iwkafp.com Open in urlscan Pro
185.56.234.205 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmX...
Effective URL:
https://iwkafp.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDMsInNyYyI6Mn0=eyJ&si1=&si2=
Submission: On October 07 via manual (October 7th 2022, 10:52:57 am UTC) from IN — Scanned from AU

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 10 HTTP transactions. The main IP is 185.56.234.205, located in Netherlands and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is iwkafp.com.
TLS certificate: Issued by R3 on September 22nd 2022. Valid for: 3 months.

This is the only time iwkafp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	23.106.127.148 23.106.127.148	59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.)
4	23.106.127.147 23.106.127.147	59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.)
1	185.177.93.28 185.177.93.28	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 2	185.56.234.205 185.56.234.205	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
10	5

4 23.106.127.148 (Singapore, Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)

mt34iofvjay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.106.127.147 (Singapore, Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)

bg4nxu2u5t.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.177.93.28 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-93-28.ah-server.com

video-watch1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.56.234.205 (Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

iwkafp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	bg4nxu2u5t.com bg4nxu2u5t.com — Cisco Umbrella Rank: 43618	19 KB
4	mt34iofvjay.com mt34iofvjay.com — Cisco Umbrella Rank: 551444	20 KB
2	iwkafp.com 1 redirects iwkafp.com	197 KB
1	video-watch1.com video-watch1.com	65 KB
10	4

	Domain	Requested by
4	bg4nxu2u5t.com	mt34iofvjay.com bg4nxu2u5t.com
4	mt34iofvjay.com	mt34iofvjay.com
2	iwkafp.com	1 redirects mt34iofvjay.com
1	video-watch1.com	bg4nxu2u5t.com
10	4

This site contains no links.

Subject Issuer	Validity	Valid
mt34iofvjay.com ZeroSSL RSA Domain Secure Site CA	`2022-10-01` - `2022-12-30`	3 months	crt.sh
bg4nxu2u5t.com ZeroSSL RSA Domain Secure Site CA	`2022-09-19` - `2022-12-18`	3 months	crt.sh
3.18plus-online.com R3	`2022-09-07` - `2022-12-06`	3 months	crt.sh
iwkafp.com R3	`2022-09-22` - `2022-12-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://iwkafp.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDMsInNyYyI6Mn0=eyJ&si1=&si2=
Frame ID: D5D0319EBACA858EBAD6AACB09943BB8
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b16441... Page URL
https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc18... Page URL
https://bg4nxu2u5t.com/1833069/?domain=highmaidfhr.com&test_id=23_au Page URL
https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=ee32beea4849cc253f0d240634bde61f1665147168&psp=6xfi... Page URL
https://video-watch1.com/?p=mm3gcmlege5gi3bpgq3dimy&sub1=1833069&sub2=win10&sub3=chrome&sub4=en Page URL
https://iwkafp.com/gosl/InNpZCI6MTE1OTA2OCwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwODA0MDQs?si1=&si2= HTTP 302
https://iwkafp.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDMsInNyYyI6Mn0=... Page URL

Page Statistics

10
Requests

80 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

302 kB
Transfer

613 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ== Page URL
https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&2&pload=640&rlp=%5B0%2C0.40000009536743164%2C195%2C0%2C28.59999990463257%2C617.7999997138977%2C420.59999990463257%2C223.59999990463257%5D Page URL
https://bg4nxu2u5t.com/1833069/?domain=highmaidfhr.com&test_id=23_au Page URL
https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=ee32beea4849cc253f0d240634bde61f1665147168&psp=6xfiM1mqsGPVpaw69Ht21NdEk1JmoyD5lyOefQzMJksGBtusUqqZaJYbenC5GTVgRXW7XE9_3PLBzPwbhkGg8a34wpx4Nh6-EqjyC58flr4eCbO2bcFulnG9d5i1n1Rsn7yqQTx_gGEUilWjNYW4-_ieMMBiZyBqHC_wBc3J2T7mC3N92RYMP8r7d5EHXXdvvn6e015eNsF9Lm9SlCr5cSxJllhh7B8J3XsbNkL7BEOcAT9jWLhJarMHxUgdIXfPpxWENwXUlYK5CBv3xtL35hO94MLh9YRlVkegn7SpG7DL7KIFKTWJ5-5Nrlaj8EEIfQeOjZ7NbpB1NFZo2kYKFjrxFcwZaTbmYTLJkYoPrO7BsDJzddQXFLIktuAUfzBkPxq7KelrxtziwY4es4hqtblkk1XeWoSbC4oA1tErGxu23Se0PHZxx8tQuoq0y_cdgzsZ3CIZyLdbzv5AKf895xjkIqVjJOQKZ69GruoMJqQcCrQL2YXtNLHOmqrh9KJHuZxBfeLWo4ht&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=870&rlp=%5B0%2C0.7000000476837158%2C389.10000014305115%2C196.20000004768372%2C2.0999999046325684%2C847.7999997138977%2C456.69999980926514%2C262.09999990463257%5D Page URL
https://video-watch1.com/?p=mm3gcmlege5gi3bpgq3dimy&sub1=1833069&sub2=win10&sub3=chrome&sub4=en Page URL
https://iwkafp.com/gosl/InNpZCI6MTE1OTA2OCwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwODA0MDQs?si1=&si2= HTTP 302
https://iwkafp.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDMsInNyYyI6Mn0=eyJ&si1=&si2= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK gtm.js Show response
mt34iofvjay.com/ 2 KB
2 KB 392ms
197ms Document
text/html 23.106.127.148
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: http://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==
Protocol: HTTP/1.1
Server: 23.106.127.148 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash: 4441909a855315b3b88bc259eba9a0eb9f3fadd48984232231d2bf38d18737d5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Accept-CH: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 07 Oct 2022 10:52:46 GMT
Server: nginx
Timing-Allow-Origin: *
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Route-Id: check.sumbit.script

GET
H/1.1 200
OK submit.min.js Show response
mt34iofvjay.com/ 32 KB
14 KB 196ms
196ms Script
application/javascript 23.106.127.148
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: http://mt34iofvjay.com/submit.min.js?abvar=
Requested by: Host: mt34iofvjay.com
URL: http://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==
Protocol: HTTP/1.1
Server: 23.106.127.148 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash: 4325411e81968f88f7c00a9aa210e89c2bc748fb95c5c84d1eea6c4e6ce7d2d8

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Fri, 07 Oct 2022 10:52:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Oct 2022 14:13:52 GMT
Server: nginx
Accept-CH: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-JS-AB: current
ETag: W/"633d9120-81cf"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Timing-Allow-Origin: *

GET
H2 200 ga-audiences
mt34iofvjay.com/ 6 KB
3 KB 588ms
196ms Document
text/html 23.106.127.148
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&2&pload=640&rlp=%5B0%2C0.40000009536743164%2C195%2C0%2C28.59999990463257%2C617.7999997138977%2C420.59999990463257%2C223.59999990463257%5D
Requested by: Host: mt34iofvjay.com
URL: http://mt34iofvjay.com/submit.min.js?abvar=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.148 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 10:52:47 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-route-id: redirect.script

GET
H2 200 / Show response
bg4nxu2u5t.com/1833069/ 1 KB
2 KB 584ms
194ms Document
text/html 23.106.127.147
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://bg4nxu2u5t.com/1833069/?domain=highmaidfhr.com&test_id=23_au
Requested by: Host: mt34iofvjay.com
URL: https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&2&pload=640&rlp=%5B0%2C0.40000009536743164%2C195%2C0%2C28.59999990463257%2C617.7999997138977%2C420.59999990463257%2C223.59999990463257%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.147 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash: 03eda212f52c5a0b3c8be31d18673b7d9e73108f2599e1c2bd0d4dfb51174fec

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 10:52:48 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-route-id: check.sumbit.dl

POST
H2 200 dupa.gif
mt34iofvjay.com/ 43 B
620 B 195ms
195ms Ping
image/gif 23.106.127.148
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://mt34iofvjay.com/dupa.gif?z=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=MJee1LJUBHpfuk1w5EX8Cvd1Gn84sKvrILSov-PPm8H8gKssdm-eD03fNGAELt_XlTT5-Osakyy4-8s7WuRuWpkjn4X7jxHXAGQKC4L0qGINsN34Lhr1vfQLXVAuTzobjJHYLLX9YFrO3055Afprf6NVWTh7YhcDe5eUFmiPMlTjH_qHnM9yFnTpuYvODHL8KQ9xIS4eEZBbkGV82MhWs68VNvIFAFpweMj6K9tdlcKOw4IoYzCDLbdTiiq-0qi13L0Vhk-rOPK9rQ7VLUEiwKYjbBtPvHzbeWWwIqDgAx3qhEMinMO3YERQ-GsBlZHaUxFTX5NqtWrLpnZ6-8Trtilta1RYvkVns4hBMYhw-h8WQENKHEnX6zGHzu0x_DTrR8TWjysayFQ3PnVLOQ95TuY35f2XnYd7epxFy0E7bxKgvEuz3vX8jhkNVXi1CjkYEh-rkrRSTjW5e86opAbI-__b7dDB9vxd7aYUO4PlSmwsP20eWNcy-SAyI0rVLOeGhNBZhKnNCTsFsmsj5fa4LLrQfPaPkIDHgBLOv9YaheN-U_IBJtJTd--wYdoBbjekES9I8ghP7ferrc8jj0xSP3pPjUwcL-H1Zty7U-EXoNNb5Dzb-2EtCIqAMk3MGJxmtSwHqPyHt8q2jU3EgGu9Tw8j&abvar=0&pload=612&rlp=%5B0%2C0%2C392.09999990463257%2C197.70000004768372%2C-589.3999998569489%2C-0.39999985694885254%2C-393.5%2C0%5D
Requested by: Host: mt34iofvjay.com
URL: https://mt34iofvjay.com/ga-audiences?cid=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&2&pload=640&rlp=%5B0%2C0.40000009536743164%2C195%2C0%2C28.59999990463257%2C617.7999997138977%2C420.59999990463257%2C223.59999990463257%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.148 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 10:52:47 GMT
x-route-id: stats.redirect-pixel
server: nginx
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
timing-allow-origin: *
content-length: 43
content-type: image/gif

GET
H2 200 submit.min.js Show response
bg4nxu2u5t.com/ 32 KB
14 KB 261ms
261ms Script
application/javascript 23.106.127.147
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://bg4nxu2u5t.com/submit.min.js?abvar=
Requested by: Host: bg4nxu2u5t.com
URL: https://bg4nxu2u5t.com/1833069/?domain=highmaidfhr.com&test_id=23_au
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.147 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash: 4325411e81968f88f7c00a9aa210e89c2bc748fb95c5c84d1eea6c4e6ce7d2d8

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 10:52:48 GMT
content-encoding: gzip
last-modified: Wed, 05 Oct 2022 14:13:52 GMT
server: nginx
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
x-js-ab: current
etag: W/"633d9120-81cf"
vary: Accept-Encoding
content-type: application/javascript
timing-allow-origin: *

GET
H2 200 /
bg4nxu2u5t.com/ 6 KB
3 KB 205ms
205ms Document
text/html 23.106.127.147
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=ee32beea4849cc253f0d240634bde61f1665147168&psp=6xfiM1mqsGPVpaw69Ht21NdEk1JmoyD5lyOefQzMJksGBtusUqqZaJYbenC5GTVgRXW7XE9_3PLBzPwbhkGg8a34wpx4Nh6-EqjyC58flr4eCbO2bcFulnG9d5i1n1Rsn7yqQTx_gGEUilWjNYW4-_ieMMBiZyBqHC_wBc3J2T7mC3N92RYMP8r7d5EHXXdvvn6e015eNsF9Lm9SlCr5cSxJllhh7B8J3XsbNkL7BEOcAT9jWLhJarMHxUgdIXfPpxWENwXUlYK5CBv3xtL35hO94MLh9YRlVkegn7SpG7DL7KIFKTWJ5-5Nrlaj8EEIfQeOjZ7NbpB1NFZo2kYKFjrxFcwZaTbmYTLJkYoPrO7BsDJzddQXFLIktuAUfzBkPxq7KelrxtziwY4es4hqtblkk1XeWoSbC4oA1tErGxu23Se0PHZxx8tQuoq0y_cdgzsZ3CIZyLdbzv5AKf895xjkIqVjJOQKZ69GruoMJqQcCrQL2YXtNLHOmqrh9KJHuZxBfeLWo4ht&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=870&rlp=%5B0%2C0.7000000476837158%2C389.10000014305115%2C196.20000004768372%2C2.0999999046325684%2C847.7999997138977%2C456.69999980926514%2C262.09999990463257%5D
Requested by: Host: bg4nxu2u5t.com
URL: https://bg4nxu2u5t.com/submit.min.js?abvar=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.147 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 10:52:48 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-route-id: redirect.dl

GET
H2 200 / Show response
video-watch1.com/ 64 KB
65 KB 1185ms
397ms Document
text/html 185.177.93.28
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://video-watch1.com/?p=mm3gcmlege5gi3bpgq3dimy&sub1=1833069&sub2=win10&sub3=chrome&sub4=en

Requested by

Host: bg4nxu2u5t.com
URL: https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=ee32beea4849cc253f0d240634bde61f1665147168&psp=6xfiM1mqsGPVpaw69Ht21NdEk1JmoyD5lyOefQzMJksGBtusUqqZaJYbenC5GTVgRXW7XE9_3PLBzPwbhkGg8a34wpx4Nh6-EqjyC58flr4eCbO2bcFulnG9d5i1n1Rsn7yqQTx_gGEUilWjNYW4-_ieMMBiZyBqHC_wBc3J2T7mC3N92RYMP8r7d5EHXXdvvn6e015eNsF9Lm9SlCr5cSxJllhh7B8J3XsbNkL7BEOcAT9jWLhJarMHxUgdIXfPpxWENwXUlYK5CBv3xtL35hO94MLh9YRlVkegn7SpG7DL7KIFKTWJ5-5Nrlaj8EEIfQeOjZ7NbpB1NFZo2kYKFjrxFcwZaTbmYTLJkYoPrO7BsDJzddQXFLIktuAUfzBkPxq7KelrxtziwY4es4hqtblkk1XeWoSbC4oA1tErGxu23Se0PHZxx8tQuoq0y_cdgzsZ3CIZyLdbzv5AKf895xjkIqVjJOQKZ69GruoMJqQcCrQL2YXtNLHOmqrh9KJHuZxBfeLWo4ht&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=870&rlp=%5B0%2C0.7000000476837158%2C389.10000014305115%2C196.20000004768372%2C2.0999999046325684%2C847.7999997138977%2C456.69999980926514%2C262.09999990463257%5D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.177.93.28 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

ip-185-177-93-28.ah-server.com

Software

nginx /

Resource Hash

2fef229e7569d85fd50aa47e27ebe17e1054b68238fb5617645d09bec22e9c75

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 07 Oct 2022 10:52:48 GMT
server: nginx
strict-transport-security: max-age=31536000

POST
H2 200 dupa.gif
bg4nxu2u5t.com/ 43 B
620 B 194ms
194ms Ping
image/gif 23.106.127.147
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to

Full URL: https://bg4nxu2u5t.com/dupa.gif?z=1833069&pb=ee32beea4849cc253f0d240634bde61f1665147168&psp=22wmQ-XHeTY5HPKqk61ajH6K2oPf3KiL475fHOy2HL-iWUFQ2S9foEss1FX0W_q1UVuXVCBnD3lVLNBCX4foY0O5682EkhPtRHpxTavGGt5348gnTFTECv2HpZWXztw_z-7QDG60ZcFiptekKVEXV4veF4vQWesCTCRYNknnmsQaZiSb9SO9e_otEUUHVyX4whaMwVWAYuM_Z4TQhMyQuHCOJhpjP3-nqUhFQDEXvfsuA4Oz5sJFXhhH2nWGF_D7l_pGvrJdeSsm3p07o7z8A4A22RAuhPH4o5OGCX0svZV73guEMHJVEc2xvQwRMYqeX-XHqXL5P2tcjTn1V9rTpv8N5GruplQQra20rD7-HRgImEHEXIUlOUO-ZVdRUm-pcUexhpytTEpBPkXr8eDC9D4RoFzGydFsSog3ZWTubfnRNtwAF19ViZNz_n5igbd-TKbHT_Epzh3SGA-05Ys0c2Byq7svUHiYKa_qMwdNaZs1VmSsqo2MPlrYz-j42LeKy4p8W2v3eq0=&abvar=0&pload=219&rlp=%5B0%2C0%2C0%2C0%2C-206%2C-0.39999985694885254%2C-1.3999998569488525%2C0%5D
Requested by: Host: bg4nxu2u5t.com
URL: https://bg4nxu2u5t.com/?r=dir&zoneid=1833069&pb=ee32beea4849cc253f0d240634bde61f1665147168&psp=6xfiM1mqsGPVpaw69Ht21NdEk1JmoyD5lyOefQzMJksGBtusUqqZaJYbenC5GTVgRXW7XE9_3PLBzPwbhkGg8a34wpx4Nh6-EqjyC58flr4eCbO2bcFulnG9d5i1n1Rsn7yqQTx_gGEUilWjNYW4-_ieMMBiZyBqHC_wBc3J2T7mC3N92RYMP8r7d5EHXXdvvn6e015eNsF9Lm9SlCr5cSxJllhh7B8J3XsbNkL7BEOcAT9jWLhJarMHxUgdIXfPpxWENwXUlYK5CBv3xtL35hO94MLh9YRlVkegn7SpG7DL7KIFKTWJ5-5Nrlaj8EEIfQeOjZ7NbpB1NFZo2kYKFjrxFcwZaTbmYTLJkYoPrO7BsDJzddQXFLIktuAUfzBkPxq7KelrxtziwY4es4hqtblkk1XeWoSbC4oA1tErGxu23Se0PHZxx8tQuoq0y_cdgzsZ3CIZyLdbzv5AKf895xjkIqVjJOQKZ69GruoMJqQcCrQL2YXtNLHOmqrh9KJHuZxBfeLWo4ht&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=870&rlp=%5B0%2C0.7000000476837158%2C389.10000014305115%2C196.20000004768372%2C2.0999999046325684%2C847.7999997138977%2C456.69999980926514%2C262.09999990463257%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.147 Singapore, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 10:52:48 GMT
x-route-id: stats.redirect-pixel
server: nginx
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
timing-allow-origin: *
content-length: 43
content-type: image/gif

GET
DATA 200
OK truncated
/ 20 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2

200

Primary Request video-14 Show response
iwkafp.com/
Redirect Chain

https://iwkafp.com/gosl/InNpZCI6MTE1OTA2OCwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwODA0MDQs?si1=&si2=
https://iwkafp.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDMsInNyYyI6Mn0=eyJ&si1=&si2=

270 KB
197 KB

399ms
399ms

Document
text/html

185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://iwkafp.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDMsInNyYyI6Mn0=eyJ&si1=&si2=
Requested by: Host: mt34iofvjay.com
URL: http://mt34iofvjay.com/gtm.js?id=1881113&pid=_cb-1881113_1&pb=64f66c98979c1e3999177513bcdc183b1644116922&psp=F3veNCwgmXiEZLN7Cgc8KVYl284zIqgS6E2L6hDCMWLsssuYWB9RNfVAOFv5X1an8DFjQEel-fttg7bhjVaiGlLkWoiydmBeePtZMpELF-eqxCyY14A0xzyV5lsuZt3PIF3kUoUL_rxrykIMzb887y2kdJiJkRnYftPNFcTPAJuW_NRWuFloC5g1sSKrRwiz_zm7IT9qLNIhh2rmoMGShGqgfC8eHYkXPxoHQyeR8QheOcES1IsRyuWFu-A5gbwil5dT2DHmqOYUbUswtzMZQkP1sSXSyq8UaZXvlXsXtwIYOPocc6aYObKR9oOkek9RfjWokyRNiTv8xg8HdfK6IKkceiAReF8fiOJ_cZAxuNE3WEmCapXYGiuPWhGp3AXLcEnVj7YfDDDDaEunCU6PksZF7yGuwnoYOX_LBRcq1syNXvWNwyrY3mfl4BFz3nx8uFeXK0bHUzS_Iqs609fPXERtodDciP3xIdRYIZfito4gom-noTvBfI-xBiu5qiwbPodyn5uhSE7uGUysSozbUbI4Mi3sNaAHflMMYICV3ArzeeGuCwGGspe0MBiD50UdC_gsk3FnH5_krR-HtZVloICcbhtijx1_b0iG4J7v0vVJmKmdxx-6SyQV267K7ZATHouLhJJc971pCxigfqdYprGWChCTrMcnDXyKGoh-JzeBupoUxQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: c879cb351fb9042bfa0e5cbe1b7ecba8e0b704313511ca53ea29c447ca2d972e

Request headers

Referer: https://video-watch1.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 07 Oct 2022 10:52:53 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu4

Redirect headers

cache-control: no-cache
content-type: text/html; charset=UTF-8
date: Fri, 07 Oct 2022 10:52:52 GMT
location: https://iwkafp.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTE1OTA2OCwid2lkIjozNzU5NDMsInNyYyI6Mn0=eyJ&si1=&si2=
max-age: 0
server: nginx/1.21.1
x-zone: eu

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1f2b9e78325b8538774e6e3b56f2b36fc4a6865f61299d54d51aacbc242e515

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 178 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d1737488dc24ad3d825b1ee023b79a7d86b9e120c314a852d1ec542fad35d92

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/jpeg

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
mt34iofvjay.com/	1970-01-20 15:17:55	Name: UID Value: 22100705523c821b051c7043edb888db91b8
mt34iofvjay.com/	1970-01-20 07:15:31	Name: OACCAP Value: ABsllgAAAAAAAAAB
mt34iofvjay.com/	1970-01-20 07:15:31	Name: OACBLOCK Value: ABsllgAAAABjP7JQ
mt34iofvjay.com/	1970-01-20 06:33:46	Name: OXCCLK Value: ABsllgAAAAAAAAAB
mt34iofvjay.com/	1970-01-20 06:33:46	Name: OXPCLK Value: AAIY0gAAAAAAAAAB
mt34iofvjay.com/	1970-01-20 06:33:46	Name: ppucnt Value: 1
bg4nxu2u5t.com/	1970-01-20 15:17:55	Name: UID Value: 2210070552fcad91e78ad541ffaf0b032d16
bg4nxu2u5t.com/	1970-01-20 07:15:31	Name: OACCAP Value: ACHxbQAAAAAAAAAB
bg4nxu2u5t.com/	1970-01-20 07:15:31	Name: OACBLOCK Value: ACHxbQAAAABjPmDQ
bg4nxu2u5t.com/	1970-01-20 07:15:31	Name: OAZCCAP Value: ABv4bQAAAAAAAAAB
bg4nxu2u5t.com/	1970-01-20 07:15:31	Name: OAZCBLOCK Value: ABv4bQAAAABjP%2Fig
bg4nxu2u5t.com/	1970-01-20 06:33:46	Name: OXCCLK Value: ACHxbQAAAAAAAAAB
bg4nxu2u5t.com/	1970-01-20 06:33:46	Name: OXPCLK Value: AAISpAAAAAAAAAAB
bg4nxu2u5t.com/	1970-01-20 06:33:46	Name: ppucnt Value: 1
.video-watch1.com/	1970-01-20 07:15:31	Name: uuid Value: 2858af6b-161d-4ba4-be90-daf326c3545c
.iwkafp.com/	1970-01-20 06:33:46	Name: truniq Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bg4nxu2u5t.com
iwkafp.com
mt34iofvjay.com
video-watch1.com
185.177.93.28
185.56.234.205
23.106.127.147
23.106.127.148
03eda212f52c5a0b3c8be31d18673b7d9e73108f2599e1c2bd0d4dfb51174fec
2fef229e7569d85fd50aa47e27ebe17e1054b68238fb5617645d09bec22e9c75
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93
4325411e81968f88f7c00a9aa210e89c2bc748fb95c5c84d1eea6c4e6ce7d2d8
4441909a855315b3b88bc259eba9a0eb9f3fadd48984232231d2bf38d18737d5
9d1737488dc24ad3d825b1ee023b79a7d86b9e120c314a852d1ec542fad35d92
c879cb351fb9042bfa0e5cbe1b7ecba8e0b704313511ca53ea29c447ca2d972e
d1f2b9e78325b8538774e6e3b56f2b36fc4a6865f61299d54d51aacbc242e515

iwkafp.com Open in urlscan Pro 185.56.234.205 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

10 Requests

80 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

302 kBTransfer

613 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

16 Cookies

Indicators

iwkafp.com Open in urlscan Pro
185.56.234.205 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

80 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

302 kB
Transfer

613 kB
Size

16
Cookies

10 HTTP transactions
3 data transactions