888d96b3748601b9b77df171bafa3d53289ec4b8b6db3d474e9a39e1

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://best-usa3.sa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 02:20:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/8.2.1
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: https://best-usa3.sa.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cmuVMEsrWxwoG5DgvnNQO6ilUAqzwWDbt7UYBdpp1xA%2BvoywJ0OdY4%2B1rBl4Fh5L1zw7PGiNbCVj5rpQOqjeApkQiREE9yBON87TSM%2BXZ2u790pJVG9v%2B13zTXOiJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 81e02e43ea30affa-NRT
access-control-allow-headers: X-Requested-With,content-type
alt-svc: h3=":443"; ma=86400

GET
H3 404 ai2.mp3
best-usa3.sa.com/lander/win/ 548 B
972 B 608ms
608ms Media
text/html 2606:4700:3035::6815:df9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://best-usa3.sa.com/lander/win/ai2.mp3
Requested by: Host: best-usa3.sa.com
URL: https://best-usa3.sa.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:df9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

Referer: https://best-usa3.sa.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 30 Oct 2023 02:20:44 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmmqCDBh04CznmFvDOjQveQGnFHOom1EO3uJ%2BkuTHfDcBuhefJgDBmz1aBVvjsfWLY%2FpZew7spjT9VTHI3CIfmSghFWa6NF0eDD471MULKmD8BwiUCOw9kHR1Bgwx8tp0Sqos6LfctddKb26DUKB"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 81e02e47d9bd80ef-NRT
alt-svc: h3=":443"; ma=86400

GET
H/1.1

200
OK

UltraViewer_setup_6.6_en.exe
dl2.ultraviewer.net/
Redirect Chain

https://www.ultraviewer.net/en/UltraViewer_setup_6.6_en.exe
https://dl2.ultraviewer.net/UltraViewer_setup_6.6_en.exe

0
0

771ms
110ms

Document
application/octet-stream

68.183.86.211
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://dl2.ultraviewer.net/UltraViewer_setup_6.6_en.exe
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 68.183.86.211 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash

Request headers

Referer: https://best-usa3.sa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Age: 333
Cache-Control: public, max-age=1800
Connection: keep-alive
Content-Disposition: attachment; filename=UltraViewer_setup_6.6_en.exe
Content-Length: 3576040
Content-Size: 3576055
Content-Type: application/octet-stream; charset=UTF-8
Date: Mon, 30 Oct 2023 02:15:13 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Cache: HIT from bangalore-cdn
X-Cache-Lookup: HIT from bangalore-cdn:443
X-Powered-By: ASP.NET

Redirect headers

Age: 58
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Length: 173
Content-Type: text/html; charset=utf-8
Date: Mon, 30 Oct 2023 02:19:47 GMT
Location: https://dl2.ultraviewer.net/UltraViewer_setup_6.6_en.exe
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Cache: HIT from ubuntu-singapore-cdn
X-Cache-Lookup: HIT from ubuntu-singapore-cdn:443
X-Powered-By: ASP.NET

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: truncated
URL: data:truncated

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
best-usa3.sa.com/	1970-01-20 16:35:10	Name: _subid Value: 1lvqffr11qf88
best-usa3.sa.com/	1970-01-21 01:26:32	Name: 222db Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEyNzJcIjoxNjk4NjMyNDQyfSxcImNhbXBhaWduc1wiOntcIjM0NlwiOjE2OTg2MzI0NDJ9LFwidGltZVwiOjE2OTg2MzI0NDJ9In0.Ymkio2Owhcw8TesIIM-O_o0S8sySdoM1lSF7MtXcs1Y
best-usa3.sa.com/	1970-01-20 16:35:10	Name: _token Value: uuid_1lvqffr11qf88_1lvqffr11qf88653f12fa38b436.01515114
best-usa3.sa.com/	1970-01-20 15:51:12	Name: PHPREFS Value: full

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAIAAAD9iXMrAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAP9JREFUeNqMUTEORUAQZbIUalESpTNoVEqJSuIKjuMUCiRKnQt%E3%82%88%E3%81%97SRCKRp0JPJf/iYbv/iJKdZ47+3smxl533fpG9d1dV03z/O6rrqum6bpOI6iKJxl/DNNU5Zly7JIjzAMI4oiy7KQy6gHUZqm+FFVNQxDEEDKsjzPk4iSJAFCeA6VeIE4jm3bbtsWJ3Ig932DhYbBk3juOI6macZx3LYtCAIOgoWGwbgwlOc5T9BB3/cCh4bQnfQbruui2aqqBAINYQRPEYx7nlcUBTwIEBrC1aeOMVbX9TAMTxAaghXMSfofYKEhTBzDFKimab7v4xQ2wEIj87292seb/X4EGADicI/nlE5xDgAAAABJRU5ErkJggg== Message: Failed to load resource: net::ERR_INVALID_URL
network	error	URL: https://best-usa3.sa.com/lander/win/ai2.mp3 Message: Failed to load resource: the server responded with a status of 404 ()
intervention	error	URL: https://best-usa3.sa.com/ Message: Blocked attempt to show a 'beforeunload' confirmation panel for a frame that never had a user gesture since its load. https://www.chromestatus.com/feature/5082396709879808

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

best-usa3.sa.com
cdn.mouseflow.com
cdnstat.net
dl2.ultraviewer.net
ipwho.is
truncated
www.ultraviewer.net
truncated
103.126.138.87
157.230.246.25
172.67.176.240
2606:4700:3031::ac43:858e
2606:4700:3035::6815:df9
2606:4700::6812:1b32
68.183.86.211
0d65e0bb2b93943ac7a72d8f70bda4f8931d6d07c9731bf28dc1d895c1dc4edf
10227e9567b16fbf1d3ce7078ad5b13bbb677a339381dc5237ead113b4b5f5bb
1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115
31c6dbe9d867436244f38566adad57e3870f4c8489c6804280eb564bfac5c1bd
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
4c1606563842cce5f1788329d4417ae3618b33c6365c56a7122439b6ab45c977
4cbdd05d72f3f3aeafe26879dc8be7ff600386a8ee6f40b2389e0379ffa24c7a
517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c
5e0506e9f5736d25677b197cb223b3c6de29d52d06da4aa9a4b2006b28d5039a
783be7fe3c5776a2c8d09aa888ad397524ba6bb05dae9b44cb8e3f43f821ef9b
7df9f467d23ee1887edb2123cca10a1a9c4624cdcf7199c64e78a8430031f9f5
8a9361d452191ace184d1178492a2138f4107f98f0affb360367ed2d9760050c
93ab9ddc223156f5f4ba7ff8fc14a885e9b5946fc10917571022d7c2d9a08886
ab17a007419c5502fd7c8404e03c8bc13d8d66659478f7ace39fd3a0cd4d721a
afe332157f4efe355f3181284e99f4331c4d19703ed1678b5316d2933f95e98e
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
b67a7c07a045d7cb0f2e216a557aec0d99405e17c36d1a6b1ff3e2733aa35348
c59a3960888d96b3748601b9b77df171bafa3d53289ec4b8b6db3d474e9a39e1
c5a324f181af16879b6c4c52b731b23392f2816def159b157c4de620cff1cd41
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
e3092f8eb26e853251345ee04b982f91a1f8bc46628df46d93d2f958e6e5cf39
f6c1aaba2472531b8fc82fdaa9659b0a0fa556f80ab7e81e3f7ed2902fd3b845

best-usa3.sa.com Open in urlscan Pro 2606:4700:3035::6815:df9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Downloads These files were downloaded by the website

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

100 %HTTPS

43 %IPv6

6 Domains

7 Subdomains

6 IPs

3 Countries

272 kBTransfer

635 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

23 JavaScript Global Variables

4 Cookies

best-usa3.sa.com Open in urlscan Pro
2606:4700:3035::6815:df9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

43 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

272 kB
Transfer

635 kB
Size

4
Cookies

24 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!