www.stagealliance.com Open in urlscan Pro
69.195.104.104 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://event.infantstudio.com/s.php
Effective URL:
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA...
Submission: On December 16 via manual (December 16th 2018, 11:16:15 pm UTC) from AU

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 5 countries across 10 domains to perform 13 HTTP transactions. The main IP is 69.195.104.104, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is www.stagealliance.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 12th 2018. Valid for: 3 months.

This is the only time www.stagealliance.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	78.128.76.232 78.128.76.232	31083 (TELEPOINT) (TELEPOINT)
1 1	54.83.52.76 54.83.52.76	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	162.243.13.150 162.243.13.150	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1 1	45.55.102.36 45.55.102.36	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1 1	111.118.215.98 111.118.215.98	394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY - PDR)
1	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	191.6.202.87 191.6.202.87	28299 (IPV6 Inte...) (IPV6 Internet Ltda)
3 13	69.195.104.104 69.195.104.104	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	162.255.166.231 162.255.166.231	26094 (26094) (26094 - TierPoint)
13	4

1 78.128.76.232 (Bulgaria) 1 redirects

ASN31083 (TELEPOINT, BG)
PTR: s90.customizedhosting.net

event.infantstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.83.52.76 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-83-52-76.compute-1.amazonaws.com

bit.do	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.243.13.150 (New York, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

ctt.ac	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.55.102.36 (New York, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

clicktotweet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 111.118.215.98 (India) 1 redirects

ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US)
PTR: bh-in-16.webhostbox.net

raincaretarpaulin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 191.6.202.87 (Brazil) 1 redirects

ASN28299 (IPV6 Internet Ltda, BR)
PTR: web1615.kinghost.net

fmtour.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 69.195.104.104 (Provo, United States) 3 redirects

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 69-195-104-104.unifiedlayer.com

www.stagealliance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.255.166.231 (Baltimore, United States)

ASN26094 (26094 - TierPoint, LLC, US)
PTR: host.myzfaf.com

www.tareqah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	stagealliance.com 3 redirects www.stagealliance.com	197 KB
1	tareqah.com www.tareqah.com	22 KB
1	googleapis.com ajax.googleapis.com	33 KB
1	fmtour.com.br 1 redirects fmtour.com.br	297 B
1	google.fr www.google.fr	1 KB
1	raincaretarpaulin.com 1 redirects raincaretarpaulin.com	562 B
1	clicktotweet.com 1 redirects clicktotweet.com	441 B
1	ctt.ac 1 redirects ctt.ac	214 B
1	bit.do 1 redirects bit.do	221 B
1	infantstudio.com 1 redirects event.infantstudio.com	89 B
13	10

	Domain	Requested by
13	www.stagealliance.com	3 redirects www.google.fr www.stagealliance.com ajax.googleapis.com
1	www.tareqah.com	www.stagealliance.com
1	ajax.googleapis.com	www.stagealliance.com
1	fmtour.com.br	1 redirects
1	www.google.fr
1	raincaretarpaulin.com	1 redirects
1	clicktotweet.com	1 redirects
1	ctt.ac	1 redirects
1	bit.do	1 redirects
1	event.infantstudio.com	1 redirects
13	10

This site contains no links.

Subject Issuer	Validity	Valid
*.google.com Google Internet Authority G3	`2018-11-27` - `2019-02-19`	3 months	crt.sh
stagealliance.com Let's Encrypt Authority X3	`2018-11-12` - `2019-02-10`	3 months	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-11-27` - `2019-02-19`	3 months	crt.sh
tareqah.com cPanel, Inc. Certification Authority	`2018-10-01` - `2018-12-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
Frame ID: 3639CC8BC239E5CC02916A7614D0A924
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://event.infantstudio.com/s.php HTTP 302
https://bit.do/eDfjc HTTP 301
https://ctt.ac/68H8O+ HTTP 301
https://clicktotweet.com/68H8O+ HTTP 302
http://raincaretarpaulin.com/wp-content/ HTTP 302
https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=2ahUKEwitl7HFsZT... Page URL
http://fmtour.com.br/intercambio.php HTTP 302
https://www.stagealliance.com/Login/Login/ HTTP 302
https://www.stagealliance.com/Login/Login/newdir.php HTTP 302
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0 HTTP 301
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/ Page URL
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germ... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Google Web Server (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /gws/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

13
Requests

100 %
HTTPS

20 %
IPv6

10
Domains

10
Subdomains

4
IPs

5
Countries

252 kB
Transfer

443 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://event.infantstudio.com/s.php HTTP 302
https://bit.do/eDfjc HTTP 301
https://ctt.ac/68H8O+ HTTP 301
https://clicktotweet.com/68H8O+ HTTP 302
http://raincaretarpaulin.com/wp-content/ HTTP 302
https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=2ahUKEwitl7HFsZTfAhUGa1AKHa7iCmYQFjACegQIBRAB&url=http%3A%2F%2Ffmtour.com.br%2Fintercambio.php&usg=AOvVaw0rbD8tR2syfK9rt192kOLx Page URL
http://fmtour.com.br/intercambio.php HTTP 302
https://www.stagealliance.com/Login/Login/ HTTP 302
https://www.stagealliance.com/Login/Login/newdir.php HTTP 302
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0 HTTP 301
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/ Page URL
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://event.infantstudio.com/s.php HTTP 302
https://bit.do/eDfjc HTTP 301
https://ctt.ac/68H8O+ HTTP 301
https://clicktotweet.com/68H8O+ HTTP 302
http://raincaretarpaulin.com/wp-content/ HTTP 302
https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=2ahUKEwitl7HFsZTfAhUGa1AKHa7iCmYQFjACegQIBRAB&url=http%3A%2F%2Ffmtour.com.br%2Fintercambio.php&usg=AOvVaw0rbD8tR2syfK9rt192kOLx

Request Chain 1

http://fmtour.com.br/intercambio.php HTTP 302
https://www.stagealliance.com/Login/Login/ HTTP 302
https://www.stagealliance.com/Login/Login/newdir.php HTTP 302
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0 HTTP 301
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

url
www.google.fr/
Redirect Chain

https://event.infantstudio.com/s.php
https://bit.do/eDfjc
https://ctt.ac/68H8O+
https://clicktotweet.com/68H8O+
http://raincaretarpaulin.com/wp-content/
https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=2ahUKEwitl7HFsZTfAhUGa1AKHa7iCmYQFjACegQIBRAB&url=http%3A%2F%2Ffmtour.com.br%2Fintercambio.php&usg=AOvVaw0rbD8tR2sy...

924 B
1 KB

72ms
34ms

Document
text/html

2a00:1450:4001:820::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=2ahUKEwitl7HFsZTfAhUGa1AKHa7iCmYQFjACegQIBRAB&url=http%3A%2F%2Ffmtour.com.br%2Fintercambio.php&usg=AOvVaw0rbD8tR2syfK9rt192kOLx

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

gws /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.fr
:scheme: https
:path: /url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=2ahUKEwitl7HFsZTfAhUGa1AKHa7iCmYQFjACegQIBRAB&url=http%3A%2F%2Ffmtour.com.br%2Fintercambio.php&usg=AOvVaw0rbD8tR2syfK9rt192kOLx
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Sun, 16 Dec 2018 23:15:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 478
x-xss-protection: 1; mode=block
set-cookie: NID=150=aAzEegs4DLBthiYkvCX7a4_ga_JP7SABpnQmF6Dgf9aIncOcsfbmiwY_vXRDCfOOm1YpEuswOx90UprSQ7CsBXxl7hNw5JUU3v6g7GCuL6k5riUpYuhTJU2xqCl0LUlFF80ABwfr1PrR4fsWgVV2jDwnNSlR6G1GAkywhDJvtaY; expires=Mon, 17-Jun-2019 23:15:54 GMT; path=/; domain=.google.fr; HttpOnly CONSENT=WP.274a9b; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.fr
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

Redirect headers

Date: Sun, 16 Dec 2018 23:15:53 GMT
Server: Apache/2.4.33 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4 Phusion_Passenger/5.1.12
X-Powered-By: PHP/5.4.45
Upgrade: h2,h2c
Connection: Upgrade
Location: https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=2ahUKEwitl7HFsZTfAhUGa1AKHa7iCmYQFjACegQIBRAB&url=http%3A%2F%2Ffmtour.com.br%2Fintercambio.php&usg=AOvVaw0rbD8tR2syfK9rt192kOLx
Cache-Control: max-age=2592000
Expires: Tue, 15 Jan 2019 23:15:53 GMT
Content-Length: 0
Content-Type: text/html

GET
H2

200

/
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/
Redirect Chain

http://fmtour.com.br/intercambio.php
https://www.stagealliance.com/Login/Login/
https://www.stagealliance.com/Login/Login/newdir.php
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0
https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/

454 B
590 B

321ms
321ms

Document
text/html

69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/
Requested by: Host: www.google.fr
URL: https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=2ahUKEwitl7HFsZTfAhUGa1AKHa7iCmYQFjACegQIBRAB&url=http%3A%2F%2Ffmtour.com.br%2Fintercambio.php&usg=AOvVaw0rbD8tR2syfK9rt192kOLx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash

Request headers

:method: GET
:authority: www.stagealliance.com
:scheme: https
:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.google.fr/
accept-encoding: gzip, deflate, br
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.google.fr/

Response headers

status: 200
server: nginx/1.14.1
date: Sun, 16 Dec 2018 23:16:00 GMT
content-type: text/html
content-length: 386
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip

Redirect headers

status: 301
server: nginx/1.14.1
date: Sun, 16 Dec 2018 23:16:00 GMT
content-type: text/html; charset=iso-8859-1
content-length: 355
location: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/

GET
H2 200 Primary Request Up-dating.php Show response
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/ 6 KB
3 KB 339ms
338ms Document
text/html 69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash: 4fb221fcfcf1d501869471e901812917792c72e0c06e80cf4c69f837164e595c

Request headers

:method: GET
:authority: www.stagealliance.com
:scheme: https
:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/
accept-encoding: gzip, deflate, br
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/

Response headers

status: 200
server: nginx/1.14.1
date: Sun, 16 Dec 2018 23:16:00 GMT
content-type: text/html
content-length: 2666
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
33 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:80b::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: www.stagealliance.com
URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:80b::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 07 Dec 2018 13:54:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 811263
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 33951
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2019 13:54:57 GMT

GET
H2 200 jquery.maskedinput.js Show response
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/ 10 KB
3 KB 207ms
206ms Script
text/javascript 69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/jquery.maskedinput.js
Requested by: Host: www.stagealliance.com
URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash: c75ef4ed711014b31fe4cc01e7b96ee7723d2fe8b77c7158f45a885f1a15d4ad

Request headers

:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/jquery.maskedinput.js
pragma: no-cache
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.stagealliance.com
referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
:scheme: https
:method: GET
Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 16 Dec 2018 23:16:00 GMT
content-encoding: gzip
last-modified: Sun, 16 Dec 2018 23:15:59 GMT
server: nginx/1.14.1
vary: Accept-Encoding
content-type: text/javascript
status: 200
accept-ranges: bytes
content-length: 3030

GET
H2 200 appSuperBowl.css
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/ 146 KB
30 KB 389ms
387ms Stylesheet
text/css 69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
Requested by: Host: www.stagealliance.com
URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash: 6247b6a4adbefb7ccfbea592140bcda2651689db5427726d841a637814460865

Request headers

:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
pragma: no-cache
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.stagealliance.com
referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
:scheme: https
:method: GET
Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 16 Dec 2018 23:16:00 GMT
content-encoding: gzip
last-modified: Sun, 16 Dec 2018 23:15:59 GMT
server: nginx/1.14.1
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 30898

GET
H/1.1 200
OK PayPal.jpg
www.tareqah.com/wp-content/uploads/2016/01/ 22 KB
22 KB 869ms
104ms Image
image/jpeg 162.255.166.231
TierPoint

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tareqah.com/wp-content/uploads/2016/01/PayPal.jpg
Requested by: Host: www.stagealliance.com
URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.255.166.231 Baltimore, United States, ASN26094 (26094 - TierPoint, LLC, US),
Reverse DNS: host.myzfaf.com
Software: Apache /
Resource Hash: 3a75802864b6345f937eed84384680f0ace2da77962fbc60cf41d7d18e0ae880

Request headers

Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/Up-dating.php?country.x=DE-Germany&ACCT.x=ID-PPL=PA3245.254.16.86=ScrPg=a0c6cf9996c18e7d16d4e0f8981ad52392bad2ef0e2f1d452a8af0c5636a7d07S=$1$hnf.k1fI$lUnNFENEBplSX8rzPMxGP1fG4lymZuUEbzsdN5pABXqoW2riTKjQgk3cCOLY0Dh1tPnxHSwMvF6Ie89RJ7VadO6ewQ1WpDUXyfAPJtFsxb9uKVqCNHi4zgTZ75rMYklELn28ShR0aGIjBvmoc32975565694
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Dec 2018 23:16:01 GMT
Referrer-Policy
Last-Modified: Sun, 17 Sep 2017 15:51:45 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 22258

GET
H2 404 bck.jpeg
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/ 8 KB
8 KB 1730ms
1730ms Image
text/html 69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/bck.jpeg
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash: cbd1d3f91c78a3a90784e4b2fe90b69c528e84bd312ccdc46e663874fb960878

Request headers

:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/bck.jpeg
pragma: no-cache
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.stagealliance.com
referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
:scheme: https
:method: GET
Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 16 Dec 2018 23:16:02 GMT
content-encoding: gzip
server: nginx/1.14.1
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.stagealliance.com/wp-json/>; rel="https://api.w.org/"
content-length: 2843
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 lg.svg
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/ 5 KB
2 KB 402ms
401ms Image
image/svg+xml 69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/lg.svg
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash: e35c57fad02017983d4261c8d65697ec8b312a2a19127cb93f92d1eca6408015

Request headers

:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/lg.svg
pragma: no-cache
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.stagealliance.com
referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
:scheme: https
:method: GET
Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 16 Dec 2018 23:16:01 GMT
content-encoding: gzip
last-modified: Sun, 16 Dec 2018 23:15:59 GMT
server: nginx/1.14.1
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes
content-length: 2119

GET
H2 200 scs.png
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/ 28 KB
28 KB 402ms
402ms Image
image/png 69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/scs.png
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash: 6cfdeac3ea88a45d99b7336b28d5b4554654c042377950e80a4129847c3e548a

Request headers

:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/scs.png
pragma: no-cache
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.stagealliance.com
referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
:scheme: https
:method: GET
Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 16 Dec 2018 23:16:01 GMT
content-encoding: gzip
last-modified: Sun, 16 Dec 2018 23:15:59 GMT
server: nginx/1.14.1
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 28518

GET
H2 200 psr.woff
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/ 46 KB
46 KB 219ms
219ms Font
application/octet-stream 69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/psr.woff
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash: ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Request headers

:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/psr.woff
pragma: no-cache
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
origin: https://www.stagealliance.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.stagealliance.com
referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
Origin: https://www.stagealliance.com

Response headers

date: Sun, 16 Dec 2018 23:16:01 GMT
content-encoding: gzip
last-modified: Sun, 16 Dec 2018 23:15:59 GMT
server: nginx/1.14.1
vary: Accept-Encoding
content-type: text/plain
status: 200
accept-ranges: bytes
content-length: 47336

GET
H2 200 lgerr.png
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/ 7 KB
7 KB 399ms
399ms Image
image/png 69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/lgerr.png
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash: ec8b6a9543b7a8ade619dfa1e7b3e143a7394b8722aa36571b85f04a88869ad9

Request headers

:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/lgerr.png
pragma: no-cache
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.stagealliance.com
referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
:scheme: https
:method: GET
Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 16 Dec 2018 23:16:01 GMT
content-encoding: gzip
last-modified: Sun, 16 Dec 2018 23:15:59 GMT
server: nginx/1.14.1
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 7051

GET
H2 200 scf.png
www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/ 68 KB
68 KB 398ms
398ms Image
image/png 69.195.104.104
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/scf.png
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.195.104.104 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 69-195-104-104.unifiedlayer.com
Software: nginx/1.14.1 /
Resource Hash: 94ffc263295036858354cea9af2d7f0e45e1a030e781edd1655727c4b0eb226c

Request headers

:path: /Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/scf.png
pragma: no-cache
cookie: PHPSESSID=toi6qer43anecf6d701l4o1sd2
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.stagealliance.com
referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
:scheme: https
:method: GET
Referer: https://www.stagealliance.com/Login/Login/1428402eee7b329d8f26b73dc7a117d0/imcs_files/appSuperBowl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 16 Dec 2018 23:16:01 GMT
content-encoding: gzip
last-modified: Sun, 16 Dec 2018 23:15:59 GMT
server: nginx/1.14.1
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.stagealliance.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: toi6qer43anecf6d701l4o1sd2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bit.do
clicktotweet.com
ctt.ac
event.infantstudio.com
fmtour.com.br
raincaretarpaulin.com
www.google.fr
www.stagealliance.com
www.tareqah.com
111.118.215.98
162.243.13.150
162.255.166.231
191.6.202.87
2a00:1450:4001:80b::200a
2a00:1450:4001:820::2003
45.55.102.36
54.83.52.76
69.195.104.104
78.128.76.232
3a75802864b6345f937eed84384680f0ace2da77962fbc60cf41d7d18e0ae880
4fb221fcfcf1d501869471e901812917792c72e0c06e80cf4c69f837164e595c
6247b6a4adbefb7ccfbea592140bcda2651689db5427726d841a637814460865
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6cfdeac3ea88a45d99b7336b28d5b4554654c042377950e80a4129847c3e548a
94ffc263295036858354cea9af2d7f0e45e1a030e781edd1655727c4b0eb226c
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
c75ef4ed711014b31fe4cc01e7b96ee7723d2fe8b77c7158f45a885f1a15d4ad
cbd1d3f91c78a3a90784e4b2fe90b69c528e84bd312ccdc46e663874fb960878
e35c57fad02017983d4261c8d65697ec8b312a2a19127cb93f92d1eca6408015
ec8b6a9543b7a8ade619dfa1e7b3e143a7394b8722aa36571b85f04a88869ad9

www.stagealliance.com Open in urlscan Pro 69.195.104.104 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

20 %IPv6

10 Domains

10 Subdomains

4 IPs

5 Countries

252 kBTransfer

443 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

www.stagealliance.com Open in urlscan Pro
69.195.104.104 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

20 %
IPv6

10
Domains

10
Subdomains

4
IPs

5
Countries

252 kB
Transfer

443 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!