www.winnerplay2019.com Open in urlscan Pro
143.204.101.68  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response www.winnerplay2019.com/lt/multi/contest2/	14 KB 4 KB	89ms 23ms	Document text/html	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 8262af88328f79655920973f71f6d4a63c76e6b1adc0f2150896fe147860e951 Request headers :method GET :authority www.winnerplay2019.com :scheme https :path /lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-user ?1 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none sec-fetch-mode navigate accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-User ?1 Response headers status 200 content-type text/html date Wed, 20 Nov 2019 19:18:32 GMT last-modified Wed, 20 Nov 2019 09:22:32 GMT x-amz-version-id JWVHlCq3Cqffom6Qgh6feD2MF53va7Jg server AmazonS3 content-encoding gzip vary Accept-Encoding x-cache Hit from cloudfront via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-amz-cf-id iCF2-JPR4RjQFnjGHVRJrmSjUHrA-FJ0odX7uqLwkFC21x5gQd9_Fw== age 68354
GET H2	200	styles.css www.winnerplay2019.com/lt/multi/contest2/	32 KB 32 KB	29ms 28ms	Stylesheet text/css	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/styles.css Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 9158aae36be2004065168737f90058bf7ec534ac4d6c3b932e9b3c955c9efdd3 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id gGnY4dKUWk7gJkljVAVtzfkU0dIpHaH_ via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront) last-modified Thu, 14 Nov 2019 12:52:46 GMT server AmazonS3 age 72745 etag "91cfa2fee4415342b5c6b5223893c737" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css status 200 date Tue, 17 Dec 2019 19:14:19 GMT x-amz-cf-pop FRA50-C1 accept-ranges bytes content-length 32330 x-amz-cf-id iktQVLlyxV2jsJQPmia0p8Jee-B4ZCZhZkgZqGIRd2ZdjLDia9mbnw==
GET H2	200	modernizr.min.js Show response www.winnerplay2019.com/lt/multi/contest2/	11 KB 5 KB	70ms 69ms	Script application/javascript	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/modernizr.min.js Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id jzkaVfscpVHY2E2U1LgIldHvMCA5LAuL content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:29 GMT server AmazonS3 age 72745 date Tue, 17 Dec 2019 19:14:19 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-pop FRA50-C1 x-amz-cf-id blUOs0mqQl_u1y1ULIQalVCnpmUj4K_gUJVBd20KsUt7xlz8t2V2Nw== via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
GET H2	200	logo.svg www.winnerplay2019.com/lt/multi/contest2/	922 B 1 KB	57ms 56ms	Image image/svg+xml	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/logo.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 192c954608ecc1bc65823d4e08f66d316492e233391808aadcde1d1c84020ca1 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 03 Nov 2019 21:26:47 GMT via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront) last-modified Mon, 16 Sep 2019 13:58:29 GMT server AmazonS3 age 58811 etag "b2c9bb76885227103d1d75769500d665" x-cache Hit from cloudfront x-amz-version-id 4s1.yjPV7zthJgbIHmVlsfxRJy0fH1J1 status 200 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/svg+xml content-length 922 x-amz-cf-id cKD_MgC3O5fitCJIuBlQvSS7kFFLfYIbpvCu6BVDRUN36GiwyWPRrw==
GET H2	200	icon-box.svg www.winnerplay2019.com/lt/multi/contest2/	1 KB 833 B	70ms 70ms	Image image/svg+xml	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/icon-box.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 62f7ef6281d5e0db3f14298ca3707ee3a9f61d1ee85ac5fa5dade011eafb32e9 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id Nu3xC.7Jl2JMqYtiLYPTiGNaYhEuYZ7_ content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:28 GMT server AmazonS3 age 66684 date Tue, 17 Dec 2019 20:55:20 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml status 200 x-amz-cf-pop FRA50-C1 x-amz-cf-id AL2ClU1OFzWiNpqc4_9vlL19bupStU3C7spM73Xu6erQGVsC8gUMpA== via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
GET H2	200	s10plus-11.png www.winnerplay2019.com/lt/multi/contest2/	19 KB 20 KB	27ms 25ms	Image image/png	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/s10plus-11.png Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash dbd8f7277d64322d3339639ada60d7c0dcb2999e683823dae814239af4e0dec8 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id 6.2IM0jyBpP7DPVQWvXiKEfpAupY1rR9 via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront) last-modified Mon, 16 Sep 2019 13:58:29 GMT server AmazonS3 age 5762 etag "852e8b56ca8731b7629d3b56fef9687a" x-cache Hit from cloudfront content-type image/png status 200 date Wed, 18 Dec 2019 13:50:42 GMT x-amz-cf-pop FRA50-C1 accept-ranges bytes content-length 19662 x-amz-cf-id b_3waS41_2TIp8-kHZuiljX1O2cSDDfKjrdlWtUI3iFZhm3WnniBYA==
GET H2	200	foot-icon01.svg www.winnerplay2019.com/lt/multi/contest2/	8 KB 3 KB	30ms 27ms	Image image/svg+xml	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/foot-icon01.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 72b5508eefd5a9c85c53de4e82c9e8821dea88160cddd36d31644506c1cbfa13 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 12 Dec 2019 20:52:05 GMT content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:30 GMT server AmazonS3 age 66684 vary Accept-Encoding x-cache Hit from cloudfront x-amz-version-id vPZ.5Q6bn1msBMiw7atmx3.FXIcUtjuj status 200 x-amz-cf-pop FRA50-C1 content-type image/svg+xml x-amz-cf-id TaNyz3n3-8XO_t7fz5wO7rImSJ3cNXZLaGV5rF6CkE7Y77npvMabIw== via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
GET H2	200	foot-icon02.svg www.winnerplay2019.com/lt/multi/contest2/	4 KB 2 KB	30ms 28ms	Image image/svg+xml	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/foot-icon02.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 00b79e96e2324306f897649364907340e7d6ed2199bd7cd928cc2bec37d7c287 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id 1Btbadpe.Ai4ygyLHw4kdaXu2IJHMwSJ content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:30 GMT server AmazonS3 age 5762 date Wed, 18 Dec 2019 13:50:42 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml status 200 x-amz-cf-pop FRA50-C1 x-amz-cf-id 5iIFXKE1CZ56moUbjpbBHejkeQMlBGFnjuzSplWFetAMetOKGL1QVQ== via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
GET H2	200	foot-icon03.svg www.winnerplay2019.com/lt/multi/contest2/	4 KB 2 KB	29ms 27ms	Image image/svg+xml	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.winnerplay2019.com/lt/multi/contest2/foot-icon03.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 3263bb41c37e93568aa88421e753f4247c809c3dc7b8e21c701c966d16eee5b0 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id X_Wjo80PKFR_D5d6CZ9FXpp8IIt0ApIc content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:28 GMT server AmazonS3 age 66684 date Tue, 17 Dec 2019 20:55:20 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml status 200 x-amz-cf-pop FRA50-C1 x-amz-cf-id pBsrfRaDTSY5u0weDNyPXdR4vH-4WJjXt58hLG0c6i0JMd0tV3kAgA== via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
GET H2	200	jquery-latest.min.js Show response www.winnerplay2019.com/lt/multi/contest2/	94 KB 33 KB	26ms 26ms	Script application/javascript	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/jquery-latest.min.js Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id L91HvgEjep2ILcjRTX4AkgSIPLyQTb3x content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:29 GMT server AmazonS3 age 5762 date Wed, 18 Dec 2019 13:50:42 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-pop FRA50-C1 x-amz-cf-id KsEkqfeRjgAuzTg3q82OCnFSSyS3XD1FiHbjU37ZATjQpxGP2W-A6g== via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
GET H2	200	svg4everybody.min.js Show response www.winnerplay2019.com/lt/multi/contest2/	2 KB 1 KB	21ms 21ms	Script application/javascript	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/svg4everybody.min.js Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash f07f6a30a14463d06d1e492211b5a9291ee684f2a6d2c792363721297208e9fb Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id 4d.pyq86_n_LKA0mInsNut_7WpuRq4SR content-encoding gzip last-modified Mon, 16 Sep 2019 13:58:30 GMT server AmazonS3 age 72745 date Tue, 17 Dec 2019 19:14:19 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-pop FRA50-C1 x-amz-cf-id g0pcJ_DRGv-Bpdnf55chYeFxCFwF_QwAe6UtPM1r86fO0AnJiv97gg== via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
GET H2	200	country Show response country.yepshare.com/geoip/	534 B 897 B	157ms 109ms	Script text/javascript	2606:4700:30::681f:560b Cloudflare
General Check archive.org Show headers Download Go to Full URL https://country.yepshare.com/geoip/country?callback=get_geoip Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:560b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Express Resource Hash de72b9c1416240a92928c1cec2e7b119e8b8122bedf295ba69c8ef0ac5ca0b4f Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 18 Dec 2019 15:26:44 GMT via 1.1 varnish x-content-type-options nosniff cf-cache-status DYNAMIC x-fastly-country AT age 507 x-powered-by Express x-cache HIT status 200 content-encoding br x-served-by cache-hhn4040-HHN server cloudflare x-timer S1576682804.057379,VS0,VE10 etag W/"216-5gHsBaW4YbK89wOAIo5Yq+xcb8A" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/javascript; charset=utf-8 access-control-allow-origin * x-cloudflare-country DE cf-ray 54722824da4a5958-VIE access-control-allow-headers X-Requested-With x-cache-hits 1
GET H/1.1	200 OK	p.js Show response my.rtmark.net/	709 B 1 KB	75ms 18ms	Script text/javascript	188.42.160.46 WEBZILLA
General Check archive.org Show headers Download Go to Full URL https://my.rtmark.net/p.js?f=sync&lr=1&partner=6ec4dd9b6c2415c7516714d098675141f7c59ec2bad694d3ad5a6660f0429f30 Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 188.42.160.46 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software nginx / Resource Hash 8f2b9d8e6a6693d72b792e927a08beef4c78263f95d5fddc158b4cbb9d5718dc Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Dec 2019 15:26:43 GMT X-Content-Type-Options nosniff Server nginx Strict-Transport-Security max-age=1 Access-Control-Allow-Methods POST, GET, OPTIONS, PUT, DELETE Content-Type text/javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Authorization Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin *, * Access-Control-Allow-Headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token Content-Length 709
GET H2	200	icons.svg www.winnerplay2019.com/lt/multi/contest2/	28 KB 7 KB	30ms 28ms	Other text/html	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/icons.svg Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash f53b34ae730ede9ff78b6fbbedbf1aaff98ac97bb51ec0d29a282d6e5d410b5f Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-amz-version-id UDRb0S5yqBc4yFAYk8oxZG7LuOHBDl6v content-encoding gzip last-modified Wed, 20 Feb 2019 12:32:18 GMT server AmazonS3 age 11801 date Wed, 18 Dec 2019 12:10:03 GMT vary Accept-Encoding x-cache Error from cloudfront content-type text/html status 200 x-amz-cf-pop FRA50-C1 x-amz-cf-id lOniXIKEpZEif-A2wXJYZXIs3UoqSi2mLP1tsEbn3GFeYPNHxXRFiw== via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
GET H/1.1	200 OK	img.gif my.rtmark.net/	43 B 707 B	20ms 20ms	Image image/gif	188.42.160.46 WEBZILLA
General Check archive.org Show headers Download Go to Show image Full URL https://my.rtmark.net/img.gif?f=sync&partner=6ec4dd9b6c2415c7516714d098675141f7c59ec2bad694d3ad5a6660f0429f30&ttl=&rurl= Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_CBC Server 188.42.160.46 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL), Reverse DNS Software nginx / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 18 Dec 2019 15:26:44 GMT X-Content-Type-Options nosniff Server nginx Strict-Transport-Security max-age=1 Access-Control-Allow-Methods POST, GET, OPTIONS, PUT, DELETE Content-Type image/gif Access-Control-Allow-Origin * Access-Control-Expose-Headers Authorization Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin *, * Access-Control-Allow-Headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token Content-Length 43
GET H2	200	en.json Show response www.winnerplay2019.com/lt/multi/contest2/lng/	2 KB 1 KB	35ms 35ms	XHR application/json	143.204.101.68 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.winnerplay2019.com/lt/multi/contest2/lng/en.json Requested by Host: www.winnerplay2019.com URL: https://www.winnerplay2019.com/lt/multi/contest2/jquery-latest.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.68 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-68.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 4f759603b6f2f0dd5ea495e9f10c4e2dbea0c17cf2c1c4469e6012ede311d562 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420 X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 14 Dec 2019 21:21:17 GMT content-encoding gzip last-modified Wed, 02 Oct 2019 14:50:04 GMT server AmazonS3 age 64446 vary Accept-Encoding x-cache Hit from cloudfront x-amz-version-id Ba5NAfqc55UzsQLwtH_S.Mym2omkC.yr status 200 x-amz-cf-pop FRA50-C1 content-type application/json x-amz-cf-id 0Qsjnc934DitQmdfvi1TiXo1_HpBzfE1dfVEGSyWP7RTbUFNXAjchQ== via 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Tracking (Transportation)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| html5 object| Modernizr function| $ function| jQuery function| svg4everybody object| jQuery111104164226526989465 boolean| changed_title function| _10fn4h4386 string| country string| code string| continent string| lg function| get_geoip

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.winnerplay2019.com/lt/multi/contest2/index.html?domain=youplay2019now.com&sub_id=a23420(Line 428) Message: EU

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

country.yepshare.com
my.rtmark.net
www.winnerplay2019.com
143.204.101.68
188.42.160.46
2606:4700:30::681f:560b
00b79e96e2324306f897649364907340e7d6ed2199bd7cd928cc2bec37d7c287
192c954608ecc1bc65823d4e08f66d316492e233391808aadcde1d1c84020ca1
3263bb41c37e93568aa88421e753f4247c809c3dc7b8e21c701c966d16eee5b0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f759603b6f2f0dd5ea495e9f10c4e2dbea0c17cf2c1c4469e6012ede311d562
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
62f7ef6281d5e0db3f14298ca3707ee3a9f61d1ee85ac5fa5dade011eafb32e9
72b5508eefd5a9c85c53de4e82c9e8821dea88160cddd36d31644506c1cbfa13
8262af88328f79655920973f71f6d4a63c76e6b1adc0f2150896fe147860e951
8f2b9d8e6a6693d72b792e927a08beef4c78263f95d5fddc158b4cbb9d5718dc
9158aae36be2004065168737f90058bf7ec534ac4d6c3b932e9b3c955c9efdd3
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
dbd8f7277d64322d3339639ada60d7c0dcb2999e683823dae814239af4e0dec8
de72b9c1416240a92928c1cec2e7b119e8b8122bedf295ba69c8ef0ac5ca0b4f
f07f6a30a14463d06d1e492211b5a9291ee684f2a6d2c792363721297208e9fb
f53b34ae730ede9ff78b6fbbedbf1aaff98ac97bb51ec0d29a282d6e5d410b5f