xizajdfga.art Open in urlscan Pro
104.21.59.69 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://xizajdfga.art/tracking/click.php?c=4229&key=d597f2d9224b07622b1146de299ecd65
Submission: On September 19 via manual (September 19th 2021, 1:39:18 am UTC) from US — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 8 domains to perform 20 HTTP transactions. The main IP is 104.21.59.69, located in and belongs to CLOUDFLARENET, US. The main domain is xizajdfga.art.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 10th 2021. Valid for: a year.

This is the only time xizajdfga.art was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.21.59.69 104.21.59.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	34.102.170.20 34.102.170.20	15169 (GOOGLE) (GOOGLE)
1 1	23.228.78.149 23.228.78.149	46573 (LAYER-HOST) (LAYER-HOST)
11	179.61.143.18 179.61.143.18	61317 (ASDETUK w...) (ASDETUK www.heficed.com)
1	142.250.185.202 142.250.185.202	15169 (GOOGLE) (GOOGLE)
20	4

1 104.21.59.69 (None, )

ASN13335 (CLOUDFLARENET, US)

xizajdfga.art	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.102.170.20 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 20.170.102.34.bc.googleusercontent.com

www.vdksda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.fitandsupply.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.pnckmx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.228.78.149 (Dongguan, China) 1 redirects

ASN46573 (LAYER-HOST, US)

xnb9d.faultlessconnect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 179.61.143.18 (Vienna, Austria)

ASN61317 (ASDETUK www.heficed.com, GB)

xnb9d.ihytpjo2q2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	ihytpjo2q2.com xnb9d.ihytpjo2q2.com	849 KB
1	googleapis.com ajax.googleapis.com	34 KB
1	faultlessconnect.com 1 redirects xnb9d.faultlessconnect.com	1 KB
1	pnckmx.com 1 redirects www.pnckmx.com	342 B
1	fitandsupply.com 1 redirects www.fitandsupply.com	315 B
1	vdksda.com 1 redirects www.vdksda.com	385 B
1	xizajdfga.art xizajdfga.art	1 KB
0	fastlinkaction.com Failed w9vy.fastlinkaction.com Failed
20	8

	Domain	Requested by
11	xnb9d.ihytpjo2q2.com	xizajdfga.art xnb9d.ihytpjo2q2.com
1	ajax.googleapis.com	xnb9d.ihytpjo2q2.com
1	xnb9d.faultlessconnect.com	1 redirects
1	www.pnckmx.com	1 redirects
1	www.fitandsupply.com	1 redirects
1	www.vdksda.com	1 redirects
1	xizajdfga.art
0	w9vy.fastlinkaction.com Failed	xnb9d.ihytpjo2q2.com
20	8

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-10` - `2022-08-09`	a year	crt.sh
ihytpjo2q2.com R3	`2021-08-14` - `2021-11-12`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-30` - `2021-11-22`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://xizajdfga.art/tracking/click.php?c=4229&key=d597f2d9224b07622b1146de299ecd65
Frame ID: 2FFE9C135C2D03106801CBA03C7D2471
Requests: 1 HTTP requests in this frame

Frame: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Frame ID: 0602EF31AD026A67A5121E802BC27E41
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

65 %
HTTPS

0 %
IPv6

8
Domains

8
Subdomains

4
IPs

4
Countries

885 kB
Transfer

970 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.vdksda.com/4KZ4KG5/DH5XPT1/?sub1=6496&sub2=3ftz3z8b HTTP 302
https://www.fitandsupply.com/4KZ4KG5/F145ZML/?__rpt=0&__po=6496&__ptid=ada2fc1396d44951b7c67d83d08ef1b6&__rpa=1&__rc=1&sub1=6496&sub2=3ftz3z8b&sub3=&sub4=&sub5=&source_id=&__pcd=2 HTTP 302
https://www.pnckmx.com/4KZ4KG5/DPB5949/?__rpt=0&__po=6777&__ptid=dd5858399cee42948f62346b6d987d97&__rpa=0&__rc=2&sub1=6496&sub2=3ftz3z8b&sub3=&sub4=&sub5=&source_id=&__pcd=9 HTTP 302
https://xnb9d.faultlessconnect.com/?s1=2224&kw=&s2=0c9ee0bf417b47b3b277effc9bd19f3f&s3=&s4=&s5= HTTP 302
https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44

Request Chain 4

https://xnb9d.ihytpjo2q2.com/o/2XXQ6DLP/662957fa-18ea-11ec-99b8-3133d63c9a44 HTTP 301
https://w9vy.fastlinkaction.com/

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request click.php Show response
xizajdfga.art/tracking/ 1 KB
1 KB 347ms
327ms Document
text/html 104.21.59.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xizajdfga.art/tracking/click.php?c=4229&key=d597f2d9224b07622b1146de299ecd65
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: d8b899511dc75aa1b6645347809ec1df65b8dddabeed5293b2c3d105b14c9f3f

Request headers

:method: GET
:authority: xizajdfga.art
:scheme: https
:path: /tracking/click.php?c=4229&key=d597f2d9224b07622b1146de299ecd65
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
referer: https://yahoo.com
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 19 Sep 2021 01:39:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
set-cookie: fc_t_4229=1632015554_1632015554_1632015554_1632015554_1632015554; expires=Wed, 20-Oct-2021 01:39:14 GMT; Max-Age=2678400; path=/ fc_n_4229=1_1_1_1_1; expires=Wed, 20-Oct-2021 01:39:14 GMT; Max-Age=2678400; path=/
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ShyneALOJ3XWHv%2FXhMpl7haQaBktoFfDUMGeiXYVAX1s7Y9gIlr1vE1aLhp4kXo1dmifpikt%2FHaSXih3i6bMUi%2BqbFE5IpLs31Hz68pPCaIH47EEpIWocDDdjQGB6qwu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 690f195cf92f0ea7-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1

200
OK

Cookie set 662957fa-18ea-11ec-99b8-3133d63c9a44 Show response
xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/ Frame 0602
Redirect Chain

https://www.vdksda.com/4KZ4KG5/DH5XPT1/?sub1=6496&sub2=3ftz3z8b
https://www.fitandsupply.com/4KZ4KG5/F145ZML/?__rpt=0&__po=6496&__ptid=ada2fc1396d44951b7c67d83d08ef1b6&__rpa=1&__rc=1&sub1=6496&sub2=3ftz3z8b&sub3=&sub4=&sub5=&source_id=&__pcd=2
https://www.pnckmx.com/4KZ4KG5/DPB5949/?__rpt=0&__po=6777&__ptid=dd5858399cee42948f62346b6d987d97&__rpa=0&__rc=2&sub1=6496&sub2=3ftz3z8b&sub3=&sub4=&sub5=&source_id=&__pcd=9
https://xnb9d.faultlessconnect.com/?s1=2224&kw=&s2=0c9ee0bf417b47b3b277effc9bd19f3f&s3=&s4=&s5=
https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44

34 KB
7 KB

867ms
208ms

Document
text/html

179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to

Full URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Requested by: Host: xizajdfga.art
URL: https://xizajdfga.art/tracking/click.php?c=4229&key=d597f2d9224b07622b1146de299ecd65
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: d627517e2008f25f62cc4453c90cf20ba881935a760bf045af77dca39020d5e9

Request headers

Host: xnb9d.ihytpjo2q2.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://xizajdfga.art/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
referer: https://yahoo.com
Accept-Language: de-DE,de;q=0.9
Referer: https://xizajdfga.art/

Response headers

Date: Sun, 19 Sep 2021 01:39:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache, private
Access-Control-Allow-Origin: *
X-Redir: true
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkplRlV2T05TbWJiWlpKcFpUUEJ4NEE9PSIsInZhbHVlIjoibXJvV0RvUkg2S0lFRXlGam1RQlZhWTZGWkE3cUE3R1lFT05YenNZN3VKeDRaUS9YWVhtcUNLUm1SMjBaUXlrQWFlQkV6NUE0S3pweEkvSk5vaktMWW5idStESTRSVGhLVUVlb2hKeTlBaHIxMXZEYVNNTGhYNHVEOEpEVkJvTFQiLCJtYWMiOiJiZmE3MTY2ODgwZmU2NzI4NGFiYjY2NTFlNGU1NmQzYTY1MWJmYTQ2NjcyYWRmYzM5MmM3ZmJhZWZmMTExZDZhIiwidGFnIjoiIn0%3D; expires=Sun, 19-Sep-2021 03:39:16 GMT; Max-Age=7200; path=/; samesite=lax yredir_session=eyJpdiI6InlpS0pPNFM0OWE3WmM1TWx3Ky95TFE9PSIsInZhbHVlIjoiUlJOVUNVU2NqaUpDTVBXTkNwUjVORlV3ZHVtMnBQaXFKR1RXU3R6Sm5HNWV6QXlGTE5xNFVrMjdIZWVPK1VJYS9HdE5kRnQxeFRSa2lsSHRYMUtERjdjS1pPWld4bE00cEVXRlY2ajl6Zy9Fa01HcVMwMlJUQzc1b09FNGpQNnciLCJtYWMiOiJhMWIzMmFkODgzMzc3MTIwNzc0OTk4NGIwNTVjNGIzMTZjZGY3Y2YwMTcxZTk5OTVlNzYxMjU2OTc1YWVkYTBhIiwidGFnIjoiIn0%3D; expires=Sun, 19-Sep-2021 03:39:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax lambda-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Encoding: gzip

Redirect headers

Date: Sun, 19 Sep 2021 01:39:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache, private
Location: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Access-Control-Allow-Origin: *
X-Redir: true
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkpFYmpveE9FdUUyT0IyQm1ncXlZdlE9PSIsInZhbHVlIjoiTHlWSFVrdWpkNjZJVXVxcEZwcXpzeUZnbkxJSWdOYkdHSHlQNEFodXh0ditadVNSTmZOd0xRMW8zWTh6OTBYTmY5eThxVWtnL2pjdUFoYldVREc3R3hJVVl3VXI5cUxoRDNaL1REUXAzUjdmak1YVG1iZnNQV1VSU2x1eEo1SnIiLCJtYWMiOiJhMjUwOGM4MmQ2YWRmMWE3ZjIwZWJhMzAxMGJlZGQwNDI2MmQ5YzMxZjRkOTQyZjJlYjA4ZGM4Y2RiYWQwYTk3IiwidGFnIjoiIn0%3D; expires=Sun, 19-Sep-2021 03:39:16 GMT; Max-Age=7200; path=/; samesite=lax yredir_session=eyJpdiI6Im1adHdyb2I2WkI0RVc4WStZdlNYa2c9PSIsInZhbHVlIjoiTlk3cWUrSWlNZk0wbHRlR2dTV1dUQUF5MU9BZFcyRTVaMnJwKzZSY0E2d3JNdHpKT3duMDQwZVBVdHJaWC84b0JrTm1PcGErRkdIeGsrYzZZQjlEc3o1YXFJYndabnVDNUtjWXpDQUIwc1JqbWxydW4rdDBrYkhVaW5SM3BDcnYiLCJtYWMiOiJmMDJjOGZlMmVkMDkyYTk5MzhiODQxMDk3NDAyOTIyYjIwNmQzOGFmYzg4Y2UyOGQ4NzdiMmE0NzYxNmRmODA2IiwidGFnIjoiIn0%3D; expires=Sun, 19-Sep-2021 03:39:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax lambda-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/

GET
H/1.1 200
OK style.css
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/css/ Frame 0602 5 KB
6 KB 107ms
107ms Stylesheet
text/css 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to

Full URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/css/style.css
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: 27a276e80a16de7fe575cc4d28c1a1a8656bd4774fd5c4927da2cd9283e1f656

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:24:08 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:42:08 GMT
Age: 296109
ETag: "0e0958d51ded34cd4de26a9e461a837e"
X-Varnish: 733250158 697011495
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 5568

GET
H/1.1 200
OK returnDate.de.js Show response
xnb9d.ihytpjo2q2.com/production/_includes/date/ Frame 0602 1 KB
2 KB 215ms
107ms Script
application/javascript 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to

Full URL: https://xnb9d.ihytpjo2q2.com/production/_includes/date/returnDate.de.js
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: f09fbd477acccfc2c883f67d9b6948c7c5f5ba3c25a30c3768ceac3828c46d2b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:28:58 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:41:30 GMT
Age: 295819
ETag: "cad942dcfa6ef292749a1075cf352037"
X-Varnish: 733250162 697041382
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 1249
Service-Worker-Allowed: /

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ Frame 0602 95 KB
34 KB 30ms
8ms Script
text/javascript 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Fri, 17 Sep 2021 13:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 131339
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Sat, 17 Sep 2022 13:10:18 GMT

GET

/
w9vy.fastlinkaction.com/ Frame 0602
Redirect Chain

https://xnb9d.ihytpjo2q2.com/o/2XXQ6DLP/662957fa-18ea-11ec-99b8-3133d63c9a44
https://w9vy.fastlinkaction.com/

0
0

GET
H/1.1 200
OK sub2-min.png
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 503 B
861 B 107ms
107ms Image
image/png 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/sub2-min.png
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: 424c21017d352a097502d212564a602f036cada202fa55247ef2b2a276f03f59

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:24:14 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:42:08 GMT
Age: 296103
ETag: "17b195295195777b7415a91b5bfe4e40"
X-Varnish: 733230860 696766879
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 503

GET
H/1.1 200
OK loading.gif
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 3 KB
3 KB 107ms
107ms Image
image/gif 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/loading.gif
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: 61a5b75bd3a5d8370fd543e656a9223bf98035cb0e9931849b2a78c94b7134db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:24:14 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:42:08 GMT
Age: 296103
ETag: "57853c90b8506907affe703e96d0184c"
X-Varnish: 733250164 696951501
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 2873

GET
H/1.1 200
OK fb-check-min.jpg
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 662 B
1021 B 107ms
107ms Image
image/jpeg 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/fb-check-min.jpg
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: 897400118f15478b414250c5c4a07412d32f414c8683274996f1917ac79d882e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:24:07 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:42:08 GMT
Age: 296110
ETag: "647f83a6bea8989234822fccfaaf1172"
X-Varnish: 733230866 697011468
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 662

GET
H/1.1 200
OK galaxys212.png
xnb9d.ihytpjo2q2.com/production/_media/prizes/ Frame 0602 487 KB
488 KB 214ms
214ms Image
image/png 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xnb9d.ihytpjo2q2.com/production/_media/prizes/galaxys212.png
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: 473685441142a44f703878b4d57114ff27553634b0ac6b757b9da6e7287db9b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:24:09 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:41:56 GMT
Age: 296108
ETag: "47a5455a4ba0eaa593165858aefa6f60"
X-Varnish: 733196900 696548216
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 499082

GET
H/1.1 200
OK iphone122.png
xnb9d.ihytpjo2q2.com/production/_media/prizes/ Frame 0602 302 KB
302 KB 108ms
107ms Image
image/png 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xnb9d.ihytpjo2q2.com/production/_media/prizes/iphone122.png
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: 48a84952fa57d0316122bd9096544f16416c08f73081648d6b247d0b385272f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:24:10 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:41:57 GMT
Age: 296108
ETag: "5dec5c4a78a83ea6516979fa363e8ada"
X-Varnish: 733230876 697011601
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 308783

GET
H/1.1 200
OK macbook2.png
xnb9d.ihytpjo2q2.com/production/_media/prizes/ Frame 0602 37 KB
37 KB 107ms
107ms Image
image/png 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xnb9d.ihytpjo2q2.com/production/_media/prizes/macbook2.png
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: cfc14f5db37a2f1ef657cb9fbcd68b17e9295521b0966cf466be378c6da9cef6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:26:58 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:41:58 GMT
Age: 295940
ETag: "65601e39390008cb1fab24b661dbfb9f"
X-Varnish: 733230878 696954484
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 37747

GET
H/1.1 200
OK male1-min.jpg
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 2 KB
2 KB 107ms
107ms Image
image/jpeg 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/male1-min.jpg
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: 17c1074c13199c387f264bf85324f2555d89c4221fae93a175d69973453f0cb4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:24:15 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:42:08 GMT
Age: 296104
ETag: "7c87417985d39d54edfe8c84005668c5"
X-Varnish: 733196910 696833687
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 1559

GET
H/1.1 200
OK female2-min.jpg
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 1 KB
1 KB 107ms
107ms Image
image/jpeg 179.61.143.18
ASDETUK www.hefic...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/female2-min.jpg
Requested by: Host: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/t/2e9423a84ad4/662957fa-18ea-11ec-99b8-3133d63c9a44
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 179.61.143.18 Vienna, Austria, ASN61317 (ASDETUK www.heficed.com, GB),
Reverse DNS
Software: /
Resource Hash: 030ab7588cc14efd6625654c00ff326d6602091f4fae946265ad29f9fee370d9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://yahoo.com
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 15:24:07 GMT
Via: 1.1 varnish (Varnish/6.1)
Last-Modified: Wed, 15 Sep 2021 11:42:08 GMT
Age: 296112
ETag: "0794d94f802b6df4a503a36dd30b1b49"
X-Varnish: 733196914 697011461
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 1102

GET female3-min.jpg
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 0
0

GET female4-min.jpg
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 0
0

GET male2-min.jpg
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 0
0

GET male3-min.jpg
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 0
0

GET female5-min.jpg
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 0
0

GET female6-min.jpg
xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/ Frame 0602 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: w9vy.fastlinkaction.com
URL: https://w9vy.fastlinkaction.com/

Domain: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/female3-min.jpg

Domain: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/female4-min.jpg

Domain: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/male2-min.jpg

Domain: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/male3-min.jpg

Domain: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/female5-min.jpg

Domain: xnb9d.ihytpjo2q2.com
URL: https://xnb9d.ihytpjo2q2.com/production/_templates/gbrand-survey_MASTER_MULTI/images/female6-min.jpg

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster function| resize

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
xizajdfga.art/	1970-01-19 22:04:53	Name: fc_t_4229 Value: 1632015554_1632015554_1632015554_1632015554_1632015554
xizajdfga.art/	1970-01-19 22:04:53	Name: fc_n_4229 Value: 1_1_1_1_1
www.vdksda.com/	1970-01-19 22:03:27	Name: uniqueClick_DH5XPT1 Value: 878f2439-163a-417a-a555-365cb99edd2d:1632015554
www.fitandsupply.com/	1970-01-19 21:30:20	Name: uniqueClick_F145ZML Value: 53f48537-8cb1-4648-b428-3aba6be44a2b:1632015554
www.pnckmx.com/	1970-01-19 21:30:20	Name: uniqueClick_DPB5949 Value: f68394d8-9ad4-4667-b7e4-a70036173664:1632015554
www.pnckmx.com/	1970-01-19 23:29:51	Name: transaction_id Value: 0c9ee0bf417b47b3b277effc9bd19f3f

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
w9vy.fastlinkaction.com
www.fitandsupply.com
www.pnckmx.com
www.vdksda.com
xizajdfga.art
xnb9d.faultlessconnect.com
xnb9d.ihytpjo2q2.com
w9vy.fastlinkaction.com
xnb9d.ihytpjo2q2.com
104.21.59.69
142.250.185.202
179.61.143.18
23.228.78.149
34.102.170.20
030ab7588cc14efd6625654c00ff326d6602091f4fae946265ad29f9fee370d9
17c1074c13199c387f264bf85324f2555d89c4221fae93a175d69973453f0cb4
27a276e80a16de7fe575cc4d28c1a1a8656bd4774fd5c4927da2cd9283e1f656
424c21017d352a097502d212564a602f036cada202fa55247ef2b2a276f03f59
473685441142a44f703878b4d57114ff27553634b0ac6b757b9da6e7287db9b6
48a84952fa57d0316122bd9096544f16416c08f73081648d6b247d0b385272f5
61a5b75bd3a5d8370fd543e656a9223bf98035cb0e9931849b2a78c94b7134db
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
897400118f15478b414250c5c4a07412d32f414c8683274996f1917ac79d882e
cfc14f5db37a2f1ef657cb9fbcd68b17e9295521b0966cf466be378c6da9cef6
d627517e2008f25f62cc4453c90cf20ba881935a760bf045af77dca39020d5e9
d8b899511dc75aa1b6645347809ec1df65b8dddabeed5293b2c3d105b14c9f3f
f09fbd477acccfc2c883f67d9b6948c7c5f5ba3c25a30c3768ceac3828c46d2b

xizajdfga.art Open in urlscan Pro 104.21.59.69 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

20 Requests

65 %HTTPS

0 %IPv6

8 Domains

8 Subdomains

4 IPs

4 Countries

885 kBTransfer

970 kBSize

6 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

6 Cookies

Indicators

xizajdfga.art Open in urlscan Pro
104.21.59.69 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

65 %
HTTPS

0 %
IPv6

8
Domains

8
Subdomains

4
IPs

4
Countries

885 kB
Transfer

970 kB
Size

6
Cookies

20 HTTP transactions
0 data transactions