iwkafp.com Open in urlscan Pro
185.56.234.205 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmX...
Effective URL:
https://iwkafp.com/video-15?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDQsInNyYyI6Mn0=eyJ&si1=&si2=
Submission: On October 07 via manual (October 7th 2022, 10:33:37 am UTC) from IN — Scanned from AU

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 10 HTTP transactions. The main IP is 185.56.234.205, located in Netherlands and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is iwkafp.com.
TLS certificate: Issued by R3 on September 22nd 2022. Valid for: 3 months.

This is the only time iwkafp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	23.106.127.149 23.106.127.149	59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.)
4	23.106.127.145 23.106.127.145	59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.)
1	185.177.93.28 185.177.93.28	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 2	185.56.234.205 185.56.234.205	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
10	5

4 23.106.127.149 (Singapore, Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)

mt34iofvjay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.106.127.145 (Singapore, Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)

bg4nxu2u5t.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.177.93.28 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-93-28.ah-server.com

video-watch1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.56.234.205 (Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

iwkafp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	bg4nxu2u5t.com bg4nxu2u5t.com — Cisco Umbrella Rank: 43618	19 KB
4	mt34iofvjay.com mt34iofvjay.com — Cisco Umbrella Rank: 551444	20 KB
2	iwkafp.com 1 redirects iwkafp.com	58 KB
1	video-watch1.com video-watch1.com	65 KB
10	4

	Domain	Requested by
4	bg4nxu2u5t.com	mt34iofvjay.com bg4nxu2u5t.com
4	mt34iofvjay.com	mt34iofvjay.com
2	iwkafp.com	1 redirects mt34iofvjay.com
1	video-watch1.com	bg4nxu2u5t.com
10	4

This site contains no links.

Subject Issuer	Validity	Valid
mt34iofvjay.com ZeroSSL RSA Domain Secure Site CA	`2022-10-01` - `2022-12-30`	3 months	crt.sh
bg4nxu2u5t.com ZeroSSL RSA Domain Secure Site CA	`2022-09-19` - `2022-12-18`	3 months	crt.sh
3.18plus-online.com R3	`2022-09-07` - `2022-12-06`	3 months	crt.sh
iwkafp.com R3	`2022-09-22` - `2022-12-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://iwkafp.com/video-15?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDQsInNyYyI6Mn0=eyJ&si1=&si2=
Frame ID: 410AE4285828C4DCE21A53F7E6ED1773
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b16441... Page URL
https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc18... Page URL
https://bg4nxu2u5t.com/1833069/?domain=highmaidfhr.com&test_id=23_au Page URL
https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=94ecd57ace7d42a2922d5ce6813a2dbb1665146009&psp=w2S2... Page URL
https://video-watch1.com/?p=mm3gcmlege5gi3bpgq3dimy&sub1=1833069&sub2=win10&sub3=chrome&sub4=en Page URL
https://iwkafp.com/gosl/InNpZCI6MTE1OTA2OCwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwODA0MDQs?si1=&si2= HTTP 302
https://iwkafp.com/video-15?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDQsInNyYyI6Mn0=... Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

162 kB
Transfer

295 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ== Page URL
https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=881&rlp=%5B0%2C6.1000001430511475%2C389.09999990463257%2C195.90000009536743%2C2.4000000953674316%2C854.7000002861023%2C457.5%2C262.30000019073486%5D Page URL
https://bg4nxu2u5t.com/1833069/?domain=highmaidfhr.com&test_id=23_au Page URL
https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=94ecd57ace7d42a2922d5ce6813a2dbb1665146009&psp=w2S2sytABDyvNlOBdL4wH42pqMCKO8YluBZIycQ17ZNPUjSPrAZWL6eSm7Z9dAb498jPAuwubiDMfsYyvN0tl6YAFqpHHBNzCjZ0W8vrZ4I3ey42dglp1mwRDNMz8SoJVTGbga8A_3oEnjIQwTsFBkZA147fBccqo12aPM9rhPl-bbe_1p_GxYmkjTRsvJOstyMmPfugohkTPvAniXGSE3WBYB-8Niwr0EnOXgpOiO8WPGHvdXci9pIXCX77e9qfEwSKUa_AhGERF2gFIEUgZ0XSsaST_IqvyE9GIXhFIIYt-HGr9MHyipJQkkE634wcj6rJSAsdWuqZVEgVcV0jw7r9Y1Y0wxQNn13HMoF-ywz1ERiN0hcX_nWkECJl-DZabeiQxXjk4W9xs8vg5-vtpiU_SL_qEeLRHlWD5X9d_VCJIrmPKysloFJJLJvNhPJg6-eLBcwgX_sqoDTZRYNpIrZY4tIyd8KffwnQjMaVLobt7m3jAwGQAh5xlZiQDwMmQ2MkiLCSCnU=&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=884&rlp=%5B0%2C7%2C391.10000014305115%2C197%2C2.700000047683716%2C862.9000000953674%2C463.2000000476837%2C264.5%5D Page URL
https://video-watch1.com/?p=mm3gcmlege5gi3bpgq3dimy&sub1=1833069&sub2=win10&sub3=chrome&sub4=en Page URL
https://iwkafp.com/gosl/InNpZCI6MTE1OTA2OCwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwODA0MDQs?si1=&si2= HTTP 302
https://iwkafp.com/video-15?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDQsInNyYyI6Mn0=eyJ&si1=&si2= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 gtm.js Show response
mt34iofvjay.com/ 2 KB
2 KB 590ms
195ms Document
text/html 23.106.127.149
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.149 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash: 2abbe51c43c9a2005910a6498e6486bc1c64b04a476ce64080354569b6ba4479

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 10:33:28 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-route-id: check.sumbit.script

GET
H2 200 submit.min.js Show response
mt34iofvjay.com/ 32 KB
14 KB 261ms
260ms Script
application/javascript 23.106.127.149
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://mt34iofvjay.com/submit.min.js?abvar=
Requested by: Host: mt34iofvjay.com
URL: https://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.149 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash: 4325411e81968f88f7c00a9aa210e89c2bc748fb95c5c84d1eea6c4e6ce7d2d8

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 10:33:28 GMT
content-encoding: gzip
last-modified: Wed, 05 Oct 2022 14:13:52 GMT
server: nginx
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
x-js-ab: current
etag: W/"633d9120-81cf"
vary: Accept-Encoding
content-type: application/javascript
timing-allow-origin: *

GET
H2 200 ga-audiences
mt34iofvjay.com/ 6 KB
3 KB 197ms
197ms Document
text/html 23.106.127.149
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=881&rlp=%5B0%2C6.1000001430511475%2C389.09999990463257%2C195.90000009536743%2C2.4000000953674316%2C854.7000002861023%2C457.5%2C262.30000019073486%5D
Requested by: Host: mt34iofvjay.com
URL: https://mt34iofvjay.com/submit.min.js?abvar=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.149 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 10:33:29 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-route-id: redirect.script

GET
H2 200 / Show response
bg4nxu2u5t.com/1833069/ 1 KB
2 KB 597ms
198ms Document
text/html 23.106.127.145
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://bg4nxu2u5t.com/1833069/?domain=highmaidfhr.com&test_id=23_au
Requested by: Host: mt34iofvjay.com
URL: https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=881&rlp=%5B0%2C6.1000001430511475%2C389.09999990463257%2C195.90000009536743%2C2.4000000953674316%2C854.7000002861023%2C457.5%2C262.30000019073486%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.145 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash: 2f1342e1de7c604ce80037291d956db15cf34e74c8d048c7d448ce58ff31ba1b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 10:33:29 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-route-id: check.sumbit.dl

POST
H2 200 dupa.gif
mt34iofvjay.com/ 43 B
620 B 196ms
195ms Ping
image/gif 23.106.127.149
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://mt34iofvjay.com/dupa.gif?z=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=anoO3mt-HmVitgg3keYsdmFt6_ojEkekU0Q0bd2nIc1Y_jc52tNntUbnKqnAVckBjDpCOL7y15ir-NZVUg38WlZnLUAeCqTUWTzKpmdv_CKPt9M5kyodqaXetb_33j37zGPGuz6RoZYkEwjAB72oAsbeqRAjJbUDpS1_N5PLFUx7UNx_2N1cOlJ9inAQKobutYaC-TZ1Fy4SnxTn2qzEP436i-gM3ytWCfamVFYMPLVj1_3-s8NlB-ePNQx3ImiqgTXB6Xyj6qJEixmsizEshgPC-k1bqRsocxTH-tF4AUUOky8jBSG1B7LbdZMjSBXALdHLmlgdgdcKoBhrCEQklYTv9c4aZk6yI1xyq52MPLTVYuTqyFafXOBta1xXxnbBa9sOuGV-QMkhStnjJLfelOckJLfcfblj7zoQtbQ-wA8cvM0aDXOwW4G8QG2rFDIbhvdLpD54xXOoNK_YQnnkJD4couRUv0XCOBfbhfAlnGvSOFhniXA5oo3xxWjTYdEMU4k0ams4uNk2xqLwYvmfG7GgDhdi2HqcvRXVdVT4piVph4sFLlCTn324ECtt0My7XCfgFgrlqrM9Ix9VSR5mrmqGvFSpVriYfVj9w-AiErnTH2kn0woayzx5J8eXoufdOKUFR3rQn0Duj-HDaAUYosEk&abvar=0&pload=218&rlp=%5B0%2C0%2C0%2C0%2C-198.10000014305115%2C-0.5%2C-1.5%2C0%5D
Requested by: Host: mt34iofvjay.com
URL: https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=881&rlp=%5B0%2C6.1000001430511475%2C389.09999990463257%2C195.90000009536743%2C2.4000000953674316%2C854.7000002861023%2C457.5%2C262.30000019073486%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.149 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 10:33:29 GMT
x-route-id: stats.redirect-pixel
server: nginx
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
timing-allow-origin: *
content-length: 43
content-type: image/gif

GET
H2 200 submit.min.js Show response
bg4nxu2u5t.com/ 32 KB
14 KB 263ms
263ms Script
application/javascript 23.106.127.145
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://bg4nxu2u5t.com/submit.min.js?abvar=
Requested by: Host: bg4nxu2u5t.com
URL: https://bg4nxu2u5t.com/1833069/?domain=highmaidfhr.com&test_id=23_au
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.145 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash: 4325411e81968f88f7c00a9aa210e89c2bc748fb95c5c84d1eea6c4e6ce7d2d8

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 10:33:29 GMT
content-encoding: gzip
last-modified: Wed, 05 Oct 2022 14:13:52 GMT
server: nginx
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
x-js-ab: current
etag: W/"633d9120-81cf"
vary: Accept-Encoding
content-type: application/javascript
timing-allow-origin: *

GET
H2 200 /
bg4nxu2u5t.com/ 6 KB
3 KB 204ms
203ms Document
text/html 23.106.127.145
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=94ecd57ace7d42a2922d5ce6813a2dbb1665146009&psp=w2S2sytABDyvNlOBdL4wH42pqMCKO8YluBZIycQ17ZNPUjSPrAZWL6eSm7Z9dAb498jPAuwubiDMfsYyvN0tl6YAFqpHHBNzCjZ0W8vrZ4I3ey42dglp1mwRDNMz8SoJVTGbga8A_3oEnjIQwTsFBkZA147fBccqo12aPM9rhPl-bbe_1p_GxYmkjTRsvJOstyMmPfugohkTPvAniXGSE3WBYB-8Niwr0EnOXgpOiO8WPGHvdXci9pIXCX77e9qfEwSKUa_AhGERF2gFIEUgZ0XSsaST_IqvyE9GIXhFIIYt-HGr9MHyipJQkkE634wcj6rJSAsdWuqZVEgVcV0jw7r9Y1Y0wxQNn13HMoF-ywz1ERiN0hcX_nWkECJl-DZabeiQxXjk4W9xs8vg5-vtpiU_SL_qEeLRHlWD5X9d_VCJIrmPKysloFJJLJvNhPJg6-eLBcwgX_sqoDTZRYNpIrZY4tIyd8KffwnQjMaVLobt7m3jAwGQAh5xlZiQDwMmQ2MkiLCSCnU=&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=884&rlp=%5B0%2C7%2C391.10000014305115%2C197%2C2.700000047683716%2C862.9000000953674%2C463.2000000476837%2C264.5%5D
Requested by: Host: bg4nxu2u5t.com
URL: https://bg4nxu2u5t.com/submit.min.js?abvar=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.145 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 10:33:30 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-route-id: redirect.dl

GET
H2 200 / Show response
video-watch1.com/ 64 KB
65 KB 1366ms
391ms Document
text/html 185.177.93.28
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://video-watch1.com/?p=mm3gcmlege5gi3bpgq3dimy&sub1=1833069&sub2=win10&sub3=chrome&sub4=en

Requested by

Host: bg4nxu2u5t.com
URL: https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=94ecd57ace7d42a2922d5ce6813a2dbb1665146009&psp=w2S2sytABDyvNlOBdL4wH42pqMCKO8YluBZIycQ17ZNPUjSPrAZWL6eSm7Z9dAb498jPAuwubiDMfsYyvN0tl6YAFqpHHBNzCjZ0W8vrZ4I3ey42dglp1mwRDNMz8SoJVTGbga8A_3oEnjIQwTsFBkZA147fBccqo12aPM9rhPl-bbe_1p_GxYmkjTRsvJOstyMmPfugohkTPvAniXGSE3WBYB-8Niwr0EnOXgpOiO8WPGHvdXci9pIXCX77e9qfEwSKUa_AhGERF2gFIEUgZ0XSsaST_IqvyE9GIXhFIIYt-HGr9MHyipJQkkE634wcj6rJSAsdWuqZVEgVcV0jw7r9Y1Y0wxQNn13HMoF-ywz1ERiN0hcX_nWkECJl-DZabeiQxXjk4W9xs8vg5-vtpiU_SL_qEeLRHlWD5X9d_VCJIrmPKysloFJJLJvNhPJg6-eLBcwgX_sqoDTZRYNpIrZY4tIyd8KffwnQjMaVLobt7m3jAwGQAh5xlZiQDwMmQ2MkiLCSCnU=&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=884&rlp=%5B0%2C7%2C391.10000014305115%2C197%2C2.700000047683716%2C862.9000000953674%2C463.2000000476837%2C264.5%5D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.177.93.28 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

ip-185-177-93-28.ah-server.com

Software

nginx /

Resource Hash

80918e58600c063db2adbac37615bcdbcd98cd5d47771a31c8fecaff90d85264

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 07 Oct 2022 10:33:29 GMT
server: nginx
strict-transport-security: max-age=31536000

POST
H2 200 dupa.gif
bg4nxu2u5t.com/ 43 B
620 B 197ms
196ms Ping
image/gif 23.106.127.145
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://bg4nxu2u5t.com/dupa.gif?z=1833069&pb=94ecd57ace7d42a2922d5ce6813a2dbb1665146009&psp=w3eOclVBU4D8sW5CM6DdznCV7Gijp0kd6bwXIADeyulfhoxQfTiVjBSF1ehWjiOwYuWeAVdFY3eAiNgiPPky8t4aiT34h0Kr4G3cB2VRqNr7B-GTonb_QlubRoDhEKAbIfPL-mKy-evyEyitWqnmERhnOGReGeHGoowWZT1OsE860PdhJv34strkxdV4wdZg3-mVzJcgUR6uOv-Geel2eJOnrvR4u6-k_uTUVvxeMNNyxa9IYPZoUaMgnkjitpPopgXmDwz6LcxJnscHVuZgx8soF3xsPqcsSFZycg29y-9t24sjfc01QwEj3dGCGC4kuhZCsB2j9XQi-Cl74CMAnv4GUH85-Quje658zbDhx6vCVH1OqNw67NgAzzm5fKlclfjb4n7SL7OyME6o8XK2V1MGbbQc70nzCyES7d5yNsvWR0KA7tlCW2x-TKF_bFcJfRrIDgGQi9ZWRDdkkpbeBsylHaMq4sLxnT8JE-5T4FI52AXfCIIeNJRRCrqQcoAPkMoTm2_woSsb&abvar=0&pload=216&rlp=%5B0%2C0%2C0%2C0%2C-204.40000009536743%2C-0.40000009536743164%2C-1.4000000953674316%2C0%5D
Requested by: Host: bg4nxu2u5t.com
URL: https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=94ecd57ace7d42a2922d5ce6813a2dbb1665146009&psp=w2S2sytABDyvNlOBdL4wH42pqMCKO8YluBZIycQ17ZNPUjSPrAZWL6eSm7Z9dAb498jPAuwubiDMfsYyvN0tl6YAFqpHHBNzCjZ0W8vrZ4I3ey42dglp1mwRDNMz8SoJVTGbga8A_3oEnjIQwTsFBkZA147fBccqo12aPM9rhPl-bbe_1p_GxYmkjTRsvJOstyMmPfugohkTPvAniXGSE3WBYB-8Niwr0EnOXgpOiO8WPGHvdXci9pIXCX77e9qfEwSKUa_AhGERF2gFIEUgZ0XSsaST_IqvyE9GIXhFIIYt-HGr9MHyipJQkkE634wcj6rJSAsdWuqZVEgVcV0jw7r9Y1Y0wxQNn13HMoF-ywz1ERiN0hcX_nWkECJl-DZabeiQxXjk4W9xs8vg5-vtpiU_SL_qEeLRHlWD5X9d_VCJIrmPKysloFJJLJvNhPJg6-eLBcwgX_sqoDTZRYNpIrZY4tIyd8KffwnQjMaVLobt7m3jAwGQAh5xlZiQDwMmQ2MkiLCSCnU=&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=884&rlp=%5B0%2C7%2C391.10000014305115%2C197%2C2.700000047683716%2C862.9000000953674%2C463.2000000476837%2C264.5%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.145 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 10:33:30 GMT
x-route-id: stats.redirect-pixel
server: nginx
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
timing-allow-origin: *
content-length: 43
content-type: image/gif

GET
DATA 200
OK truncated
/ 20 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2

200

Primary Request video-15 Show response
iwkafp.com/
Redirect Chain

https://iwkafp.com/gosl/InNpZCI6MTE1OTA2OCwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwODA0MDQs?si1=&si2=
https://iwkafp.com/video-15?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDQsInNyYyI6Mn0=eyJ&si1=&si2=

87 KB
58 KB

390ms
390ms

Document
text/html

185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://iwkafp.com/video-15?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDQsInNyYyI6Mn0=eyJ&si1=&si2=
Requested by: Host: mt34iofvjay.com
URL: https://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: 53d67cdf19cdabe77ddac18fc5dcc4dc2798ae586168f89ccd8b9cf6681ff301

Request headers

Referer: https://video-watch1.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 07 Oct 2022 10:33:35 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu

Redirect headers

cache-control: no-cache
content-type: text/html; charset=UTF-8
date: Fri, 07 Oct 2022 10:33:35 GMT
location: https://iwkafp.com/video-15?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDQsInNyYyI6Mn0=eyJ&si1=&si2=
max-age: 0
server: nginx/1.21.1
x-zone: eu

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54b4f19a4532959f66174b66fe3f1c5d71d9af8cbf597997bc16136b922c695d

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 42 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c5a14bbfcf886f1c5ad1f6aa0b252b5fd0ff1289a8bf5eafb7e0e9b0aae5875

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/jpeg

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
mt34iofvjay.com/	1970-01-20 15:17:54	Name: UID Value: 22100705331aedf9b852d74eacba048bd95c
mt34iofvjay.com/	1970-01-20 07:15:30	Name: OACCAP Value: ABsllgAAAAAAAAAB
mt34iofvjay.com/	1970-01-20 07:15:30	Name: OACBLOCK Value: ABsllgAAAABjP7JQ
mt34iofvjay.com/	1970-01-20 06:33:45	Name: OXCCLK Value: ABsllgAAAAAAAAAB
mt34iofvjay.com/	1970-01-20 06:33:45	Name: OXPCLK Value: AAIY0gAAAAAAAAAB
mt34iofvjay.com/	1970-01-20 06:33:45	Name: ppucnt Value: 1
bg4nxu2u5t.com/	1970-01-20 15:17:54	Name: UID Value: 22100705336bb9e84e0f524ca9840e8b8a43
bg4nxu2u5t.com/	1970-01-20 07:15:30	Name: OACCAP Value: ACHxbQAAAAAAAAAB
bg4nxu2u5t.com/	1970-01-20 07:15:30	Name: OACBLOCK Value: ACHxbQAAAABjPmDQ
bg4nxu2u5t.com/	1970-01-20 07:15:30	Name: OAZCCAP Value: ABv4bQAAAAAAAAAB
bg4nxu2u5t.com/	1970-01-20 07:15:30	Name: OAZCBLOCK Value: ABv4bQAAAABjP%2Fig
bg4nxu2u5t.com/	1970-01-20 06:33:45	Name: OXCCLK Value: ACHxbQAAAAAAAAAB
bg4nxu2u5t.com/	1970-01-20 06:33:45	Name: OXPCLK Value: AAISpAAAAAAAAAAB
bg4nxu2u5t.com/	1970-01-20 06:33:45	Name: ppucnt Value: 1
.video-watch1.com/	1970-01-20 07:15:30	Name: uuid Value: 81b7bfb9-955b-4dec-a9b8-f5a6326718ed
.iwkafp.com/	1970-01-20 06:33:45	Name: truniq Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bg4nxu2u5t.com
iwkafp.com
mt34iofvjay.com
video-watch1.com
185.177.93.28
185.56.234.205
23.106.127.145
23.106.127.149
1c5a14bbfcf886f1c5ad1f6aa0b252b5fd0ff1289a8bf5eafb7e0e9b0aae5875
2abbe51c43c9a2005910a6498e6486bc1c64b04a476ce64080354569b6ba4479
2f1342e1de7c604ce80037291d956db15cf34e74c8d048c7d448ce58ff31ba1b
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93
4325411e81968f88f7c00a9aa210e89c2bc748fb95c5c84d1eea6c4e6ce7d2d8
53d67cdf19cdabe77ddac18fc5dcc4dc2798ae586168f89ccd8b9cf6681ff301
54b4f19a4532959f66174b66fe3f1c5d71d9af8cbf597997bc16136b922c695d
80918e58600c063db2adbac37615bcdbcd98cd5d47771a31c8fecaff90d85264

iwkafp.com Open in urlscan Pro 185.56.234.205 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

162 kBTransfer

295 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

16 Cookies

Indicators

iwkafp.com Open in urlscan Pro
185.56.234.205 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

162 kB
Transfer

295 kB
Size

16
Cookies

10 HTTP transactions
3 data transactions