1fad.ru Open in urlscan Pro
185.26.122.23 Public Scan

URL:
http://1fad.ru/update-outlook-au
Submission: On May 27 via manual (May 27th 2020, 5:14:18 am UTC) from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 185.26.122.23, located in St Petersburg, Russian Federation and belongs to HOSTLAND, RU. The main domain is 1fad.ru.

This is the only time 1fad.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	185.26.122.23 185.26.122.23	62082 (HOSTLAND) (HOSTLAND)
1	54.36.158.42 54.36.158.42	16276 (OVH) (OVH)
3	148.251.11.247 148.251.11.247	24940 (HETZNER-AS) (HETZNER-AS)
3	5.9.100.69 5.9.100.69	24940 (HETZNER-AS) (HETZNER-AS)
14	4

7 185.26.122.23 (St Petersburg, Russian Federation)

ASN62082 (HOSTLAND, RU)
PTR: serv23-26.hostland.ru

1fad.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.36.158.42 (France)

ASN16276 (OVH, FR)
PTR: lb.xtgem.com

questard.xtgem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 148.251.11.247 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.247.11.251.148.clients.your-server.de

go8me.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 5.9.100.69 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: www.people-group.su

ads.people-group.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	1fad.ru 1fad.ru	63 KB
3	people-group.net ads.people-group.net	19 KB
3	go8me.ru go8me.ru	2 KB
1	xtgem.com questard.xtgem.com
14	4

	Domain	Requested by
7	1fad.ru	1fad.ru
3	ads.people-group.net	1fad.ru ads.people-group.net
3	go8me.ru	1fad.ru go8me.ru
1	questard.xtgem.com	1fad.ru
14	4

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 5 frames:

Primary Page: http://1fad.ru/update-outlook-au
Frame ID: 19DE60BFA3D38F00B62C61A3079BFC57
Requests: 3 HTTP requests in this frame

Frame: http://1fad.ru/framedRedirectTop.php?url=832
Frame ID: D76AD53E882234F5A184B895338A72D7
Requests: 8 HTTP requests in this frame

Frame: http://questard.xtgem.com/lib/?rel=update
Frame ID: 99D16BB3E7014984FC6B6EB9557E1B62
Requests: 1 HTTP requests in this frame

Frame: http://go8me.ru/js/if.php?id=5
Frame ID: 8D822B624078861EFA2D9E8F4FA4E0FC
Requests: 1 HTTP requests in this frame

Frame: http://ads.people-group.net/?hwn=ODI1MTgnMTInMSc&hrf=http%3A%2F%2F1fad.ru%2Fupdate-outlook-au&stg=1590556721.6df8d48c85&xm=1&s=MTYwMCUzQTElM0E3Mg%3D%3D&h=05%2F27%2F2020%2007%3A13%3A43%27%5E%271%27%5E%27http%3A%2F%2F1fad.ru%2Fupdate-outlook-au&k=&0.6091408036095909
Frame ID: 5AF72BC54C254B1F8E5FFAA3610448A3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

14
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

83 kB
Transfer

362 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set update-outlook-au Show response
1fad.ru/ 1 KB
1 KB 435ms
296ms Document
text/html 185.26.122.23
HOSTLAND

General

Check archive.org

Show headers Download Go to

Full URL: http://1fad.ru/update-outlook-au
Protocol: HTTP/1.1
Server: 185.26.122.23 St Petersburg, Russian Federation, ASN62082 (HOSTLAND, RU),
Reverse DNS: serv23-26.hostland.ru
Software: nginx / PHP/5.6.40
Resource Hash: c47f338be5ae55e462209bc38a32139602471f462bb57d4ecd95d4c76d78db74

Request headers

Host: 1fad.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: nginx
Date: Wed, 27 May 2020 05:13:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
Set-Cookie: shorturl=67f0604c571de72a54d9239ed3907a20; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

GET
H/1.1 200
OK bootstrap.css
1fad.ru/themes/v3/styles/css/ 121 KB
18 KB 106ms
106ms Stylesheet
text/css 185.26.122.23
HOSTLAND

General

Check archive.org

Show headers Download Go to

Full URL: http://1fad.ru/themes/v3/styles/css/bootstrap.css
Requested by: Host: 1fad.ru
URL: http://1fad.ru/update-outlook-au
Protocol: HTTP/1.1
Server: 185.26.122.23 St Petersburg, Russian Federation, ASN62082 (HOSTLAND, RU),
Reverse DNS: serv23-26.hostland.ru
Software: nginx /
Resource Hash: e59179702fff6732311be76961a0b18cd160eb27057b22cfae2d0a567f14345f

Request headers

Referer: http://1fad.ru/update-outlook-au
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 27 May 2020 05:13:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Jul 2015 15:19:21 GMT
Server: nginx
ETag: W/"24ccc08-1e537-51a5ea9cd0f6a"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK screen.css
1fad.ru/themes/v3/styles/ 39 KB
7 KB 184ms
156ms Stylesheet
text/css 185.26.122.23
HOSTLAND

General

Check archive.org

Show headers Download Go to

Full URL: http://1fad.ru/themes/v3/styles/screen.css
Requested by: Host: 1fad.ru
URL: http://1fad.ru/update-outlook-au
Protocol: HTTP/1.1
Server: 185.26.122.23 St Petersburg, Russian Federation, ASN62082 (HOSTLAND, RU),
Reverse DNS: serv23-26.hostland.ru
Software: nginx /
Resource Hash: c633c8575301d2e600d0006875ae313be2de2d0813e8f5db62c9dc8de38bc2df

Request headers

Referer: http://1fad.ru/update-outlook-au
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 27 May 2020 05:13:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Jul 2015 15:18:34 GMT
Server: nginx
ETag: W/"24ccb61-9a8b-51a5ea703410a"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK framedRedirectTop.php Show response
1fad.ru/ Frame D76A 3 KB
1 KB 225ms
196ms Document
text/html 185.26.122.23
HOSTLAND

General

Check archive.org

Show headers Download Go to

Full URL: http://1fad.ru/framedRedirectTop.php?url=832
Requested by: Host: 1fad.ru
URL: http://1fad.ru/update-outlook-au
Protocol: HTTP/1.1
Server: 185.26.122.23 St Petersburg, Russian Federation, ASN62082 (HOSTLAND, RU),
Reverse DNS: serv23-26.hostland.ru
Software: nginx / PHP/5.6.40
Resource Hash: 81af9a2e8e130c28294b319d5665696b324074cd5b8a2ad922cf0e130f6c1861

Request headers

Host: 1fad.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://1fad.ru/update-outlook-au
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: shorturl=67f0604c571de72a54d9239ed3907a20
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://1fad.ru/update-outlook-au

Response headers

Server: nginx
Date: Wed, 27 May 2020 05:13:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set /
questard.xtgem.com/lib/ Frame 99D1 0
0 556ms
517ms Document
text/html 54.36.158.42
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://questard.xtgem.com/lib/?rel=update
Requested by: Host: 1fad.ru
URL: http://1fad.ru/update-outlook-au
Protocol: HTTP/1.1
Server: 54.36.158.42 , France, ASN16276 (OVH, FR),
Reverse DNS: lb.xtgem.com
Software: /
Resource Hash

Request headers

Host: questard.xtgem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://1fad.ru/update-outlook-au
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://1fad.ru/update-outlook-au

Response headers

Date: Wed, 27 May 2020 05:13:43 GMT
Vary: Host,Accept-Encoding
Set-Cookie: _xta_uid=4571534bebeffe2ffe23b590dc55d513; expires=Fri, 27-May-2022 05:13:43 GMT; Max-Age=63072000; path=/; domain=.xtgem.com; httponly _xta_vid=f6b57e50b8498d1ccb50f335e42f4125-1590556423; expires=Wed, 27-May-2020 05:43:43 GMT; Max-Age=1800; path=/; domain=.xtgem.com; httponly
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Encoding: gzip
Content-Length: 3963
Content-Type: text/html;charset=UTF-8
Age: 0
X-Cache: MISS
X-Cache-Hits: 0
Accept-Ranges: bytes
Connection: close

GET
H/1.1 200
OK bootstrap.css
1fad.ru/themes/v3/styles/css/ Frame D76A 121 KB
18 KB 96ms
95ms Stylesheet
text/css 185.26.122.23
HOSTLAND

General

Check archive.org

Show headers Download Go to

Full URL: http://1fad.ru/themes/v3/styles/css/bootstrap.css
Requested by: Host: 1fad.ru
URL: http://1fad.ru/framedRedirectTop.php?url=832
Protocol: HTTP/1.1
Server: 185.26.122.23 St Petersburg, Russian Federation, ASN62082 (HOSTLAND, RU),
Reverse DNS: serv23-26.hostland.ru
Software: nginx /
Resource Hash: e59179702fff6732311be76961a0b18cd160eb27057b22cfae2d0a567f14345f

Request headers

Referer: http://1fad.ru/framedRedirectTop.php?url=832
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 27 May 2020 05:13:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Jul 2015 15:19:21 GMT
Server: nginx
ETag: W/"24ccc08-1e537-51a5ea9cd0f6a"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK screen.css
1fad.ru/themes/v3/styles/ Frame D76A 39 KB
7 KB 88ms
88ms Stylesheet
text/css 185.26.122.23
HOSTLAND

General

Check archive.org

Show headers Download Go to

Full URL: http://1fad.ru/themes/v3/styles/screen.css
Requested by: Host: 1fad.ru
URL: http://1fad.ru/framedRedirectTop.php?url=832
Protocol: HTTP/1.1
Server: 185.26.122.23 St Petersburg, Russian Federation, ASN62082 (HOSTLAND, RU),
Reverse DNS: serv23-26.hostland.ru
Software: nginx /
Resource Hash: c633c8575301d2e600d0006875ae313be2de2d0813e8f5db62c9dc8de38bc2df

Request headers

Referer: http://1fad.ru/framedRedirectTop.php?url=832
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 27 May 2020 05:13:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Jul 2015 15:18:34 GMT
Server: nginx
ETag: W/"24ccb61-9a8b-51a5ea703410a"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK bodyclick.php Show response
go8me.ru/js/ Frame D76A 3 KB
1 KB 117ms
88ms Script
text/html 148.251.11.247
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://go8me.ru/js/bodyclick.php?id=14978
Requested by: Host: 1fad.ru
URL: http://1fad.ru/framedRedirectTop.php?url=832
Protocol: HTTP/1.1
Server: 148.251.11.247 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.247.11.251.148.clients.your-server.de
Software: nginx / PHP/5.4.45
Resource Hash: 1753fbdb2a19edf9f52bbb605c7c97fdf64b5ca32090bc404322bf263f047e51

Request headers

Referer: http://1fad.ru/framedRedirectTop.php?url=832
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 27 May 2020 05:13:37 GMT
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK if.php Show response
go8me.ru/js/ Frame D76A 0
180 B 128ms
99ms Script
text/html 148.251.11.247
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://go8me.ru/js/if.php?id=14978
Requested by: Host: 1fad.ru
URL: http://1fad.ru/framedRedirectTop.php?url=832
Protocol: HTTP/1.1
Server: 148.251.11.247 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.247.11.251.148.clients.your-server.de
Software: nginx / PHP/5.4.45
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://1fad.ru/framedRedirectTop.php?url=832
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 27 May 2020 05:13:37 GMT
Server: nginx
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK red.png
1fad.ru/themes/v3/images/logo/ Frame D76A 9 KB
9 KB 93ms
93ms Image
image/png 185.26.122.23
HOSTLAND

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://1fad.ru/themes/v3/images/logo/red.png
Requested by: Host: 1fad.ru
URL: http://1fad.ru/framedRedirectTop.php?url=832
Protocol: HTTP/1.1
Server: 185.26.122.23 St Petersburg, Russian Federation, ASN62082 (HOSTLAND, RU),
Reverse DNS: serv23-26.hostland.ru
Software: nginx /
Resource Hash: 8c557d5151631f05758da42603ff4619dc4a26c42a2ec81abb5468460a2db63a

Request headers

Referer: http://1fad.ru/framedRedirectTop.php?url=832
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 27 May 2020 05:13:43 GMT
Last-Modified: Thu, 09 Jul 2015 16:35:48 GMT
Server: nginx
ETag: "24ccbb3-234d-51a73d9115279"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9037

GET
H/1.1 200
OK / Show response
ads.people-group.net/82518/12/1/ Frame D76A 12 KB
3 KB 119ms
82ms Script
application/x-javascript 5.9.100.69
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://ads.people-group.net/82518/12/1/

Requested by

Host: 1fad.ru
URL: http://1fad.ru/framedRedirectTop.php?url=832

Protocol

HTTP/1.1

Server

5.9.100.69 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

www.people-group.su

Software

nginx/1.12.2 /

Resource Hash

ca83c355bb8f2c63596f195ff684430f2f82bb744e9edade46a0b5a8af3e58d7

Security Headers

Name	Value
X-Xss-Protection	0;

Request headers

Referer: http://1fad.ru/framedRedirectTop.php?url=832
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 May 2020 05:18:41 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/x-javascript;charset=UTF-8;
X-XSS-Protection: 0;

GET
H/1.1 200
OK if.php
go8me.ru/js/ Frame 8D82 0
0 70ms
70ms Document
text/html 148.251.11.247
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://go8me.ru/js/if.php?id=5
Requested by: Host: go8me.ru
URL: http://go8me.ru/js/bodyclick.php?id=14978
Protocol: HTTP/1.1
Server: 148.251.11.247 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.247.11.251.148.clients.your-server.de
Software: nginx / PHP/5.4.45
Resource Hash

Request headers

Host: go8me.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://1fad.ru/framedRedirectTop.php?url=832
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://1fad.ru/framedRedirectTop.php?url=832

Response headers

Server: nginx
Date: Wed, 27 May 2020 05:13:37 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.4.45

GET
H/1.1 200
OK Cookie set /
ads.people-group.net/ Frame 5AF7 0
0 59ms
58ms Document
text/html 5.9.100.69
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://ads.people-group.net/?hwn=ODI1MTgnMTInMSc&hrf=http%3A%2F%2F1fad.ru%2Fupdate-outlook-au&stg=1590556721.6df8d48c85&xm=1&s=MTYwMCUzQTElM0E3Mg%3D%3D&h=05%2F27%2F2020%2007%3A13%3A43%27%5E%271%27%5E%27http%3A%2F%2F1fad.ru%2Fupdate-outlook-au&k=&0.6091408036095909

Requested by

Host: ads.people-group.net
URL: http://ads.people-group.net/82518/12/1/

Protocol

HTTP/1.1

Server

5.9.100.69 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

www.people-group.su

Software

nginx/1.12.2 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0;

Request headers

Host: ads.people-group.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://1fad.ru/framedRedirectTop.php?url=832
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: _pgstg=1590556721.6df8d48c85
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://1fad.ru/framedRedirectTop.php?url=832

Response headers

Server: nginx/1.12.2
Date: Wed, 27 May 2020 05:18:41 GMT
Content-Type: text/html;charset=UTF-8;
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 0;
Set-Cookie: _pgutm1=e0f|5|1; path=/; domain=ads.people-group.net;
Content-Encoding: gzip

GET
H/1.1 200
OK close.png
ads.people-group.net/bann/ Frame D76A 15 KB
15 KB 116ms
89ms Image
image/png 5.9.100.69
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ads.people-group.net/bann/close.png
Requested by: Host: 1fad.ru
URL: http://1fad.ru/framedRedirectTop.php?url=832
Protocol: HTTP/1.1
Server: 5.9.100.69 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: www.people-group.su
Software: nginx/1.12.2 /
Resource Hash: 324b9d944e39c915922db7058a276bd708e68ea5d86762741f14864af2324607

Request headers

Referer: http://1fad.ru/framedRedirectTop.php?url=832
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 27 May 2020 05:18:41 GMT
Last-Modified: Wed, 20 Feb 2013 14:07:40 GMT
Server: nginx/1.12.2
ETag: "5124d8ac-3bb7"
Content-Type: image/png
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15287
Expires: Wed, 27 May 2020 06:18:41 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
xtgem.com/	1970-01-19 10:32:28	Name: __template Value: web
.ads.people-group.net/	1970-01-19 18:27:40	Name: _pgstg Value: 1590556721.6df8d48c85
xtgem.com/	1970-01-19 10:32:28	Name: __lang Value: DE
.ads.people-group.net/	1969-12-31 23:59:59	Name: _pgutm1 Value: e0f\|5\|1
.xtgem.com/	1970-01-20 03:20:28	Name: _xta_uid Value: 4571534bebeffe2ffe23b590dc55d513
.xtgem.com/	1970-01-19 09:50:42	Name: session Value: d2~dtjdb2929hi44ndstmpos2i6o3
.xtgem.com/	1970-01-19 09:49:18	Name: _xta_vid Value: f6b57e50b8498d1ccb50f335e42f4125-1590556423
.xtgem.com/	1970-01-19 19:13:45	Name: __qca Value: P0-2058650229-1590556424412
questard.xtgem.com/lib	1969-12-31 23:59:59	Name: Value: test
1fad.ru/	1969-12-31 23:59:59	Name: shorturl Value: 67f0604c571de72a54d9239ed3907a20

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1fad.ru
ads.people-group.net
go8me.ru
questard.xtgem.com
148.251.11.247
185.26.122.23
5.9.100.69
54.36.158.42
1753fbdb2a19edf9f52bbb605c7c97fdf64b5ca32090bc404322bf263f047e51
324b9d944e39c915922db7058a276bd708e68ea5d86762741f14864af2324607
81af9a2e8e130c28294b319d5665696b324074cd5b8a2ad922cf0e130f6c1861
8c557d5151631f05758da42603ff4619dc4a26c42a2ec81abb5468460a2db63a
c47f338be5ae55e462209bc38a32139602471f462bb57d4ecd95d4c76d78db74
c633c8575301d2e600d0006875ae313be2de2d0813e8f5db62c9dc8de38bc2df
ca83c355bb8f2c63596f195ff684430f2f82bb744e9edade46a0b5a8af3e58d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e59179702fff6732311be76961a0b18cd160eb27057b22cfae2d0a567f14345f

1fad.ru Open in urlscan Pro 185.26.122.23 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

83 kBTransfer

362 kBSize

10 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

10 Cookies

Indicators

1fad.ru Open in urlscan Pro
185.26.122.23 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

83 kB
Transfer

362 kB
Size

10
Cookies

14 HTTP transactions
0 data transactions