un.01ofr.dvvg.xyz Open in urlscan Pro
140.82.20.65 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://un.01ofr.dvvg.xyz/
Effective URL:
https://un.01ofr.dvvg.xyz/
Submission: On January 06 via manual (January 6th 2020, 8:50:16 pm UTC) from US

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 11 HTTP transactions. The main IP is 140.82.20.65, located in Los Angeles, United States and belongs to AS-CHOOPA - Choopa, LLC, US. The main domain is un.01ofr.dvvg.xyz.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 4th 2020. Valid for: 3 months.

This is the only time un.01ofr.dvvg.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	140.82.20.65 140.82.20.65	20473 (AS-CHOOPA) (AS-CHOOPA - Choopa)
2	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	198.143.165.220 198.143.165.220	32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC)
2	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
5 5	213.227.156.21 213.227.156.21	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 5	2606:4700:e0:... 2606:4700:e0::ac40:6510	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2606:4700:e4:... 2606:4700:e4::ac40:ac24	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
11	6

2 140.82.20.65 (Los Angeles, United States) 1 redirects

ASN20473 (AS-CHOOPA - Choopa, LLC, US)
PTR: 140.82.20.65.vultr.com

un.01ofr.dvvg.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.143.165.220 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: server04.com-2.mobi

free.mobtv.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.227.156.21 (Netherlands) 5 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

q-mobi.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:e0::ac40:6510 (United States) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

premiumtraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e4::ac40:ac24 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

casualchief.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	premiumtraff.com 2 redirects premiumtraff.com	427 B
5	go2affise.com 5 redirects q-mobi.go2affise.com	996 B
2	casualchief.com casualchief.com
2	google-analytics.com www.google-analytics.com	18 KB
2	googletagmanager.com www.googletagmanager.com	50 KB
2	dvvg.xyz 1 redirects un.01ofr.dvvg.xyz	2 KB
1	mobtv.club free.mobtv.club	1 KB
11	7

	Domain	Requested by
5	premiumtraff.com	2 redirects un.01ofr.dvvg.xyz
5	q-mobi.go2affise.com	5 redirects
2	casualchief.com	un.01ofr.dvvg.xyz
2	www.google-analytics.com	www.googletagmanager.com un.01ofr.dvvg.xyz
2	www.googletagmanager.com	un.01ofr.dvvg.xyz
2	un.01ofr.dvvg.xyz	1 redirects
1	free.mobtv.club	un.01ofr.dvvg.xyz
11	7

This site contains no links.

Subject Issuer	Validity	Valid
un.01ofr.dvvg.xyz Let's Encrypt Authority X3	`2020-01-04` - `2020-04-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
free.mobtv.club Let's Encrypt Authority X3	`2019-12-20` - `2020-03-19`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-12-30` - `2020-10-09`	9 months	crt.sh

This page contains 6 frames:

Primary Page: https://un.01ofr.dvvg.xyz/
Frame ID: A4BA26E063CFCCFFA37DF57C1E7F6166
Requests: 6 HTTP requests in this frame

Frame: https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76af7c0a00010d23f8&source=106&sub2=
Frame ID: E7ECA5AA859419853CA48B0398ADF310
Requests: 1 HTTP requests in this frame

Frame: https://casualchief.com/landing.php?visitor_id=5e139d76af7c0a00010d23f9&tk=356531333964373661663763306130303031306432336639&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZhZjdjMGEwMDAxMGQyM2Y5JnNvdXJjZT0xMDYmc3ViMj0=
Frame ID: 72B53CF530A668496DE11D4A56F93498
Requests: 1 HTTP requests in this frame

Frame: https://casualchief.com/landing.php?visitor_id=5e139d76d8e1050001ee9ff5&tk=356531333964373664386531303530303031656539666635&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZkOGUxMDUwMDAxZWU5ZmY1JnNvdXJjZT0xMDYmc3ViMj0=
Frame ID: 871E91D469E80807932EBB32FB78E44C
Requests: 1 HTTP requests in this frame

Frame: https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76d8e1050001c1b888&source=106&sub2=
Frame ID: F30953158D9C2D8BD9314ACC9CBD39B7
Requests: 1 HTTP requests in this frame

Frame: https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76283c680001afe7bf&source=106&sub2=
Frame ID: F0B261C003E3D4CE5B916FE9AE73A07A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://un.01ofr.dvvg.xyz/ HTTP 301
https://un.01ofr.dvvg.xyz/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i

Page Statistics

11
Requests

100 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

70 kB
Transfer

182 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://un.01ofr.dvvg.xyz/ HTTP 301
https://un.01ofr.dvvg.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429527 HTTP 302
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76af7c0a00010d23f8&source=106&sub2=

Request Chain 6

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429528 HTTP 302
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76af7c0a00010d23f9&source=106&sub2= HTTP 302
https://casualchief.com/landing.php?visitor_id=5e139d76af7c0a00010d23f9&tk=356531333964373661663763306130303031306432336639&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZhZjdjMGEwMDAxMGQyM2Y5JnNvdXJjZT0xMDYmc3ViMj0=

Request Chain 7

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429529 HTTP 302
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76d8e1050001ee9ff5&source=106&sub2= HTTP 302
https://casualchief.com/landing.php?visitor_id=5e139d76d8e1050001ee9ff5&tk=356531333964373664386531303530303031656539666635&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZkOGUxMDUwMDAxZWU5ZmY1JnNvdXJjZT0xMDYmc3ViMj0=

Request Chain 8

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429530 HTTP 302
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76d8e1050001c1b888&source=106&sub2=

Request Chain 9

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429531 HTTP 302
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76283c680001afe7bf&source=106&sub2=

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
un.01ofr.dvvg.xyz/
Redirect Chain

http://un.01ofr.dvvg.xyz/
https://un.01ofr.dvvg.xyz/

3 KB
2 KB

484ms
160ms

Document
text/html

140.82.20.65
Choopa

General

Check archive.org

Show headers Download Go to

Full URL: https://un.01ofr.dvvg.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 140.82.20.65 Los Angeles, United States, ASN20473 (AS-CHOOPA - Choopa, LLC, US),
Reverse DNS: 140.82.20.65.vultr.com
Software: nginx /
Resource Hash: 275fb56bb640f9a5659856872b1fff86c003dc3651d668d5a1efdeb75e2ffd9f

Request headers

Host: un.01ofr.dvvg.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Server: nginx
Date: Mon, 06 Jan 2020 20:49:57 GMT
Content-Type: text/html
Last-Modified: Sat, 04 Jan 2020 06:14:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5e102d3c-da5"
Expires: Wed, 05 Feb 2020 20:49:57 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Mon, 06 Jan 2020 20:49:55 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://un.01ofr.dvvg.xyz/

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 73 KB
27 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:81a::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-79593305-6

Requested by

Host: un.01ofr.dvvg.xyz
URL: https://un.01ofr.dvvg.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e1a82cf4bd349594abf5a2139c72cfa07fc2e4c7805f8b989a3a6e5b176cc2ce

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://un.01ofr.dvvg.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Mon, 06 Jan 2020 20:49:58 GMT
content-encoding: br
last-modified: Mon, 06 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27814
x-xss-protection: 0
expires: Mon, 06 Jan 2020 20:49:58 GMT

GET
H2 200 pub.min.js Show response
free.mobtv.club/js/ 1 KB
1 KB 353ms
113ms Script
application/javascript 198.143.165.220
SingleHop LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://free.mobtv.club/js/pub.min.js

Requested by

Host: un.01ofr.dvvg.xyz
URL: https://un.01ofr.dvvg.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

198.143.165.220 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx /

Resource Hash

9ea791072baeb5784e2781f93763cd3e5aee3e0b385e0a8b6f394ca869eedaa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://un.01ofr.dvvg.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Mon, 06 Jan 2020 20:49:58 GMT
content-encoding: gzip
last-modified: Tue, 26 Nov 2019 13:53:11 GMT
server: nginx
etag: "5ddd2e47-32b"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
content-length: 811
expires: Tue, 07 Jan 2020 20:49:58 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 61 KB
22 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:81a::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NW7TN7T

Requested by

Host: un.01ofr.dvvg.xyz
URL: https://un.01ofr.dvvg.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1eae9d78d672a83f673bf2005423daf7c26537f7b0a3ce825f20cf9cbd179ce2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://un.01ofr.dvvg.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Mon, 06 Jan 2020 20:49:58 GMT
content-encoding: br
last-modified: Mon, 06 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 22914
x-xss-protection: 0
expires: Mon, 06 Jan 2020 20:49:58 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-79593305-6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://un.01ofr.dvvg.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 4304
date: Mon, 06 Jan 2020 19:38:14 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 06 Jan 2020 21:38:14 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=118921659&t=pageview&_s=1&dl=https%3A%2F%2Fun.01ofr.dvvg.xyz%2F&ul=en-us&de=UTF-8&dt=Prize&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=807091982&gjid=489841748&cid=1718781975.1578343798&tid=UA-79593305-6&_gid=1007356282.1578343798&_r=1&gtm=2ouc61&z=1387099853

Requested by

Host: un.01ofr.dvvg.xyz
URL: https://un.01ofr.dvvg.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://un.01ofr.dvvg.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jan 2020 20:49:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

26507508e8ef6715c0b
premiumtraff.com/d/ Frame E7EC
Redirect Chain

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429527
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76af7c0a00010d23f8&source=106&sub2=

0
0

152ms
64ms

Document
text/html

2606:4700:e0::ac40:6510
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76af7c0a00010d23f8&source=106&sub2=
Requested by: Host: un.01ofr.dvvg.xyz
URL: https://un.01ofr.dvvg.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6510 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: premiumtraff.com
:scheme: https
:path: /d/26507508e8ef6715c0b?sub=5e139d76af7c0a00010d23f8&source=106&sub2=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://un.01ofr.dvvg.xyz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://un.01ofr.dvvg.xyz/

Response headers

status: 200
date: Mon, 06 Jan 2020 20:49:58 GMT
content-type: text/html
set-cookie: __cfduid=d24c1f1dc6f9bec4bae4483773d3dcbf01578343798; expires=Wed, 05-Feb-20 20:49:58 GMT; path=/; domain=.premiumtraff.com; HttpOnly; SameSite=Lax
last-modified: Tue, 20 Aug 2019 14:25:16 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 55108fc6c908dab8-ARN
content-encoding: br

Redirect headers

status: 302
server: nginx
date: Mon, 06 Jan 2020 20:49:58 GMT
content-type: text/html; charset=utf-8
content-length: 123
location: https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76af7c0a00010d23f8&source=106&sub2=
set-cookie: afclick=5e139d76af7c0a00010d23f8; Expires=Tue, 05 Jan 2021 20:49:58 GMT

GET
H2

200

landing.php
casualchief.com/ Frame 72B5
Redirect Chain

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429528
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76af7c0a00010d23f9&source=106&sub2=
https://casualchief.com/landing.php?visitor_id=5e139d76af7c0a00010d23f9&tk=356531333964373661663763306130303031306432336639&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZhZjdjMGEwMDAxMGQyM2Y5J...

0
0

122ms
71ms

Document
text/html

2606:4700:e4::ac40:ac24
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://casualchief.com/landing.php?visitor_id=5e139d76af7c0a00010d23f9&tk=356531333964373661663763306130303031306432336639&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZhZjdjMGEwMDAxMGQyM2Y5JnNvdXJjZT0xMDYmc3ViMj0=
Requested by: Host: un.01ofr.dvvg.xyz
URL: https://un.01ofr.dvvg.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:ac24 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / PHP/7.3.13
Resource Hash

Request headers

:method: GET
:authority: casualchief.com
:scheme: https
:path: /landing.php?visitor_id=5e139d76af7c0a00010d23f9&tk=356531333964373661663763306130303031306432336639&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZhZjdjMGEwMDAxMGQyM2Y5JnNvdXJjZT0xMDYmc3ViMj0=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://un.01ofr.dvvg.xyz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://un.01ofr.dvvg.xyz/

Response headers

status: 200
date: Mon, 06 Jan 2020 20:49:59 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d86ac12ba7b5caea3b9be416cc89905e91578343799; expires=Wed, 05-Feb-20 20:49:59 GMT; path=/; domain=.casualchief.com; HttpOnly; SameSite=Lax; Secure
x-powered-by: PHP/7.3.13
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 55108fc7ecd386bf-ARN
content-encoding: br

Redirect headers

status: 302
date: Mon, 06 Jan 2020 20:49:58 GMT
content-length: 0
set-cookie: __cfduid=d24c1f1dc6f9bec4bae4483773d3dcbf01578343798; expires=Wed, 05-Feb-20 20:49:58 GMT; path=/; domain=.premiumtraff.com; HttpOnly; SameSite=Lax
cache-control: no-cache
location: https://casualchief.com/landing.php?visitor_id=5e139d76af7c0a00010d23f9&tk=356531333964373661663763306130303031306432336639&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZhZjdjMGEwMDAxMGQyM2Y5JnNvdXJjZT0xMDYmc3ViMj0=
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 55108fc6c905dab8-ARN

GET
H2

200

landing.php
casualchief.com/ Frame 871E
Redirect Chain

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429529
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76d8e1050001ee9ff5&source=106&sub2=
https://casualchief.com/landing.php?visitor_id=5e139d76d8e1050001ee9ff5&tk=356531333964373664386531303530303031656539666635&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZkOGUxMDUwMDAxZWU5ZmY1J...

0
0

174ms
72ms

Document
text/html

2606:4700:e4::ac40:ac24
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://casualchief.com/landing.php?visitor_id=5e139d76d8e1050001ee9ff5&tk=356531333964373664386531303530303031656539666635&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZkOGUxMDUwMDAxZWU5ZmY1JnNvdXJjZT0xMDYmc3ViMj0=
Requested by: Host: un.01ofr.dvvg.xyz
URL: https://un.01ofr.dvvg.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:ac24 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / PHP/7.3.13
Resource Hash

Request headers

:method: GET
:authority: casualchief.com
:scheme: https
:path: /landing.php?visitor_id=5e139d76d8e1050001ee9ff5&tk=356531333964373664386531303530303031656539666635&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZkOGUxMDUwMDAxZWU5ZmY1JnNvdXJjZT0xMDYmc3ViMj0=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://un.01ofr.dvvg.xyz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://un.01ofr.dvvg.xyz/

Response headers

status: 200
date: Mon, 06 Jan 2020 20:49:59 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d86ac12ba7b5caea3b9be416cc89905e91578343799; expires=Wed, 05-Feb-20 20:49:59 GMT; path=/; domain=.casualchief.com; HttpOnly; SameSite=Lax; Secure
x-powered-by: PHP/7.3.13
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 55108fc7eccf86bf-ARN
content-encoding: br

Redirect headers

status: 302
date: Mon, 06 Jan 2020 20:49:58 GMT
content-length: 0
set-cookie: __cfduid=d24c1f1dc6f9bec4bae4483773d3dcbf01578343798; expires=Wed, 05-Feb-20 20:49:58 GMT; path=/; domain=.premiumtraff.com; HttpOnly; SameSite=Lax
cache-control: no-cache
location: https://casualchief.com/landing.php?visitor_id=5e139d76d8e1050001ee9ff5&tk=356531333964373664386531303530303031656539666635&url=L2QvMjY1MDc1MDhlOGVmNjcxNWMwYj9zdWI9NWUxMzlkNzZkOGUxMDUwMDAxZWU5ZmY1JnNvdXJjZT0xMDYmc3ViMj0=
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 55108fc6c913dab8-ARN

GET
H2

200

26507508e8ef6715c0b
premiumtraff.com/d/ Frame F309
Redirect Chain

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429530
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76d8e1050001c1b888&source=106&sub2=

0
0

150ms
64ms

Document
text/html

2606:4700:e0::ac40:6510
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76d8e1050001c1b888&source=106&sub2=
Requested by: Host: un.01ofr.dvvg.xyz
URL: https://un.01ofr.dvvg.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6510 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: premiumtraff.com
:scheme: https
:path: /d/26507508e8ef6715c0b?sub=5e139d76d8e1050001c1b888&source=106&sub2=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://un.01ofr.dvvg.xyz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://un.01ofr.dvvg.xyz/

Response headers

status: 200
date: Mon, 06 Jan 2020 20:49:58 GMT
content-type: text/html
set-cookie: __cfduid=d24c1f1dc6f9bec4bae4483773d3dcbf01578343798; expires=Wed, 05-Feb-20 20:49:58 GMT; path=/; domain=.premiumtraff.com; HttpOnly; SameSite=Lax
last-modified: Tue, 20 Aug 2019 14:25:18 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 55108fc6c90fdab8-ARN
content-encoding: br

Redirect headers

status: 302
server: nginx
date: Mon, 06 Jan 2020 20:49:58 GMT
content-type: text/html; charset=utf-8
content-length: 123
location: https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76d8e1050001c1b888&source=106&sub2=
set-cookie: afclick=5e139d76d8e1050001c1b888; Expires=Tue, 05 Jan 2021 20:49:58 GMT

GET
H2

200

26507508e8ef6715c0b
premiumtraff.com/d/ Frame F0B2
Redirect Chain

https://q-mobi.go2affise.com/click?pid=106&offer_id=2429531
https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76283c680001afe7bf&source=106&sub2=

0
0

179ms
93ms

Document
text/html

2606:4700:e0::ac40:6510
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76283c680001afe7bf&source=106&sub2=
Requested by: Host: un.01ofr.dvvg.xyz
URL: https://un.01ofr.dvvg.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6510 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: premiumtraff.com
:scheme: https
:path: /d/26507508e8ef6715c0b?sub=5e139d76283c680001afe7bf&source=106&sub2=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://un.01ofr.dvvg.xyz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://un.01ofr.dvvg.xyz/

Response headers

status: 200
date: Mon, 06 Jan 2020 20:49:58 GMT
content-type: text/html
set-cookie: __cfduid=d24c1f1dc6f9bec4bae4483773d3dcbf01578343798; expires=Wed, 05-Feb-20 20:49:58 GMT; path=/; domain=.premiumtraff.com; HttpOnly; SameSite=Lax
last-modified: Tue, 20 Aug 2019 14:25:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 55108fc6c90ddab8-ARN
content-encoding: br

Redirect headers

status: 302
server: nginx
date: Mon, 06 Jan 2020 20:49:58 GMT
content-type: text/html; charset=utf-8
content-length: 123
location: https://premiumtraff.com/d/26507508e8ef6715c0b?sub=5e139d76283c680001afe7bf&source=106&sub2=
set-cookie: afclick=5e139d76283c680001afe7bf; Expires=Tue, 05 Jan 2021 20:49:58 GMT

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dvvg.xyz/	1970-01-19 06:25:43	Name: _gat_gtag_UA_79593305_6 Value: 1
.dvvg.xyz/	1970-01-19 06:27:10	Name: _gid Value: GA1.2.1007356282.1578343798
.dvvg.xyz/	1970-01-19 23:56:55	Name: _ga Value: GA1.2.1718781975.1578343798

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

casualchief.com
free.mobtv.club
premiumtraff.com
q-mobi.go2affise.com
un.01ofr.dvvg.xyz
www.google-analytics.com
www.googletagmanager.com
140.82.20.65
198.143.165.220
213.227.156.21
2606:4700:e0::ac40:6510
2606:4700:e4::ac40:ac24
2a00:1450:4001:81a::2008
2a00:1450:4001:821::200e
1eae9d78d672a83f673bf2005423daf7c26537f7b0a3ce825f20cf9cbd179ce2
275fb56bb640f9a5659856872b1fff86c003dc3651d668d5a1efdeb75e2ffd9f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9ea791072baeb5784e2781f93763cd3e5aee3e0b385e0a8b6f394ca869eedaa9
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e1a82cf4bd349594abf5a2139c72cfa07fc2e4c7805f8b989a3a6e5b176cc2ce

un.01ofr.dvvg.xyz Open in urlscan Pro 140.82.20.65 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

57 %IPv6

7 Domains

7 Subdomains

6 IPs

3 Countries

70 kBTransfer

182 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

3 Cookies

Indicators

un.01ofr.dvvg.xyz Open in urlscan Pro
140.82.20.65 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

70 kB
Transfer

182 kB
Size

3
Cookies

11 HTTP transactions
0 data transactions