www.bingads04.xyz Open in urlscan Pro
45.33.12.240  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request peter333.php Show response www.bingads04.xyz/a20287/20200715/us/static/	2 KB 1 KB	1505ms 264ms	Document text/html	45.33.12.240 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Protocol HTTP/1.1 Server 45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li966-240.members.linode.com Software nginx / PHP/5.4.45 Resource Hash a5dc0e731d94fdfeea1a6985483137275b63e6b1e4902f8c59611eb0fa6c802c Request headers Host www.bingads04.xyz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server nginx Date Wed, 15 Jul 2020 04:36:26 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding X-Powered-By PHP/5.4.45 Content-Encoding gzip
GET H/1.1	200 OK	zepto.min.js Show response www.bingads04.xyz/a20287/20200715/us/static/js22/	25 KB 10 KB	142ms 141ms	Script application/javascript	45.33.12.240 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL http://www.bingads04.xyz/a20287/20200715/us/static/js22/zepto.min.js Requested by Host: www.bingads04.xyz URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Protocol HTTP/1.1 Server 45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li966-240.members.linode.com Software nginx / Resource Hash e094daff39a7fadab01be75eb3652905ff64fd5c67ba4b10929e9845abbf7b72 Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 15 Jul 2020 04:36:26 GMT Content-Encoding gzip Last-Modified Wed, 01 Jul 2020 08:15:51 GMT Server nginx ETag W/"5efc4637-6232" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Wed, 15 Jul 2020 16:36:26 GMT
GET H/1.1	200 OK	base64.min.js Show response www.bingads04.xyz/a20287/20200715/us/static/js22/	871 B 1 KB	273ms 259ms	Script application/javascript	45.33.12.240 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL http://www.bingads04.xyz/a20287/20200715/us/static/js22/base64.min.js Requested by Host: www.bingads04.xyz URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Protocol HTTP/1.1 Server 45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li966-240.members.linode.com Software nginx / Resource Hash 4c833a30edf2345e0bbf0f80d572c4cb2fea8875b83008d00a3248a888472b26 Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 15 Jul 2020 04:36:26 GMT Last-Modified Wed, 01 Jul 2020 08:15:51 GMT Server nginx ETag "5efc4637-367" Content-Type application/javascript Cache-Control max-age=43200 Connection keep-alive Accept-Ranges bytes Content-Length 871 Expires Wed, 15 Jul 2020 16:36:26 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	85 KB 33 KB	31ms 31ms	Script application/javascript	2a00:1450:4001:80b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-149868268-3 Requested by Host: www.bingads04.xyz URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 483fb57549d82a7dfe9852d011ab255b78028052bbf9a6f2247ead7c8c858141 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 15 Jul 2020 04:36:26 GMT content-encoding br vary Accept-Encoding status 200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 34153 x-xss-protection 0 last-modified Wed, 15 Jul 2020 03:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 15 Jul 2020 04:36:26 GMT
GET H/1.1	200 OK	source.php Show response www.bingads04.xyz/a20287/20200715/us/static/	60 KB 21 KB	139ms 139ms	XHR text/html	45.33.12.240 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL http://www.bingads04.xyz/a20287/20200715/us/static/source.php?v=&_=1594787786842 Requested by Host: www.bingads04.xyz URL: http://www.bingads04.xyz/a20287/20200715/us/static/js22/zepto.min.js Protocol HTTP/1.1 Server 45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li966-240.members.linode.com Software nginx / PHP/5.4.45 Resource Hash 2a18747c129c3b944b63c3a10a8f47d64167f617f65260b4a511e8e8b9e5c6c0 Request headers Accept */* Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 15 Jul 2020 04:36:26 GMT Content-Encoding gzip Server nginx X-Powered-By PHP/5.4.45 Vary Accept-Encoding Content-Type text/html Transfer-Encoding chunked Connection keep-alive
GET H2	200	analytics.js Show response www.google-analytics.com/	45 KB 18 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:80b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-149868268-3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Thu, 04 Jun 2020 23:38:14 GMT server Golfe2 age 6008 date Wed, 15 Jul 2020 02:56:18 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18469 expires Wed, 15 Jul 2020 04:56:18 GMT
GET H2	200	collect www.google-analytics.com/r/	35 B 105 B	13ms 13ms	Image image/gif	2a00:1450:4001:80b::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/r/collect?v=1&_v=j83&a=645405735&t=pageview&_s=1&dl=http%3A%2F%2Fwww.bingads04.xyz%2Fa20287%2F20200715%2Fus%2Fstatic%2Fpeter333.php%3Fsub%3D234319880118%26tel%3D%26utm_source%3D%26utm_medium%3D&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=287655840&gjid=1747397566&cid=1559022716.1594787787&tid=UA-149868268-3&_gid=1764536527.1594787787&_r=1&gtm=2ou783&z=2090734199 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Wed, 15 Jul 2020 04:36:26 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 status 200 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.12.2/	95 KB 33 KB	6ms 5ms	Script text/javascript	2a00:1450:4001:818::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js Requested by Host: www.bingads04.xyz URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Wed, 01 Jul 2020 15:51:48 GMT content-encoding gzip x-content-type-options nosniff age 1169079 status 200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 34009 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Thu, 01 Jul 2021 15:51:48 GMT
GET H/1.1	200 OK	defender.png www.bingads04.xyz/a20287/20200715/us/static/files/	13 KB 13 KB	137ms 137ms	Image image/png	45.33.12.240 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL http://www.bingads04.xyz/a20287/20200715/us/static/files/defender.png Requested by Host: www.bingads04.xyz URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Protocol HTTP/1.1 Server 45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li966-240.members.linode.com Software nginx / Resource Hash 7ce2ae13d717596ff63a6d0694e87f94d96246a2d5fa7d8d153fb17af7d0d42d Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 15 Jul 2020 04:36:27 GMT Last-Modified Mon, 17 Feb 2020 17:33:17 GMT Server nginx ETag "5e4ace5d-344a" Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 13386 Expires Fri, 14 Aug 2020 04:36:27 GMT
GET DATA	200 OK	truncated /	467 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 534005da6673059024215f36a4cab983faa7041190223bba39edd845f9445bc1 Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	206 Partial Content	a.mp3 www.bingads04.xyz/a20287/20200715/us/static/files/	99 KB 0	140ms 139ms	Media audio/mpeg	45.33.12.240 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL http://www.bingads04.xyz/a20287/20200715/us/static/files/a.mp3 Requested by Host: www.bingads04.xyz URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Protocol HTTP/1.1 Server 45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li966-240.members.linode.com Software nginx / Resource Hash Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Range bytes=0- Response headers Date Wed, 15 Jul 2020 04:36:27 GMT Last-Modified Wed, 01 Jul 2020 08:15:51 GMT Server nginx ETag "5efc4637-23170" Content-Type audio/mpeg Content-Range bytes 0-143727/143728 Connection keep-alive Content-Length 143728
GET H/1.1	206 Partial Content	song.mp3 www.bingads04.xyz/a20287/20200715/us/static/files/	49 KB 50 KB	265ms 252ms	Media audio/mpeg	45.33.12.240 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL http://www.bingads04.xyz/a20287/20200715/us/static/files/song.mp3 Requested by Host: www.bingads04.xyz URL: http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Protocol HTTP/1.1 Server 45.33.12.240 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li966-240.members.linode.com Software nginx / Resource Hash 59b1b0e0dda3abbfdedb60f066d9532cb91c60ee15ff1ebebae04eecb7305101 Request headers Referer http://www.bingads04.xyz/a20287/20200715/us/static/peter333.php?sub=234319880118&tel=&utm_source=&utm_medium= Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Range bytes=0- Response headers Date Wed, 15 Jul 2020 04:36:27 GMT Last-Modified Mon, 17 Feb 2020 17:33:37 GMT Server nginx ETag "5e4ace71-c5a6" Content-Type audio/mpeg Content-Range bytes 0-50597/50598 Connection keep-alive Content-Length 50598

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Zepto function| $ function| b64DecodeUnicode function| getQueryString function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| jQuery object| _0x4797 object| _0xf4d2 string| stroka string| urrl object| _0x5759 function| openBrowser function| toggleFullScreen object| _0x2bf1 object| _0x2290 object| _0x80f8 object| _0xda4c object| _0x4b34 function| makeNewPosition function| animateDiv function| calcSpeed object| _0xc711 function| nocontextmenu function| norightclick object| _0x96ec string| params object| _0xa5f6 function| confirmExit object| target

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bingads04.xyz/	1970-01-19 10:59:47	Name: _gat_gtag_UA_149868268_3 Value: 1
			.bingads04.xyz/	1970-01-19 11:01:14	Name: _gid Value: GA1.2.1764536527.1594787787
			.bingads04.xyz/	1970-01-20 04:30:59	Name: _ga Value: GA1.2.1559022716.1594787787

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
www.bingads04.xyz
www.google-analytics.com
www.googletagmanager.com
2a00:1450:4001:80b::2008
2a00:1450:4001:80b::200e
2a00:1450:4001:818::200a
45.33.12.240
2a18747c129c3b944b63c3a10a8f47d64167f617f65260b4a511e8e8b9e5c6c0
483fb57549d82a7dfe9852d011ab255b78028052bbf9a6f2247ead7c8c858141
4c833a30edf2345e0bbf0f80d572c4cb2fea8875b83008d00a3248a888472b26
534005da6673059024215f36a4cab983faa7041190223bba39edd845f9445bc1
59b1b0e0dda3abbfdedb60f066d9532cb91c60ee15ff1ebebae04eecb7305101
7ce2ae13d717596ff63a6d0694e87f94d96246a2d5fa7d8d153fb17af7d0d42d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9
a5dc0e731d94fdfeea1a6985483137275b63e6b1e4902f8c59611eb0fa6c802c
e094daff39a7fadab01be75eb3652905ff64fd5c67ba4b10929e9845abbf7b72
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955