URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Submission: On July 15 via manual from JP

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 45.33.12.240, located in Dallas, United States and belongs to LINODE-AP Linode, LLC, US. The main domain is www.bingads04.xyz.
This is the only time www.bingads04.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tech Support Scam (Consumer)

Domain & IP information

IP Address AS Autonomous System
7 45.33.12.240 63949 (LINODE-AP...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
11 5
Domain Requested by
7 www.bingads04.xyz www.bingads04.xyz
2 www.google-analytics.com www.googletagmanager.com
1 ajax.googleapis.com www.bingads04.xyz
1 www.googletagmanager.com www.bingads04.xyz
11 4

This site contains no links.

Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1O1
2020-06-17 -
2020-09-09
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2020-06-17 -
2020-09-09
3 months crt.sh

This page contains 1 frames:

Primary Page: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Frame ID: 0C8292469142BC6FEAF9D633187B7889
Requests: 12 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

11
Requests

36 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

181 kB
Transfer

473 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request peter333.php
www.bingads04.xyz/a20287/20200715/us/static/
2 KB
1 KB
Document
General
Full URL
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Protocol
HTTP/1.1
Server
45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li966-240.members.linode.com
Software
nginx / PHP/5.4.45
Resource Hash
a5dc0e731d94fdfeea1a6985483137275b63e6b1e4902f8c59611eb0fa6c802c

Request headers

Host
www.bingads04.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Wed, 15 Jul 2020 04:36:26 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/5.4.45
Content-Encoding
gzip
zepto.min.js
www.bingads04.xyz/a20287/20200715/us/static/js22/
25 KB
10 KB
Script
General
Full URL
http://www.bingads04.xyz/a20287/20200715/us/static/js22/zepto.min.js
Requested by
Host: www.bingads04.xyz
URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Protocol
HTTP/1.1
Server
45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li966-240.members.linode.com
Software
nginx /
Resource Hash
e094daff39a7fadab01be75eb3652905ff64fd5c67ba4b10929e9845abbf7b72

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 15 Jul 2020 04:36:26 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 Jul 2020 08:15:51 GMT
Server
nginx
ETag
W/"5efc4637-6232"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Wed, 15 Jul 2020 16:36:26 GMT
base64.min.js
www.bingads04.xyz/a20287/20200715/us/static/js22/
871 B
1 KB
Script
General
Full URL
http://www.bingads04.xyz/a20287/20200715/us/static/js22/base64.min.js
Requested by
Host: www.bingads04.xyz
URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Protocol
HTTP/1.1
Server
45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li966-240.members.linode.com
Software
nginx /
Resource Hash
4c833a30edf2345e0bbf0f80d572c4cb2fea8875b83008d00a3248a888472b26

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 15 Jul 2020 04:36:26 GMT
Last-Modified
Wed, 01 Jul 2020 08:15:51 GMT
Server
nginx
ETag
"5efc4637-367"
Content-Type
application/javascript
Cache-Control
max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
871
Expires
Wed, 15 Jul 2020 16:36:26 GMT
js
www.googletagmanager.com/gtag/
85 KB
33 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-149868268-3
Requested by
Host: www.bingads04.xyz
URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
483fb57549d82a7dfe9852d011ab255b78028052bbf9a6f2247ead7c8c858141
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 15 Jul 2020 04:36:26 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34153
x-xss-protection
0
last-modified
Wed, 15 Jul 2020 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 Jul 2020 04:36:26 GMT
source.php
www.bingads04.xyz/a20287/20200715/us/static/
60 KB
21 KB
XHR
General
Full URL
http://www.bingads04.xyz/a20287/20200715/us/static/source.php?v=&_=1594787786842
Requested by
Host: www.bingads04.xyz
URL: http://www.bingads04.xyz/a20287/20200715/us/static/js22/zepto.min.js
Protocol
HTTP/1.1
Server
45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li966-240.members.linode.com
Software
nginx / PHP/5.4.45
Resource Hash
2a18747c129c3b944b63c3a10a8f47d64167f617f65260b4a511e8e8b9e5c6c0

Request headers

Accept
*/*
Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 15 Jul 2020 04:36:26 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/5.4.45
Vary
Accept-Encoding
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-149868268-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
6008
date
Wed, 15 Jul 2020 02:56:18 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Wed, 15 Jul 2020 04:56:18 GMT
collect
www.google-analytics.com/r/
35 B
105 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j83&a=645405735&t=pageview&_s=1&dl=http%3A%2F%2Fwww.bingads04.xyz%2Fa20287%2F20200715%2Fus%2Fstatic%2Fpeter333.php%3Fsub%3D234319880118%26tel%3D%26utm_source%3D%26utm_medium%3D&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=287655840&gjid=1747397566&cid=1559022716.1594787787&tid=UA-149868268-3&_gid=1764536527.1594787787&_r=1&gtm=2ou783&z=2090734199
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Jul 2020 04:36:26 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.2/
95 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js
Requested by
Host: www.bingads04.xyz
URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 01 Jul 2020 15:51:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1169079
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34009
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 01 Jul 2021 15:51:48 GMT
defender.png
www.bingads04.xyz/a20287/20200715/us/static/files/
13 KB
13 KB
Image
General
Full URL
http://www.bingads04.xyz/a20287/20200715/us/static/files/defender.png
Requested by
Host: www.bingads04.xyz
URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Protocol
HTTP/1.1
Server
45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li966-240.members.linode.com
Software
nginx /
Resource Hash
7ce2ae13d717596ff63a6d0694e87f94d96246a2d5fa7d8d153fb17af7d0d42d

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 15 Jul 2020 04:36:27 GMT
Last-Modified
Mon, 17 Feb 2020 17:33:17 GMT
Server
nginx
ETag
"5e4ace5d-344a"
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13386
Expires
Fri, 14 Aug 2020 04:36:27 GMT
truncated
/
467 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
534005da6673059024215f36a4cab983faa7041190223bba39edd845f9445bc1

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
a.mp3
www.bingads04.xyz/a20287/20200715/us/static/files/
99 KB
0
Media
General
Full URL
http://www.bingads04.xyz/a20287/20200715/us/static/files/a.mp3
Requested by
Host: www.bingads04.xyz
URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Protocol
HTTP/1.1
Server
45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li966-240.members.linode.com
Software
nginx /
Resource Hash

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range
bytes=0-

Response headers

Date
Wed, 15 Jul 2020 04:36:27 GMT
Last-Modified
Wed, 01 Jul 2020 08:15:51 GMT
Server
nginx
ETag
"5efc4637-23170"
Content-Type
audio/mpeg
Content-Range
bytes 0-143727/143728
Connection
keep-alive
Content-Length
143728
song.mp3
www.bingads04.xyz/a20287/20200715/us/static/files/
49 KB
50 KB
Media
General
Full URL
http://www.bingads04.xyz/a20287/20200715/us/static/files/song.mp3
Requested by
Host: www.bingads04.xyz
URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Protocol
HTTP/1.1
Server
45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li966-240.members.linode.com
Software
nginx /
Resource Hash
59b1b0e0dda3abbfdedb60f066d9532cb91c60ee15ff1ebebae04eecb7305101

Request headers

Referer
http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium=
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range
bytes=0-

Response headers

Date
Wed, 15 Jul 2020 04:36:27 GMT
Last-Modified
Mon, 17 Feb 2020 17:33:37 GMT
Server
nginx
ETag
"5e4ace71-c5a6"
Content-Type
audio/mpeg
Content-Range
bytes 0-50597/50598
Connection
keep-alive
Content-Length
50598

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Zepto function| $ function| b64DecodeUnicode function| getQueryString function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| jQuery object| _0x4797 object| _0xf4d2 string| stroka string| urrl object| _0x5759 function| openBrowser function| toggleFullScreen object| _0x2bf1 object| _0x2290 object| _0x80f8 object| _0xda4c object| _0x4b34 function| makeNewPosition function| animateDiv function| calcSpeed object| _0xc711 function| nocontextmenu function| norightclick object| _0x96ec string| params object| _0xa5f6 function| confirmExit object| target

3 Cookies

Domain/Path Name / Value
.bingads04.xyz/ Name: _gat_gtag_UA_149868268_3
Value: 1
.bingads04.xyz/ Name: _gid
Value: GA1.2.1764536527.1594787787
.bingads04.xyz/ Name: _ga
Value: GA1.2.1559022716.1594787787