zasasa.com Open in urlscan Pro
78.108.87.175 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://zasasa.com/
Submission: On October 13 via api (October 13th 2022, 2:43:36 am UTC) from SG — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 15 HTTP transactions. The main IP is 78.108.87.175, located in Russian Federation and belongs to MAJORDOMO, RU. The main domain is zasasa.com.

This is the only time zasasa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	78.108.87.175 78.108.87.175	43362 (MAJORDOMO) (MAJORDOMO)
1	78.108.80.33 78.108.80.33	43362 (MAJORDOMO) (MAJORDOMO)
6	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
15	8

1 78.108.87.175 (Russian Federation)

ASN43362 (MAJORDOMO, RU)
PTR: static.78.108.87.175.clients.majordomo.ru

zasasa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.108.80.33 (Russian Federation)

ASN43362 (MAJORDOMO, RU)
PTR: web15.majordomo.ru

crazyprogger.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 147	194 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 78 www.google.com — Cisco Umbrella Rank: 2	2 KB
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43	761 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 8724	792 B
1	crazyprogger.tk crazyprogger.tk	817 B
1	zasasa.com zasasa.com	1 KB
15	6

	Domain	Requested by
6	pagead2.googlesyndication.com	crazyprogger.tk pagead2.googlesyndication.com tpc.googlesyndication.com
3	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
1	www.google.com	tpc.googlesyndication.com
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	crazyprogger.tk	zasasa.com
1	zasasa.com
15	8

This site contains no links.

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh

This page contains 5 frames:

Primary Page: http://zasasa.com/
Frame ID: 9174F11B2DB011C91D61A9FEC7007E61
Requests: 1 HTTP requests in this frame

Frame: http://crazyprogger.tk/
Frame ID: 0C4595064BE4D5B1CB6433AEC1D5AF4F
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2075324756861714&output=html&h=90&slotname=4846096199&adk=452328410&adf=1743916470&pi=t.ma~as.4846096199&w=728&lmt=1665629013&url=http%3A%2F%2Fcrazyprogger.tk%2F&wgl=1&dt=1665629013115&bpp=22&bdt=194&idt=270&shv=r20221011&mjsv=m202210040101&ptt=5&saldr=sa&correlator=5412255272473&frm=22&ife=1&pv=2&ga_vid=1503018286.1665629013&ga_sid=1665629013&ga_hid=43238447&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=800&ish=181&ifk=343357945&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44767667%2C44774649%2C42531705%2C44768832%2C44774653%2C31069178&oid=2&pvsid=2188444111795105&uas=0&nvt=1&top=http%3A%2F%2Fzasasa.com%2F&eae=0&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C800%2C181&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=1.udw5cgjq03cc&fsb=1&xpc=ktsO5Slpt6&p=http%3A//crazyprogger.tk&dtd=285
Frame ID: 4CC979EE000FCC1DEAB5A1396BBBBB16
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 450CDFA1C1D8F93DE1F4521E5B7D8BA5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FEE98F172E116B3DC2584B3814A0FFC2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Zasasa.com - Internet service

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

15
Requests

80 %
HTTPS

75 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

200 kB
Transfer

548 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
zasasa.com/ 1 KB
1 KB 241ms
57ms Document
text/html 78.108.87.175
MAJORDOMO

General

Check archive.org

Show headers Download Go to

Full URL: http://zasasa.com/
Protocol: HTTP/1.1
Server: 78.108.87.175 , Russian Federation, ASN43362 (MAJORDOMO, RU),
Reverse DNS: static.78.108.87.175.clients.majordomo.ru
Software: Apache/2.2.23 (CentOS) /
Resource Hash: d68fd4e963b395273277ae5ae6fc55700580fae2a6ee49240d7edec5528b37f0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Length: 1321
Content-Type: text/html; charset=windows-1251
Date: Thu, 13 Oct 2022 02:43:32 GMT
Server: Apache/2.2.23 (CentOS)

GET
H/1.1 200
OK / Show response
crazyprogger.tk/ Frame 0C45 1 KB
817 B 177ms
59ms Document
text/html 78.108.80.33
MAJORDOMO

General

Check archive.org

Show headers Download Go to

Full URL: http://crazyprogger.tk/
Requested by: Host: zasasa.com
URL: http://zasasa.com/
Protocol: HTTP/1.1
Server: 78.108.80.33 , Russian Federation, ASN43362 (MAJORDOMO, RU),
Reverse DNS: web15.majordomo.ru
Software: nginx / PHP/5.2.17
Resource Hash: dc312fee30713e44a4c938b2608c80103affc93c261c3d147125323bb58b4a17

Request headers

Referer: http://zasasa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Length: 588
Content-Type: text/html; charset=UTF-8
Date: Thu, 13 Oct 2022 02:43:32 GMT
Server: nginx
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.17

GET
H/1.1 200
OK show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 0C45 113 KB
40 KB 94ms
56ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: crazyprogger.tk
URL: http://crazyprogger.tk/

Protocol

HTTP/1.1

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

613f59b5ab080bb579e2460a12cfc3975ba52539b6ac33b45ebd2a5feca4e3ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crazyprogger.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Thu, 13 Oct 2022 02:43:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 12922389974202834590
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Timing-Allow-Origin: *
Content-Length: 40084
X-XSS-Protection: 0
Expires: Thu, 13 Oct 2022 02:43:32 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210040101/ Frame 0C45 352 KB
116 KB 150ms
71ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210040101/show_ads_impl_with_ama_fy2021.js?client=pub-2075324756861714&plah=crazyprogger.tk

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

42acd468a661bed0cec67b6f154e8d6f93d40b45897c0025955384c47fad47a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crazyprogger.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 02:43:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118405
x-xss-protection: 0
server: cafe
etag: 15172081187570777608
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 13 Oct 2022 02:43:33 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 0C45 107 B
792 B 145ms
47ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=crazyprogger.tk

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210040101/show_ads_impl_with_ama_fy2021.js?client=pub-2075324756861714&plah=crazyprogger.tk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crazyprogger.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 02:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0C45 107 B
549 B 125ms
46ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=crazyprogger.tk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crazyprogger.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 02:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4CC9 430 B
761 B 187ms
102ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2075324756861714&output=html&h=90&slotname=4846096199&adk=452328410&adf=1743916470&pi=t.ma~as.4846096199&w=728&lmt=1665629013&url=http%3A%2F%2Fcrazyprogger.tk%2F&wgl=1&dt=1665629013115&bpp=22&bdt=194&idt=270&shv=r20221011&mjsv=m202210040101&ptt=5&saldr=sa&correlator=5412255272473&frm=22&ife=1&pv=2&ga_vid=1503018286.1665629013&ga_sid=1665629013&ga_hid=43238447&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=800&ish=181&ifk=343357945&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44767667%2C44774649%2C42531705%2C44768832%2C44774653%2C31069178&oid=2&pvsid=2188444111795105&uas=0&nvt=1&top=http%3A%2F%2Fzasasa.com%2F&eae=0&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C800%2C181&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=1.udw5cgjq03cc&fsb=1&xpc=ktsO5Slpt6&p=http%3A//crazyprogger.tk&dtd=285

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a71cff218150dc6a79d0aa2a2a650d13393cd84c6433a709b6002076d3b79801

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crazyprogger.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 207
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 02:43:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0C45 14 KB
11 KB 132ms
55ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221011&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf9d0a611ad84dc68e7ecf60986056d7ed8a33e97f4976d06e3381253673a6f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crazyprogger.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 02:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11107
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0C45 17 KB
7 KB 126ms
45ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crazyprogger.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 02:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 02:43:33 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 450C 13 KB
5 KB 132ms
39ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crazyprogger.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 20239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 12 Oct 2022 21:06:14 GMT
expires: Thu, 12 Oct 2023 21:06:14 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FEE9 783 B
1 KB 179ms
86ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

956c2b3ca0810fab9df2f510cb2c534bd29241eef0aea092c424bd73560c7812

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0JYE1GMIz4c4-Y7It9NcDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://crazyprogger.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-0JYE1GMIz4c4-Y7It9NcDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 02:43:34 GMT
expires: Thu, 13 Oct 2022 02:43:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 75n5MIkdKjMQGlOCWCYwhumMUPtaURPkn9Lrop-Fp5U.js Show response
pagead2.googlesyndication.com/bg/ Frame 450C 36 KB
16 KB 118ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/75n5MIkdKjMQGlOCWCYwhumMUPtaURPkn9Lrop-Fp5U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef99f930891d2a33101a538258263086e98c50fb5a5113e49fd2eba29f85a795

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 14:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45384
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15870
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 14:07:10 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FEE9 0
0 115ms
72ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221011&jk=2188444111795105&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 450C 0
10 B 38ms
38ms Image
text/plain 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?TwJ1WA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 02:43:34 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0C45 0
0 75ms
75ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221011&jk=2188444111795105&bg=!HB-lH1vNAAYqRg79CkY7ACkAdvg8WhukHokdKE1vVcufbAoX2TXRFpgl_KPOl_OzRA84UvOzpv6ACQIAAABFUgAAAAJoAQeZAruTvqRBehv3pTCMufQCHIJ1debnA58Vr_RzRQ9QCBC-XggmquUlU-_F3A-FDQtktudsqgswLOPNVVJxjNW5MQ5rHZ6NYmzUICmjAMV2NdpZqnpLfGgtkgz_EMt75NZ6jEI-c9_L7mgPXyh8vPNZdu02w8qcZeYp0EKZFcaR2p3bOi3lpV9R0cInvppzlgUrfqlaeg3-pnCykHJRJoMu5mhJvHISaLTfPvSga16KPeZlC5gJB6oiwgnNfimlSczoV5zzFpUUnxxXe42a-fYEFNPhnPKxtBsZ6I0kZTBcfKwfBXRYRBfQVdQyEikoMgSqHdNKZUo5exQ0DBu7Y74AF2p7HbUlgnHdNlATjtWgyCjNt9Y2AQllo95N4tyGysElTRXmL6lAfLkBXUGPxHgNIU4uIMBy5syqVdbZ4h4LknWWZ-WfeWilJ0l10BLDe_y52cj8875Mv0xKB9Jtn1ddH2dMRgaOKOFcQNdLHmJIPmv8Zx2TKPN3D-VagTTKU_fvwzeMSjXA1f7I0D7jtKHkuNmcmi3JHXsc1FPv3VFSYPzIPyC5ymgMLIxAkjS0fQxrWD24omwM5FkmszLFHnNQpxEltxnM4nlp24d2f2JzblCG8xMVacAtDsKq-iYdxmQWa7-UWiHwXJww-PTnKwogqIq99QHnw3kyfTRSLrABfc4tvrZ1va0DPpfNYUvpsm9yTRl-Zbem5rYkU5DHCyn9w2E6lU8kc2OG4nSJGH1hYBAHosfEh1yBTknQz5LTtnL_VCc_ez2Sdq4ibQotQFldcFEYZ9KF0bhQ_LhtlGqw5-YimjRoyj9P7PxtEBaS4IhUjMolMu0sa-C39cforM6issuuGnvS_alpQVJuGgIS4QXaq436lI3pYtkPUXjbMbMRNyUjnbXWKV2U9YnK-Ed8Y6MTPTxYsDskcvnw7xo
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crazyprogger.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-20 06:40:29	Name: test_cookie Value: CheckForPermission

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2075324756861714&output=html&h=90&slotname=4846096199&adk=452328410&adf=1743916470&pi=t.ma~as.4846096199&w=728&lmt=1665629013&url=http%3A%2F%2Fcrazyprogger.tk%2F&wgl=1&dt=1665629013115&bpp=22&bdt=194&idt=270&shv=r20221011&mjsv=m202210040101&ptt=5&saldr=sa&correlator=5412255272473&frm=22&ife=1&pv=2&ga_vid=1503018286.1665629013&ga_sid=1665629013&ga_hid=43238447&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=800&ish=181&ifk=343357945&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C44767667%2C44774649%2C42531705%2C44768832%2C44774653%2C31069178&oid=2&pvsid=2188444111795105&uas=0&nvt=1&top=http%3A%2F%2Fzasasa.com%2F&eae=0&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C800%2C181&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=1.udw5cgjq03cc&fsb=1&xpc=ktsO5Slpt6&p=http%3A//crazyprogger.tk&dtd=285 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
crazyprogger.tk
googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
www.google.com
zasasa.com
2a00:1450:4001:800::2002
2a00:1450:4001:806::2004
2a00:1450:4001:808::2001
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:82f::2002
78.108.80.33
78.108.87.175
42acd468a661bed0cec67b6f154e8d6f93d40b45897c0025955384c47fad47a0
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
613f59b5ab080bb579e2460a12cfc3975ba52539b6ac33b45ebd2a5feca4e3ea
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
956c2b3ca0810fab9df2f510cb2c534bd29241eef0aea092c424bd73560c7812
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71cff218150dc6a79d0aa2a2a650d13393cd84c6433a709b6002076d3b79801
cf9d0a611ad84dc68e7ecf60986056d7ed8a33e97f4976d06e3381253673a6f7
d68fd4e963b395273277ae5ae6fc55700580fae2a6ee49240d7edec5528b37f0
dc312fee30713e44a4c938b2608c80103affc93c261c3d147125323bb58b4a17
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef99f930891d2a33101a538258263086e98c50fb5a5113e49fd2eba29f85a795

zasasa.com Open in urlscan Pro 78.108.87.175 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

80 %HTTPS

75 %IPv6

6 Domains

8 Subdomains

8 IPs

2 Countries

200 kBTransfer

548 kBSize

1 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

zasasa.com Open in urlscan Pro
78.108.87.175 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

80 %
HTTPS

75 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

200 kB
Transfer

548 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions