tekim.umj.ac.id Open in urlscan Pro
103.206.245.67 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://soo.gd/nm4h
Effective URL:
http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
Submission: On April 16 via manual (April 16th 2020, 4:40:20 pm UTC) from US

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 12 domains to perform 18 HTTP transactions. The main IP is 103.206.245.67, located in Indonesia and belongs to CEPATNET-AS-ID PT Mora Telematika Indonesia, ID. The main domain is tekim.umj.ac.id.

This is the only time tekim.umj.ac.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Weightloss Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	69.61.26.122 69.61.26.122	22653 (GLOBALCOM...) (GLOBALCOMPASS)
1	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:819::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:824::2002	15169 (GOOGLE) (GOOGLE)
3	172.217.21.194 172.217.21.194	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
1 1	212.85.127.209 212.85.127.209	12824 (HOMEPL-AS) (HOMEPL-AS)
2 2	192.241.240.89 192.241.240.89	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	103.206.245.67 103.206.245.67	131111 (CEPATNET-...) (CEPATNET-AS-ID PT Mora Telematika Indonesia)
2	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:84e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	11

1 69.61.26.122 (Atlanta, United States)

ASN22653 (GLOBALCOMPASS, US)

soo.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.21.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s12-in-f194.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.85.127.209 (Poland) 1 redirects

ASN12824 (HOMEPL-AS, PL)
PTR: cloudserver008083.home.pl

www.autyzmwpolsce.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.241.240.89 (New York, United States) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: server2.tiny.cc

tiny.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.206.245.67 (Indonesia)

ASN131111 (CEPATNET-AS-ID PT Mora Telematika Indonesia, ID)
PTR: ip-245-67.moratelindo.co.id

tekim.umj.ac.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	11 KB
3	doubleclick.net securepubads.g.doubleclick.net	86 KB
2	umj.ac.id tekim.umj.ac.id	2 KB
2	tiny.cc 2 redirects tiny.cc	1 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	cloudflare.com cdnjs.cloudflare.com	32 KB
1	autyzmwpolsce.pl 1 redirects www.autyzmwpolsce.pl	201 B
1	google.com adservice.google.com	245 B
1	google.de adservice.google.de	171 B
1	googletagmanager.com www.googletagmanager.com	29 KB
1	googletagservices.com www.googletagservices.com	15 KB
1	soo.gd soo.gd	2 KB
18	12

	Domain	Requested by
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
2	tekim.umj.ac.id	soo.gd
2	tiny.cc	2 redirects
2	www.google-analytics.com	www.googletagmanager.com soo.gd
1	cdnjs.cloudflare.com	tekim.umj.ac.id
1	www.autyzmwpolsce.pl	1 redirects
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	www.googletagmanager.com	soo.gd
1	www.googletagservices.com	soo.gd
1	soo.gd
18	13

This site contains no links.

Subject Issuer	Validity	Valid
www.soo.gd Let's Encrypt Authority X3	`2020-04-12` - `2020-07-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-04-01` - `2020-06-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-01` - `2020-06-24`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-04-01` - `2020-06-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh

This page contains 2 frames:

Primary Page: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
Frame ID: 38852E0A3EBF17EAFEE7110C314E42B9
Requests: 32 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: F1EE259968BF2EDA216F29760B758C81
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://soo.gd/nm4h Page URL
http://www.autyzmwpolsce.pl/openurl.php?bid=19&url=http://tiny.cc/9bc2mz HTTP 302
http://tiny.cc/9bc2mz HTTP 301
https://tiny.cc/9bc2mz HTTP 303
http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/qptta/dvz/?deal=ag... Page URL
http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0 Page URL

Page Statistics

18
Requests

89 %
HTTPS

58 %
IPv6

12
Domains

13
Subdomains

11
IPs

4
Countries

195 kB
Transfer

2448 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://soo.gd/nm4h Page URL
http://www.autyzmwpolsce.pl/openurl.php?bid=19&url=http://tiny.cc/9bc2mz HTTP 302
http://tiny.cc/9bc2mz HTTP 301
https://tiny.cc/9bc2mz HTTP 303
http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/qptta/dvz/?deal=agb1ddgy0t125 Page URL
http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

http://www.autyzmwpolsce.pl/openurl.php?bid=19&url=http://tiny.cc/9bc2mz HTTP 302
http://tiny.cc/9bc2mz HTTP 301
https://tiny.cc/9bc2mz HTTP 303
http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/qptta/dvz/?deal=agb1ddgy0t125

Request Chain 16

http://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

18 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK nm4h Show response
soo.gd/ 3 KB
2 KB 640ms
135ms Document
text/html 69.61.26.122
GLOBALCOMPASS

General

Check archive.org

Show headers Download Go to

Full URL

https://soo.gd/nm4h

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.61.26.122 Atlanta, United States, ASN22653 (GLOBALCOMPASS, US),

Reverse DNS

Software

Hotcores.com /

Resource Hash

287d016421fc693c418f910792b9d66b0af35cb41b0f165e8afd512c77043ab7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Host: soo.gd
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: Hotcores.com
Date: Thu, 16 Apr 2020 16:39:54 GMT
Content-Type: text/html; Charset=UTF-8;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Robots-Tag: noindex, nofollow
I-AM: Beta
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 42 KB
15 KB 32ms
15ms Script
text/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: soo.gd
URL: https://soo.gd/nm4h

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbb60378dcae88527197706899f71585572b5e01ca3b469cb4a68479c30a210

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 16 Apr 2020 16:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "487 / 413 of 1000 / last-modified: 1587053445"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 14265
x-xss-protection: 0
expires: Thu, 16 Apr 2020 16:40:01 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 79 KB
29 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:818::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-31510493-2

Requested by

Host: soo.gd
URL: https://soo.gd/nm4h

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cd404282f2feebbe097b83180489d71ff81e92b0b735135d2b138acdff00a2f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 16 Apr 2020 16:40:01 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 30046
x-xss-protection: 0
last-modified: Thu, 16 Apr 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Apr 2020 16:40:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 3687
date: Thu, 16 Apr 2020 15:38:34 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Thu, 16 Apr 2020 17:38:34 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 16ms
15ms Script
application/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=soo.gd

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Apr 2020 16:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
245 B 16ms
15ms Script
application/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=soo.gd

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Apr 2020 16:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020040702.js Show response
securepubads.g.doubleclick.net/gpt/ 167 KB
61 KB 145ms
51ms Script
text/javascript 172.217.21.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020040702.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s12-in-f194.1e100.net

Software

sffe /

Resource Hash

740078cb1778d885689a3108d2ca696b01fd80cb73437528af4ed0dd6e7466b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 16 Apr 2020 16:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Apr 2020 20:25:36 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 62521
x-xss-protection: 0
expires: Thu, 16 Apr 2020 16:40:01 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:819::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1397974900&t=pageview&_s=1&dl=https%3A%2F%2Fsoo.gd%2Fnm4h&ul=en-us&de=UTF-8&dt=nm4h&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1580960343&gjid=1113173150&cid=1101169771.1587055202&tid=UA-31510493-2&_gid=685321766.1587055202&_r=1&gtm=2ou480&z=515954734

Requested by

Host: soo.gd
URL: https://soo.gd/nm4h

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Apr 2020 16:40:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads
securepubads.g.doubleclick.net/gampad/ 395 B
712 B 85ms
85ms XHR
text/plain 172.217.21.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3258876807591703&correlator=2859198784867504&output=ldjh&impl=fif&adsid=NT&eid=21064823%2C21065202&vrg=2020040702&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200416&iu_parts=5837603%2CSGD_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1587055201&dt=1587055201810&dlt=1587055201466&idt=332&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=1216140633&ucis=1&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsoo.gd%2Fnm4h&dssz=10&icsg=680&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=330x423&msz=0x0&ga_vid=1101169771.1587055202&ga_sid=1587055202&ga_hid=1397974900&fws=128&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020040702.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s12-in-f194.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 16 Apr 2020 16:40:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 209
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://soo.gd
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020040702.js Show response
securepubads.g.doubleclick.net/gpt/ 64 KB
23 KB 52ms
52ms Script
text/javascript 172.217.21.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020040702.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020040702.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s12-in-f194.1e100.net

Software

sffe /

Resource Hash

fb30d19bfdc58c092bdabad889657613116021c0d07e936fdb3e9e5dbd669872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 16 Apr 2020 16:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Apr 2020 20:25:36 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 23928
x-xss-protection: 0
expires: Thu, 16 Apr 2020 16:40:01 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 20ms
6ms Other
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020040702.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H/1.1

200
OK

/ Show response
tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/qptta/dvz/
Redirect Chain

http://www.autyzmwpolsce.pl/openurl.php?bid=19&url=http://tiny.cc/9bc2mz
http://tiny.cc/9bc2mz
https://tiny.cc/9bc2mz
http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/qptta/dvz/?deal=agb1ddgy0t125

3 KB
2 KB

3221ms
3015ms

Document
text/html

103.206.245.67
CEPATNET-AS-ID PT...

General

Check archive.org

Show headers Download Go to

Full URL: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/qptta/dvz/?deal=agb1ddgy0t125
Requested by: Host: soo.gd
URL: https://soo.gd/nm4h
Protocol: HTTP/1.1
Server: 103.206.245.67 , Indonesia, ASN131111 (CEPATNET-AS-ID PT Mora Telematika Indonesia, ID),
Reverse DNS: ip-245-67.moratelindo.co.id
Software: Apache /
Resource Hash: a272436960ee110f810be6998264bd3597be3866187788ab31699797e1e5b0be

Request headers

Host: tekim.umj.ac.id
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://soo.gd/nm4h

Response headers

Date: Thu, 16 Apr 2020 16:40:09 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1407
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

Redirect headers

Server: nginx
Date: Thu, 16 Apr 2020 16:42:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.28
X-Frame-Options: sameorigin
Access-Control-Allow-Origin: *
Set-Cookie: main_session=x0yR1j84fpRMTPaF7yKnnkOAQj4gQzg0fCHHQ8KpwBvoUzE4xPQwOsLYPlb6DeexjSbEYsV1dLW02CiLnwOrsqhNfxjoCeK8R6DW5UXbjYrhDHFA5Zwz%2BPFWfsQ52IR09LM3BX5ttlzSHOY721qnLTBq6NrG5CF5VbjUqgPyuE64Z%2ByHx1zagLAguM5SLUpUS%2BoT2YphuPX506B4YKauygdxcUPv18Mz2wlSy%2FPA5ni7E%2BwSaAOqFQxPFtuIqFm1t74nbuawAOCZiFQx1dDZUMiriJWndFROX%2Ff4zsiki1Aw9LpA7WwGNiqY6k2CJLnWK%2FucODKJEjHOM0BA0okTuN53NP11vcx4Uyj2G%2F%2BtjxXwV6V5u2IDq9Wd%2BQ%2FhG0feuFCpZqR2Ysm5KgCbfzys83theX%2FWiBOtRd8NUouUBpdHj7W%2FIQhYmiZQBC9TW5JHUTgNXTQExiDm%2FMr22KmDP0ZwaftSnVTQh1NyB2Z8CCUKeqZu5rPxj2m8PcYJtZWyj33OZ69FBupcNxv%2FRX9ew50YMSP2VaCclXDUmnyelYn4gktdeJ5hzthlI2LpGjRzZ7mzCvl4ZTmiIYElFi4B7w68KtJBk145xR6Lhy%2BU%2B0TEtmswzpr2s8oUJGJOjr4k; expires=Fri, 17-Apr-2020 16:42:22 GMT; path=/; domain=.tiny.cc; secure; httponly
X-Robots-Tag: nofollow, noindex
Location: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/qptta/dvz/?deal=agb1ddgy0t125

GET
H2 200 sodar
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 31ms
19ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020040702&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020040702.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Apr 2020 16:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 5165
x-xss-protection: 0

GET
H2 200 sodar2.js
tpc.googlesyndication.com/sodar/ 14 KB
5 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020040702.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 16 Apr 2020 16:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582746470043195"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 5456
x-xss-protection: 0
expires: Thu, 16 Apr 2020 16:40:01 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame F1EE 0
0 6ms
6ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/209/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://soo.gd/nm4h
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://soo.gd/nm4h

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 5727
date: Thu, 16 Apr 2020 16:28:30 GMT
expires: Fri, 16 Apr 2021 16:28:30 GMT
last-modified: Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 691
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
227 B 17ms
16ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020040702&jk=3258876807591703&bg=!eXqlemJYqLzU2latpRsCAAAANlIAAAAKmQFSjtrBBChowQiPCWG-Zqi6AjskEy-Sl57oZ0TEvln44AlipVvBhE6PCO6Y6qBy0AHOjm85Q6TxepkJtCyjupOwIUm7aJ-GjDhFKLVv8D5_nN62IC6oRYziiYPshq_HjitkBsIOxA-j85lBxzMaYENupKuHPZW3p-FgKifl9xSTY6A2m7FIeO5LrTnfzcU0eWu-8Bud4hnAaVrMSoKNWJ9iZEzydgTUQfeEWiGhPXmXXzfQRCDJAhhMpc6p6amXrl1O4t-gUOq1QcMWreBA1uLmJyf3LUUL1QtvV5PwkW5LiGJRqDj-JQS6CWIgQxbSSocRPGvZ_tLTjaFrsg9-C4394oTEnKCxofegfpxAGnhKP4amGBoolhheECl7wGBsCT9HwH0-eB_n8W7nwEu6ErQUujeX3OzC6uOoZiZUrdBuQwqDxBGUmzGlvGyfg4oY8tGV0Gw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/nm4h
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Apr 2020 16:40:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Primary Request /
tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/ 1 MB
0 3557ms
3557ms Document
text/html 103.206.245.67
CEPATNET-AS-ID PT...

General

Check archive.org

Show headers Download Go to

Full URL: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
Requested by: Host: soo.gd
URL: https://soo.gd/nm4h
Protocol: HTTP/1.1
Server: 103.206.245.67 , Indonesia, ASN131111 (CEPATNET-AS-ID PT Mora Telematika Indonesia, ID),
Reverse DNS: ip-245-67.moratelindo.co.id
Software: Apache /
Resource Hash

Request headers

Host: tekim.umj.ac.id
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/qptta/dvz/?deal=agb1ddgy0t125
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/qptta/dvz/?deal=agb1ddgy0t125

Response headers

Date: Thu, 16 Apr 2020 16:40:10 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked

GET
H2

200

jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

95 KB
32 KB

17ms
17ms

Script
application/javascript

2606:4700::6810:84e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: tekim.umj.ac.id
URL: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 16 Apr 2020 16:40:14 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 14549440
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 022575d76b0000645bbd3a0200000001
served-in-seconds: 0.003
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:20:15 GMT
server: cloudflare
etag: W/"5afd494f-17b8b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 584f58d24a84645b-FRA
expires: Tue, 06 Apr 2021 16:40:14 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
Non-Authoritative-Reason: HSTS

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d4face6c75f425c2ff01d9db2b080f8a494035d006b34b4d7ce3171e508e9f95

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 32 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0011fd01a0d7c94f16540e0312f43148d47c9c4f1ac0ec768d4e22309fae5b98

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 91 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dad7f515accda98057a527c6d2bf039723b90b4c892273a9740a2a56f12501c9

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 62 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22c54c8c9b3cefd3ae2fdd10514f917a66974b4b51b020c0105abb325952877b

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 71 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3fa9325f3bc95c7c2a88a30571b67cfc7904c6402edc8b4fda9ab7caf39d1192

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 91 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15e3d6ecbb830ae7b4e0add2bda4275e4a1514e763d97751b13327a2b7ac1a87

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 75 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9e29c9c11075c1eb69393884562075299925e1de7672fcc29b01356634ca1c3

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 36 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aba596b7a72ffd61e8258da8ffbd3b4797cda31728fab525572a78f802ad89f9

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 35 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 940552a0d787f4ffa516c6e73dc8cfb84e8ef1d521592f83dba0552c0c25a933

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 47 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a999b97ef4417527b64d2c033f69b29fbe69c49125d928a79c2912043fd27e

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 23 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b5b95ceabcd121c2efd989911f7c906e753a38f8876300a1b82921c78806088

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5a22c4bfda1f7b5194ee24fc1db5eea3abac22e395097f244e58bfb037c7951

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 45 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c00339b175d5c10e5c82b2081cde9caef9f26e9da0a98e7ffe78ab1da8bac47

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 66 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 37 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://tekim.umj.ac.id/wp-content/plugins/apikey/listing_email/reviews_write.php/nkz/tsb/?8yd8d8kb8r0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Weightloss Scam (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdnjs.cloudflare.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
soo.gd
tekim.umj.ac.id
tiny.cc
tpc.googlesyndication.com
www.autyzmwpolsce.pl
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
103.206.245.67
172.217.21.194
192.241.240.89
212.85.127.209
2606:4700::6810:84e5
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2001
2a00:1450:4001:816::2002
2a00:1450:4001:818::2008
2a00:1450:4001:819::200e
2a00:1450:4001:824::2002
69.61.26.122
0011fd01a0d7c94f16540e0312f43148d47c9c4f1ac0ec768d4e22309fae5b98
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
15e3d6ecbb830ae7b4e0add2bda4275e4a1514e763d97751b13327a2b7ac1a87
22c54c8c9b3cefd3ae2fdd10514f917a66974b4b51b020c0105abb325952877b
287d016421fc693c418f910792b9d66b0af35cb41b0f165e8afd512c77043ab7
2c00339b175d5c10e5c82b2081cde9caef9f26e9da0a98e7ffe78ab1da8bac47
3fa9325f3bc95c7c2a88a30571b67cfc7904c6402edc8b4fda9ab7caf39d1192
48a999b97ef4417527b64d2c033f69b29fbe69c49125d928a79c2912043fd27e
5b5b95ceabcd121c2efd989911f7c906e753a38f8876300a1b82921c78806088
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6dbb60378dcae88527197706899f71585572b5e01ca3b469cb4a68479c30a210
740078cb1778d885689a3108d2ca696b01fd80cb73437528af4ed0dd6e7466b7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
940552a0d787f4ffa516c6e73dc8cfb84e8ef1d521592f83dba0552c0c25a933
a272436960ee110f810be6998264bd3597be3866187788ab31699797e1e5b0be
aba596b7a72ffd61e8258da8ffbd3b4797cda31728fab525572a78f802ad89f9
cd404282f2feebbe097b83180489d71ff81e92b0b735135d2b138acdff00a2f2
d4face6c75f425c2ff01d9db2b080f8a494035d006b34b4d7ce3171e508e9f95
d5a22c4bfda1f7b5194ee24fc1db5eea3abac22e395097f244e58bfb037c7951
dad7f515accda98057a527c6d2bf039723b90b4c892273a9740a2a56f12501c9
e9e29c9c11075c1eb69393884562075299925e1de7672fcc29b01356634ca1c3
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
fb30d19bfdc58c092bdabad889657613116021c0d07e936fdb3e9e5dbd669872

tekim.umj.ac.id Open in urlscan Pro 103.206.245.67 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

18 Requests

89 %HTTPS

58 %IPv6

12 Domains

13 Subdomains

11 IPs

4 Countries

195 kBTransfer

2448 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

tekim.umj.ac.id Open in urlscan Pro
103.206.245.67 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

89 %
HTTPS

58 %
IPv6

12
Domains

13
Subdomains

11
IPs

4
Countries

195 kB
Transfer

2448 kB
Size

0
Cookies

18 HTTP transactions
15 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!