www.tcboogiebus.com Open in urlscan Pro
160.153.51.4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://v.ht/DWWS
Effective URL:
http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map....
Submission: On May 01 via manual (May 1st 2020, 1:00:47 pm UTC) from US

Summary HTTP 71 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 14 domains to perform 71 HTTP transactions. The main IP is 160.153.51.4, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is www.tcboogiebus.com.

This is the only time www.tcboogiebus.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lion's Den Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	69.61.26.122 69.61.26.122	22653 (GLOBALCOM...) (GLOBALCOMPASS)
2	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE)
2	216.58.210.2 216.58.210.2	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81e::2001	15169 (GOOGLE) (GOOGLE)
1 1	2001:981:9280... 2001:981:9280:1:36:37:38:39	3265 (XS4ALL-NL...) (XS4ALL-NL Amsterdam)
1 1	2a02:6b8::221 2a02:6b8::221	13238 (YANDEX) (YANDEX)
1 1	2a02:6b8::232 2a02:6b8::232	13238 (YANDEX) (YANDEX)
2	160.153.51.4 160.153.51.4	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
5 10	198.54.125.32 198.54.125.32	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2606:4700::68... 2606:4700::6810:84e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
71	11

1 69.61.26.122 (Atlanta, United States)

ASN22653 (GLOBALCOMPASS, US)

v.ht	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.210.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:981:9280:1:36:37:38:39 (Elburg, Netherlands) 1 redirects

ASN3265 (XS4ALL-NL Amsterdam, NL)

resquel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::221 (Moscow, Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

clck.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::232 (Moscow, Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

sba.yandex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 160.153.51.4 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-160-153-51-4.ip.secureserver.net

www.tcboogiebus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 198.54.125.32 (Los Angeles, United States) 5 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: premium72-1.web-hosting.com

bestfreevpn.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	bestfreevpn.xyz 5 redirects bestfreevpn.xyz	26 KB
5	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	11 KB
2	tcboogiebus.com www.tcboogiebus.com	12 KB
2	doubleclick.net securepubads.g.doubleclick.net	86 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	cloudflare.com cdnjs.cloudflare.com	30 KB
1	yandex.net 1 redirects sba.yandex.net	417 B
1	clck.ru 1 redirects clck.ru	514 B
1	resquel.com 1 redirects resquel.com	233 B
1	google.com adservice.google.com	171 B
1	google.de adservice.google.de	778 B
1	googletagmanager.com www.googletagmanager.com	30 KB
1	googletagservices.com www.googletagservices.com	14 KB
1	v.ht v.ht	2 KB
71	14

	Domain	Requested by
10	bestfreevpn.xyz	5 redirects www.tcboogiebus.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
2	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
2	www.tcboogiebus.com	v.ht
2	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com v.ht
1	cdnjs.cloudflare.com	www.tcboogiebus.com
1	sba.yandex.net	1 redirects
1	clck.ru	1 redirects
1	resquel.com	1 redirects
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	www.googletagmanager.com	v.ht
1	www.googletagservices.com	v.ht
1	v.ht
71	15

This site contains no links.

Subject Issuer	Validity	Valid
www.v.ht Let's Encrypt Authority X3	`2020-05-01` - `2020-07-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
bestfreevpn.xyz Sectigo RSA Domain Validation Secure Server CA	`2020-02-03` - `2021-02-02`	a year	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh

This page contains 2 frames:

Primary Page: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
Frame ID: D0CC03C9AA3B8747AE434733F1B4856C
Requests: 70 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 69CA645BD22F314A1BFB8C3EE26F37A9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://v.ht/DWWS Page URL
https://resquel.com/ssb/ct.ashx?id=a7837d59-58d0-4322-9d6b-1570d640f02e&url=https://clck.ru/N29fH HTTP 302
https://clck.ru/N29fH HTTP 302
https://sba.yandex.net/redirect?url=http%3A%2F%2Fwww.tcboogiebus.com%2Freseller%2Fabonnement%2Fprin... HTTP 302
http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/infor... Page URL
http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/infor... Page URL

Page Statistics

71
Requests

28 %
HTTPS

69 %
IPv6

14
Domains

15
Subdomains

11
IPs

4
Countries

228 kB
Transfer

735 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://v.ht/DWWS Page URL
https://resquel.com/ssb/ct.ashx?id=a7837d59-58d0-4322-9d6b-1570d640f02e&url=https://clck.ru/N29fH HTTP 302
https://clck.ru/N29fH HTTP 302
https://sba.yandex.net/redirect?url=http%3A%2F%2Fwww.tcboogiebus.com%2Freseller%2Fabonnement%2Fprintout%2Fprintarticle%2Flexicon%2Ftradenotify%2Ftopsites%2Finformation-12%2Fworld_map.php%2Furwbq%2Fmgw%2F%3Ffarmer%3Defr1gt11amz00d&client=clck&sign=9d3cdc94ddad2b58125b94c80a5a429d HTTP 302
http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/urwbq/mgw/?farmer=efr1gt11amz00d Page URL
http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://resquel.com/ssb/ct.ashx?id=a7837d59-58d0-4322-9d6b-1570d640f02e&url=https://clck.ru/N29fH HTTP 302
https://clck.ru/N29fH HTTP 302
https://sba.yandex.net/redirect?url=http%3A%2F%2Fwww.tcboogiebus.com%2Freseller%2Fabonnement%2Fprintout%2Fprintarticle%2Flexicon%2Ftradenotify%2Ftopsites%2Finformation-12%2Fworld_map.php%2Furwbq%2Fmgw%2F%3Ffarmer%3Defr1gt11amz00d&client=clck&sign=9d3cdc94ddad2b58125b94c80a5a429d HTTP 302
http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/urwbq/mgw/?farmer=efr1gt11amz00d

Request Chain 15

http://bestfreevpn.xyz/html/de/css/ouibounce.css HTTP 301
https://bestfreevpn.xyz/html/de/css/ouibounce.css

Request Chain 16

http://bestfreevpn.xyz/html/de/css/bootstrap.css HTTP 301
https://bestfreevpn.xyz/html/de/css/bootstrap.css

Request Chain 17

http://bestfreevpn.xyz/html/de/css/style.css HTTP 301
https://bestfreevpn.xyz/html/de/css/style.css

Request Chain 18

http://bestfreevpn.xyz/html/de/lib/backDay-de.js HTTP 301
https://bestfreevpn.xyz/html/de/lib/backDay-de.js

Request Chain 19

http://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Request Chain 20

http://bestfreevpn.xyz/html/de/css/theme_c3b2nq.css HTTP 301
https://bestfreevpn.xyz/html/de/css/theme_c3b2nq.css

71 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK DWWS Show response
v.ht/ 3 KB
2 KB 485ms
127ms Document
text/html 69.61.26.122
GLOBALCOMPASS

General

Check archive.org

Show headers Download Go to

Full URL

https://v.ht/DWWS

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.61.26.122 Atlanta, United States, ASN22653 (GLOBALCOMPASS, US),

Reverse DNS

Software

Hotcores.com /

Resource Hash

c68f4f4dba1ef5b96e5024a72b47955b482ba3232504ca53cc24496b10d584a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Host: v.ht
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: Hotcores.com
Date: Fri, 01 May 2020 13:00:10 GMT
Content-Type: text/html; Charset=UTF-8;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Robots-Tag: noindex, nofollow
I-AM: Beta
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 43 KB
14 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: v.ht
URL: https://v.ht/DWWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

115d22a94f892ccb0a72daf29f19c4a8b7719d279514b43d719f6cf4d94df4c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "502 / 748 of 1000 / last-modified: 1588292333"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 14504
x-xss-protection: 0
expires: Fri, 01 May 2020 13:00:26 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 80 KB
30 KB 27ms
16ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-31510493-3

Requested by

Host: v.ht
URL: https://v.ht/DWWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6204d07a7dddf5ab383cc5c41a5cb598b7b733196786df4c51cf00a10055dbad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:26 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30217
x-xss-protection: 0
last-modified: Fri, 01 May 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 May 2020 13:00:26 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 1311
date: Fri, 01 May 2020 12:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18174
expires: Fri, 01 May 2020 14:38:35 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
778 B 34ms
14ms Script
application/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=v.ht

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 May 2020 13:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 15ms
14ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=v.ht

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 May 2020 13:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020042302.js Show response
securepubads.g.doubleclick.net/gpt/ 237 KB
85 KB 29ms
29ms Script
text/javascript 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042302.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

sffe /

Resource Hash

0b3678d81937a06cba82b9b8d1b69a6e60c1133246d9798e681bf3908aa390bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 23 Apr 2020 17:07:14 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87243
x-xss-protection: 0
expires: Fri, 01 May 2020 13:00:26 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=773024313&t=pageview&_s=1&dl=https%3A%2F%2Fv.ht%2FDWWS&ul=en-us&de=UTF-8&dt=DWWS&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=752653607&gjid=1500460983&cid=761635362.1588338027&tid=UA-31510493-3&_gid=520727354.1588338027&_r=1&gtm=2ou4m0&z=999625832

Requested by

Host: v.ht
URL: https://v.ht/DWWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 May 2020 13:00:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads
securepubads.g.doubleclick.net/gampad/ 393 B
393 B 62ms
62ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3935361467406333&correlator=301475919039817&output=ldjh&impl=fif&adsid=NT&eid=21064170%2C21065932&vrg=2020042302&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200501&iu_parts=5837603%2CVht_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1588338026&dt=1588338026804&dlt=1588338026684&idt=105&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=495576698&ucis=1&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fv.ht%2FDWWS&dssz=10&icsg=680&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x423&msz=0x0&ga_vid=761635362.1588338027&ga_sid=1588338027&ga_hid=773024313&ga_fc=true&fws=128&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042302.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://v.ht
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
5ms Other
text/html 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042302.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H/1.1

200
OK

/ Show response
www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/urwbq/mgw/
Redirect Chain

https://resquel.com/ssb/ct.ashx?id=a7837d59-58d0-4322-9d6b-1570d640f02e&url=https://clck.ru/N29fH
https://clck.ru/N29fH
https://sba.yandex.net/redirect?url=http%3A%2F%2Fwww.tcboogiebus.com%2Freseller%2Fabonnement%2Fprintout%2Fprintarticle%2Flexicon%2Ftradenotify%2Ftopsites%2Finformation-12%2Fworld_map.php%2Furwbq%2F...
http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/urwbq/mgw/?farmer=efr1gt11amz00d

3 KB
1 KB

1260ms
1217ms

Document
text/html

160.153.51.4
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/urwbq/mgw/?farmer=efr1gt11amz00d
Requested by: Host: v.ht
URL: https://v.ht/DWWS
Protocol: HTTP/1.1
Server: 160.153.51.4 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-160-153-51-4.ip.secureserver.net
Software: Apache / PHP/5.4.45
Resource Hash: 233912218af1dad95c38ffa9419a7a0812410aa657be7b673a8c2b462ffed570

Request headers

Host: www.tcboogiebus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://v.ht/DWWS

Response headers

Date: Fri, 01 May 2020 13:00:27 GMT
Server: Apache
X-Powered-By: PHP/5.4.45
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1163
Keep-Alive: timeout=5
Content-Type: text/html

Redirect headers

Content-Length: 525
Content-Type: text/html; charset=utf-8
Date: Fri, 01 May 2020 13:00:27 GMT
Location: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/urwbq/mgw/?farmer=efr1gt11amz00d
Strict-Transport-Security: max-age=3600; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H2 200 sodar
pagead2.googlesyndication.com/getconfig/ 7 KB
5 KB 17ms
17ms XHR
application/json 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020042302&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042302.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 May 2020 13:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5488
x-xss-protection: 0

GET
H2 200 sodar2.js
tpc.googlesyndication.com/sodar/ 14 KB
5 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042302.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582746470043195"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5456
x-xss-protection: 0
expires: Fri, 01 May 2020 13:00:26 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 69CA 0
0 6ms
5ms Document
text/html 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/209/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://v.ht/DWWS
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://v.ht/DWWS

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 5727
date: Fri, 01 May 2020 12:18:26 GMT
expires: Sat, 01 May 2021 12:18:26 GMT
last-modified: Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2520
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
58 B 14ms
14ms Image
image/gif 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020042302&jk=3935361467406333&bg=!1tWl1c1YCqr0AydU584CAAAAO1IAAAAMmQFs_fzsn9YEBS61jyT-EvibGtV1tC3GxT9lg-I8N2ewB7iXRywvR7OitD5UGSAnrxkExTeh_DNh-m3tBeMlcadEP057CbgFHbtUxSD3iOBKY1-mcAvnWUJRpa56RkDdZ7KF0Vja84j3cY8jvqqiWVMG5t3P41_Sy7wpcUm9vyo1yA8oxWRicuvNJn93EcacSQxt0wfQYfCh8W8RqAD11q_KW1PfTzPpYqJVmSMPlODTWnqhmS4PPVnLLIhbiDegQsQQ4oVhnxY3xu_tfkR3lM94YwdeCNW65e38oJ230nEiEbJprnktbSU7MxwmZ6-oLj5SV9EfvB6E587QrGW2Z0hLUnCh1v9abG0wciVQPIJ0t7AUKEvmlLIzrhp73z2rYkgBei4RqQv7PqL4BtkDCQXFod245AaMem2fzwsVY91bitKPkk10kFlzMucnaake4iuVuluTkzAbmtF_LIpITTFqHRHTiC-XdvE_58Vu5Q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/DWWS
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 May 2020 13:00:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Primary Request / Show response
www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/ 58 KB
11 KB 1266ms
1266ms Document
text/html 160.153.51.4
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
Requested by: Host: v.ht
URL: https://v.ht/DWWS
Protocol: HTTP/1.1
Server: 160.153.51.4 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-160-153-51-4.ip.secureserver.net
Software: Apache / PHP/5.4.45
Resource Hash: 01903fbb42bcd1d8c61fb49ec496fc9f2ce927100cf401d31c583b3573e758c8

Request headers

Host: www.tcboogiebus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/urwbq/mgw/?farmer=efr1gt11amz00d
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/urwbq/mgw/?farmer=efr1gt11amz00d

Response headers

Date: Fri, 01 May 2020 13:00:29 GMT
Server: Apache
X-Powered-By: PHP/5.4.45
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 10739
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html

GET
H2

200

ouibounce.css
bestfreevpn.xyz/html/de/css/
Redirect Chain

http://bestfreevpn.xyz/html/de/css/ouibounce.css
https://bestfreevpn.xyz/html/de/css/ouibounce.css

4 KB
1020 B

4452ms
4120ms

Stylesheet
text/css

198.54.125.32
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://bestfreevpn.xyz/html/de/css/ouibounce.css
Requested by: Host: www.tcboogiebus.com
URL: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.125.32 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium72-1.web-hosting.com
Software: Apache /
Resource Hash: 9af171df04c5d2ec5c97b490453a6beec46da794810c24cc4e0862aed0a57b7d

Request headers

Referer: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:39 GMT
content-encoding: gzip
last-modified: Sat, 25 Apr 2020 19:20:59 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 864

Redirect headers

Location: https://bestfreevpn.xyz/html/de/css/ouibounce.css
Date: Fri, 01 May 2020 13:00:35 GMT
Server: Apache
Content-Length: 257
Content-Type: text/html; charset=iso-8859-1

GET
H2

200

bootstrap.css
bestfreevpn.xyz/html/de/css/
Redirect Chain

http://bestfreevpn.xyz/html/de/css/bootstrap.css
https://bestfreevpn.xyz/html/de/css/bootstrap.css

147 KB
21 KB

4152ms
3840ms

Stylesheet
text/css

198.54.125.32
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://bestfreevpn.xyz/html/de/css/bootstrap.css
Requested by: Host: www.tcboogiebus.com
URL: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.125.32 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium72-1.web-hosting.com
Software: Apache /
Resource Hash: 6a4dd42a51d139daba9631c26daab8a8d4a1e238704caa78f7920a316a218e5b

Request headers

Referer: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:39 GMT
content-encoding: gzip
last-modified: Sat, 25 Apr 2020 19:20:59 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 21388

Redirect headers

Location: https://bestfreevpn.xyz/html/de/css/bootstrap.css
Date: Fri, 01 May 2020 13:00:35 GMT
Server: Apache
Content-Length: 257
Content-Type: text/html; charset=iso-8859-1

GET
H2

200

style.css
bestfreevpn.xyz/html/de/css/
Redirect Chain

http://bestfreevpn.xyz/html/de/css/style.css
https://bestfreevpn.xyz/html/de/css/style.css

8 KB
2 KB

4456ms
4120ms

Stylesheet
text/css

198.54.125.32
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://bestfreevpn.xyz/html/de/css/style.css
Requested by: Host: www.tcboogiebus.com
URL: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.125.32 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium72-1.web-hosting.com
Software: Apache /
Resource Hash: dc3e40a283a2e359ac6ec65e207c6264ff06246576bd0bed924a9658537537c5

Request headers

Referer: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:39 GMT
content-encoding: gzip
last-modified: Sat, 25 Apr 2020 19:20:59 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 1942

Redirect headers

Location: https://bestfreevpn.xyz/html/de/css/style.css
Date: Fri, 01 May 2020 13:00:35 GMT
Server: Apache
Content-Length: 253
Content-Type: text/html; charset=iso-8859-1

GET
H2

200

backDay-de.js Show response
bestfreevpn.xyz/html/de/lib/
Redirect Chain

http://bestfreevpn.xyz/html/de/lib/backDay-de.js
https://bestfreevpn.xyz/html/de/lib/backDay-de.js

741 B
522 B

4452ms
4121ms

Script
application/javascript

198.54.125.32
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://bestfreevpn.xyz/html/de/lib/backDay-de.js
Requested by: Host: www.tcboogiebus.com
URL: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.125.32 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium72-1.web-hosting.com
Software: Apache /
Resource Hash: a3770b0519974c3b9d09384c1ed062800cb71ee1642e3fdd2ab5b4e2e04e1f1f

Request headers

Referer: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:39 GMT
content-encoding: gzip
last-modified: Sat, 25 Apr 2020 19:20:59 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 352

Redirect headers

Location: https://bestfreevpn.xyz/html/de/lib/backDay-de.js
Date: Fri, 01 May 2020 13:00:35 GMT
Server: Apache
Content-Length: 257
Content-Type: text/html; charset=iso-8859-1

GET
H2

200

jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

86 KB
30 KB

24ms
23ms

Script
application/javascript

2606:4700::6810:84e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: www.tcboogiebus.com
URL: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 May 2020 13:00:30 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 24297165
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 0271ec0f6500001f3957a48200000001
served-in-seconds: 0.003
timing-allow-origin: *
last-modified: Wed, 01 May 2019 21:45:59 GMT
server: cloudflare
etag: W/"5cca1397-15851"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 58c9af923f451f39-FRA
expires: Wed, 21 Apr 2021 13:00:30 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

theme_c3b2nq.css
bestfreevpn.xyz/html/de/css/
Redirect Chain

http://bestfreevpn.xyz/html/de/css/theme_c3b2nq.css
https://bestfreevpn.xyz/html/de/css/theme_c3b2nq.css

21 B
131 B

4454ms
4120ms

Stylesheet
text/css

198.54.125.32
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://bestfreevpn.xyz/html/de/css/theme_c3b2nq.css
Requested by: Host: www.tcboogiebus.com
URL: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.125.32 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium72-1.web-hosting.com
Software: Apache /
Resource Hash: 4e0f2cb203e4cbd5c7433d348c079f8e08f305de9b8fc88ae19ff4c57974962f

Request headers

Referer: http://www.tcboogiebus.com/reseller/abonnement/printout/printarticle/lexicon/tradenotify/topsites/information-12/world_map.php/bgrd/mdqsf/?9us9y9cf9p0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Fri, 01 May 2020 13:00:39 GMT
last-modified: Sat, 25 Apr 2020 19:20:59 GMT
server: Apache
accept-ranges: bytes
content-length: 21
content-type: text/css

Redirect headers

Location: https://bestfreevpn.xyz/html/de/css/theme_c3b2nq.css
Date: Fri, 01 May 2020 13:00:35 GMT
Server: Apache
Content-Length: 260
Content-Type: text/html; charset=iso-8859-1

GET news-top.png
bestfreevpn.xyz/html/de/images/ 0
0

GET asseenin.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET top-banner.png
bestfreevpn.xyz/html/de/images/ 0
0

GET janie.png
bestfreevpn.xyz/html/de/images/ 0
0

GET 2.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET mid-image.png
bestfreevpn.xyz/html/de/images/ 0
0

GET code-step3.png
bestfreevpn.xyz/html/de/images/ 0
0

GET t1.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET t2.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET t3.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET t4.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET t5.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET side1.png
bestfreevpn.xyz/html/de/images/ 0
0

GET side2.png
bestfreevpn.xyz/html/de/images/ 0
0

GET side3.png
bestfreevpn.xyz/html/de/images/ 0
0

GET side4.png
bestfreevpn.xyz/html/de/images/ 0
0

GET side5.png
bestfreevpn.xyz/html/de/images/ 0
0

GET side6.png
bestfreevpn.xyz/html/de/images/ 0
0

GET side7.png
bestfreevpn.xyz/html/de/images/ 0
0

GET checkmark.png
bestfreevpn.xyz/html/de/images/ 0
0

GET codeside-step1.png
bestfreevpn.xyz/html/de/images/ 0
0

GET codeside-step2.png
bestfreevpn.xyz/html/de/images/ 0
0

GET codeside-step3.png
bestfreevpn.xyz/html/de/images/ 0
0

GET code-step1.png
bestfreevpn.xyz/html/de/images/ 0
0

GET code-step2.png
bestfreevpn.xyz/html/de/images/ 0
0

GET lewis.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET tanya.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET jenni.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET cash.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET katy.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET amanda.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET julie.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET sarah.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET kirs.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET celia.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET alanna.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET alice.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET mark.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET ashley.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET hick.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET brit.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET shel.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET jill.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET molly.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET jenna.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET laura.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET sara.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET silver.jpg
bestfreevpn.xyz/html/de/images/ 0
0

GET got.jpg
bestfreevpn.xyz/html/de/images/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/news-top.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/asseenin.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/top-banner.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/janie.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/2.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/mid-image.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/code-step3.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/t1.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/t2.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/t3.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/t4.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/t5.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/side1.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/side2.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/side3.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/side4.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/side5.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/side6.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/side7.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/checkmark.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/codeside-step1.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/codeside-step2.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/codeside-step3.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/code-step1.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/code-step2.png

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/lewis.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/tanya.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/jenni.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/cash.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/katy.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/amanda.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/julie.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/sarah.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/kirs.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/celia.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/alanna.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/alice.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/mark.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/ashley.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/hick.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/brit.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/shel.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/jill.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/molly.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/jenna.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/laura.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/sara.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/silver.jpg

Domain: bestfreevpn.xyz
URL: http://bestfreevpn.xyz/html/de/images/got.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Lion's Den Scam (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
bestfreevpn.xyz
cdnjs.cloudflare.com
clck.ru
pagead2.googlesyndication.com
resquel.com
sba.yandex.net
securepubads.g.doubleclick.net
tpc.googlesyndication.com
v.ht
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
www.tcboogiebus.com
bestfreevpn.xyz
160.153.51.4
198.54.125.32
2001:981:9280:1:36:37:38:39
216.58.210.2
2606:4700::6810:84e5
2a00:1450:4001:809::2002
2a00:1450:4001:809::2008
2a00:1450:4001:809::200e
2a00:1450:4001:814::2002
2a00:1450:4001:81e::2001
2a02:6b8::221
2a02:6b8::232
69.61.26.122
01903fbb42bcd1d8c61fb49ec496fc9f2ce927100cf401d31c583b3573e758c8
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b3678d81937a06cba82b9b8d1b69a6e60c1133246d9798e681bf3908aa390bc
115d22a94f892ccb0a72daf29f19c4a8b7719d279514b43d719f6cf4d94df4c3
233912218af1dad95c38ffa9419a7a0812410aa657be7b673a8c2b462ffed570
4e0f2cb203e4cbd5c7433d348c079f8e08f305de9b8fc88ae19ff4c57974962f
6204d07a7dddf5ab383cc5c41a5cb598b7b733196786df4c51cf00a10055dbad
6a4dd42a51d139daba9631c26daab8a8d4a1e238704caa78f7920a316a218e5b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9af171df04c5d2ec5c97b490453a6beec46da794810c24cc4e0862aed0a57b7d
a3770b0519974c3b9d09384c1ed062800cb71ee1642e3fdd2ab5b4e2e04e1f1f
c68f4f4dba1ef5b96e5024a72b47955b482ba3232504ca53cc24496b10d584a8
dc3e40a283a2e359ac6ec65e207c6264ff06246576bd0bed924a9658537537c5
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

www.tcboogiebus.com Open in urlscan Pro 160.153.51.4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

71 Requests

28 %HTTPS

69 %IPv6

14 Domains

15 Subdomains

11 IPs

4 Countries

228 kBTransfer

735 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.tcboogiebus.com Open in urlscan Pro
160.153.51.4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

28 %
HTTPS

69 %
IPv6

14
Domains

15
Subdomains

11
IPs

4
Countries

228 kB
Transfer

735 kB
Size

0
Cookies

71 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!