urlscan.io logo urlscan.io
SecurityTrails logo

quatrefeuillepolonaise.xyz Open in urlscan Pro
34.196.13.28  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://itsbestnatural.xyz/WAFoRJyMcu
Effective URL: http://quatrefeuillepolonaise.xyz/?k=272a6b45cf5d5a9edfaf2513e93fa785.1595596667.778.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120
Submission: On July 24 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 4 countries across 6 domains to perform 4 HTTP transactions. The main IP is 34.196.13.28, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is quatrefeuillepolonaise.xyz.
This is the only time quatrefeuillepolonaise.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 8.210.219.134 45102 (CNNIC-ALI...)
1 1 212.32.250.31 60781 (LEASEWEB-...)
1 2 91.228.153.25 44066 (DE-FIRSTC...)
1 2a03:90c0:999... 199524 (GCORE)
1 1 40.118.239.198 8075 (MICROSOFT...)
2 34.196.13.28 14618 (AMAZON-AES)
4 3
1    8.210.219.134 (Singapore, Singapore)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
itsbestnatural.xyz
1    212.32.250.31 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
buy.itsbestnatural.xyz
2    91.228.153.25 (Frankfurt am Main, Germany)

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
PTR: dsde252-4.fornex.org
dsfffmb.mobi
1    2a03:90c0:9997::9997 (Germany)

ASN199524 (GCORE, AT)
dadbab.info
1    40.118.239.198 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.track4cr.com
2    34.196.13.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-13-28.compute-1.amazonaws.com
saltiersilurus.xyz
quatrefeuillepolonaise.xyz
Domain Requested by
2 dsfffmb.mobi 1 redirects
1 quatrefeuillepolonaise.xyz
1 saltiersilurus.xyz dsfffmb.mobi
1 www.track4cr.com 1 redirects
1 dadbab.info dsfffmb.mobi
1 buy.itsbestnatural.xyz 1 redirects
1 itsbestnatural.xyz 1 redirects
4 7

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://quatrefeuillepolonaise.xyz/?k=272a6b45cf5d5a9edfaf2513e93fa785.1595596667.778.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120
Frame ID: 3A722992F6D4919DBBA5B350F3436D50
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://itsbestnatural.xyz/WAFoRJyMcu HTTP 302
    http://buy.itsbestnatural.xyz/5e8cf86fa4580e00010777ea?pubid=%7Bpubid%7D HTTP 302
    http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=558... Page URL
  2. http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=558... HTTP 302
    http://www.track4cr.com/click.track?CID=426105&AFID=432697&AffiliateReferenceID=-7EBRQCgQAAAMP2gMKZg... HTTP 302
    http://saltiersilurus.xyz/ Page URL
  3. http://quatrefeuillepolonaise.xyz/?k=272a6b45cf5d5a9edfaf2513e93fa785.1595596667.778.2.1.c2FsdGllcnNpbHVydXMue... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

4
Requests

0 %
HTTPS

17 %
IPv6

6
Domains

7
Subdomains

3
IPs

4
Countries

16 kB
Transfer

31 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://itsbestnatural.xyz/WAFoRJyMcu HTTP 302
    http://buy.itsbestnatural.xyz/5e8cf86fa4580e00010777ea?pubid=%7Bpubid%7D HTTP 302
    http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901 Page URL
  2. http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901&fingerprint_=74910b49e6ea53267228083d4441d11d HTTP 302
    http://www.track4cr.com/click.track?CID=426105&AFID=432697&AffiliateReferenceID=-7EBRQCgQAAAMP2gMKZgJoMC4GA95FAAIPvd4aXxENGhENIhENQhENWgNQTAdubDF_YWRjb21ib_8xdkVyN0hMUQADaW4&SID=pid5d36eb203bd6158d4eab533424830c26&subid1={pixel_id} HTTP 302
    http://saltiersilurus.xyz/ Page URL
  3. http://quatrefeuillepolonaise.xyz/?k=272a6b45cf5d5a9edfaf2513e93fa785.1595596667.778.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://itsbestnatural.xyz/WAFoRJyMcu HTTP 302
  • http://buy.itsbestnatural.xyz/5e8cf86fa4580e00010777ea?pubid=%7Bpubid%7D HTTP 302
  • http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901
Request Chain 2
  • http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901&fingerprint_=74910b49e6ea53267228083d4441d11d HTTP 302
  • http://www.track4cr.com/click.track?CID=426105&AFID=432697&AffiliateReferenceID=-7EBRQCgQAAAMP2gMKZgJoMC4GA95FAAIPvd4aXxENGhENIhENQhENWgNQTAdubDF_YWRjb21ib_8xdkVyN0hMUQADaW4&SID=pid5d36eb203bd6158d4eab533424830c26&subid1={pixel_id} HTTP 302
  • http://saltiersilurus.xyz/

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
dsfffmb.mobi/
Redirect Chain
  • http://itsbestnatural.xyz/WAFoRJyMcu
  • http://buy.itsbestnatural.xyz/5e8cf86fa4580e00010777ea?pubid=%7Bpubid%7D
  • http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901
Protocol
HTTP/1.1
Server
91.228.153.25 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
dsde252-4.fornex.org
Software
openresty /
Resource Hash
5cffd0efa04cc91e6eaa0e4eb3618fb0f2404f56b658647981aa2e86af3f163b

Request headers

Host
dsfffmb.mobi
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
openresty
Date
Fri, 24 Jul 2020 13:14:36 GMT
Content-Type
text/html
Content-Length
1245
Connection
keep-alive
X-Node
slave-nl1
Referrer-Policy
unsafe-url
Cache-Control
private, no-transform,no-cache
X-Edge-Node
slave-nl1 dsde252

Redirect headers

Server
nginx
Date
Fri, 24 Jul 2020 13:14:35 GMT
Content-Type
text/html; charset=utf-8
Content-Length
171
Connection
keep-alive
Location
http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901
Set-Cookie
redhash=NWYxYWRlYmJmNDJkYWMwMDAxZmNkOTAxfDB8NWU4Y2Y4NmZhNDU4MGUwMDAxMDc3N2VhfHw0OGNkYjZkOS04YWY5LTRmMzktOTdkMS05OTM3N2NhZmJkZDl8MTU5NTU5NjQ3NQ==; Path=/; Domain=buy.itsbestnatural.xyz; Expires=Sat, 24 Jul 2021 13:14:35 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
fingerprint2.2.1.0.min.js
dadbab.info/content/!common_files/js/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://dadbab.info/content/!common_files/js/fingerprint2.2.1.0.min.js
Requested by
Host: dsfffmb.mobi
URL: http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901
Protocol
HTTP/1.1
Server
2a03:90c0:9997::9997 , Germany, ASN199524 (GCORE, AT),
Reverse DNS
Software
nginx /
Resource Hash
b6c65ab685234e744044e9b94c2a52db31b84c54ff3a00044aa188012ad61365

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-ID
cec-up-gc10
Date
Fri, 24 Jul 2020 13:14:36 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Cached-Since
2020-07-22T13:06:41+00:00
Connection
keep-alive
Pragma
public
Last-Modified
Thu, 16 Jan 2020 09:58:32 GMT
Server
nginx
ETag
W/"5e2033c8-73a6"
Vary
Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Cache
HIT
Expires
Fri, 24 Jul 2020 14:14:36 GMT
/
saltiersilurus.xyz/
Redirect Chain
  • http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901&fingerprint_=74910b49e6ea53267228083d4441d11d
  • http://www.track4cr.com/click.track?CID=426105&AFID=432697&AffiliateReferenceID=-7EBRQCgQAAAMP2gMKZgJoMC4GA95FAAIPvd4aXxENGhENIhENQhENWgNQTAdubDF_YWRjb21ib_8xdkVyN0hMUQADaW4&SID=pid5d36eb203bd6158d...
  • http://saltiersilurus.xyz/
932 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://saltiersilurus.xyz/
Requested by
Host: dsfffmb.mobi
URL: http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901
Protocol
HTTP/1.1
Server
34.196.13.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-13-28.compute-1.amazonaws.com
Software
nginx /
Resource Hash
41840d32493058905edd4fb9ee49dbf1f78f260be7bd08f815d126b32780c8ea
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Host
saltiersilurus.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://dsfffmb.mobi/?target=-7EBNQCgQAAAMP2gMKZgAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE&subpub=55823&sr=1&clickid=5f1adebbf42dac0001fcd901

Response headers

Server
nginx
Date
Fri, 24 Jul 2020 13:17:47 GMT
Content-Type
text/html
Content-Length
932
Connection
close
Expires
Mon, 31 Dec 2001 23:59:59 GMT
Pragma
no-cache
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
X-Content-Type-Options
nosniff

Redirect headers

Server
nginx
Date
Fri, 24 Jul 2020 13:14:37 GMT
Content-Type
text/html; charset=utf-8
Content-Length
142
Connection
keep-alive
Cache-Control
private
Location
http://saltiersilurus.xyz
P3P
policyref="/p3p/P3P.www.track4cr.com.xml", CP="NOI DSP COR NID ADM DEV OUR STP OTC"
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Primary Request Cookie set /
quatrefeuillepolonaise.xyz/ 		415 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://quatrefeuillepolonaise.xyz/?k=272a6b45cf5d5a9edfaf2513e93fa785.1595596667.778.2.1.c2FsdGllcnNpbHVydXMueHl6&r=&z=-120
Protocol
HTTP/1.1
Server
34.196.13.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-13-28.compute-1.amazonaws.com
Software
nginx /
Resource Hash
26c0b7bd93a6d20d75f9027c582602b42c8197536208422faf9e13a092f2709f

Request headers

Host
quatrefeuillepolonaise.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Fri, 24 Jul 2020 13:17:48 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
close
Set-Cookie
tpp_u=0%3B1595682878; expires=Sun, 26-Jul-2020 13:14:38 GMT; path=/ tpp_6546459_l=16%3B1595682878; expires=Sun, 26-Jul-2020 13:14:38 GMT; path=/ tpp_ov=102652%3B1595682878; expires=Sun, 26-Jul-2020 13:14:38 GMT; path=/ tpp_ov=102652%2C102907%3B1595682878; expires=Sun, 26-Jul-2020 13:14:38 GMT; path=/ tpp_ov=102652%2C102907%2C102970%3B1595682878; expires=Sun, 26-Jul-2020 13:14:38 GMT; path=/ tpp_oc=102970%3B1595682878; expires=Sun, 26-Jul-2020 13:14:38 GMT; path=/
Expires
Mon, 31 Dec 2001 23:59:59 GMT
Pragma
no-cache

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Domain/Path Name / Value
quatrefeuillepolonaise.xyz/ Name: tpp_oc
Value: 102970%3B1595682878
quatrefeuillepolonaise.xyz/ Name: tpp_ov
Value: 102652%2C102907%2C102970%3B1595682878
quatrefeuillepolonaise.xyz/ Name: tpp_6546459_l
Value: 16%3B1595682878
quatrefeuillepolonaise.xyz/ Name: tpp_u
Value: 0%3B1595682878