ideaslibresoficial.com Open in urlscan Pro
72.167.126.225  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://cz.magickbook.live/dvdvd1111.html Page URL
2. https://ideaslibresoficial.com/dl/ Page URL
3. https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	dvdvd1111.html Show response cz.magickbook.live/	98 B 231 B	311ms 100ms	Document text/html	178.63.126.226 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://cz.magickbook.live/dvdvd1111.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 178.63.126.226 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.226.126.63.178.clients.your-server.de Software nginx/1.18.0 (Ubuntu) / Resource Hash d173b9d141f0f9f0fdad7c66b39a88c4df9bd5db0012a9235b0c68c7c364fcea Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language pt-PT,pt;q=0.9 Response headers accept-ranges bytes content-length 98 content-type text/html date Mon, 27 Nov 2023 20:22:16 GMT etag "6564e846-62" last-modified Mon, 27 Nov 2023 19:04:38 GMT server nginx/1.18.0 (Ubuntu)
GET H2	200	/ Show response ideaslibresoficial.com/dl/	204 B 373 B	739ms 260ms	Document text/html	72.167.126.225 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://ideaslibresoficial.com/dl/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.167.126.225 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 225.126.167.72.host.secureserver.net Software Apache / PHP/7.4.33 Resource Hash 73656dfe1a932a43c947396aefec6cfd1dc93cc0e5c0058c91a6a49d3e19fadd Request headers Referer https://cz.magickbook.live/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language pt-PT,pt;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-length 152 content-type text/html; charset=UTF-8 date Mon, 27 Nov 2023 20:22:18 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding x-powered-by PHP/7.4.33
GET H2	200	Primary Request rstontova.php Show response ideaslibresoficial.com/dl/	12 KB 4 KB	249ms 249ms	Document text/html	72.167.126.225 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.167.126.225 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 225.126.167.72.host.secureserver.net Software Apache / PHP/7.4.33 Resource Hash 259f44ce08f4d3e659c4bd4ce23435a7dcef0beee49110fdd647191e5865b447 Request headers Referer https://ideaslibresoficial.com/dl/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language pt-PT,pt;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-length 3666 content-type text/html; charset=UTF-8 date Mon, 27 Nov 2023 20:22:18 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding x-powered-by PHP/7.4.33
GET H2	200	main.css ideaslibresoficial.com/dl/guess/	138 KB 14 KB	981ms 980ms	Stylesheet text/css	72.167.126.225 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://ideaslibresoficial.com/dl/guess/main.css Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.167.126.225 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 225.126.167.72.host.secureserver.net Software Apache / Resource Hash b1d3d6097907be9c4730892b74c227e857dbaedd28c8480d52d51d17dbcb054c Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:18 GMT content-encoding br last-modified Sun, 11 Oct 2020 01:24:58 GMT server Apache etag "486373e-2260a-5b15b0cc60e80-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 14770
GET H2	200	vertical.png ideaslibresoficial.com/dl/guess/	245 KB 245 KB	255ms 255ms	Image image/png	72.167.126.225 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://ideaslibresoficial.com/dl/guess/vertical.png Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.167.126.225 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 225.126.167.72.host.secureserver.net Software Apache / Resource Hash 471fe7c33b2ac6fccc2200b7ecbf2db41349a7ae218afe24f204cb84fc5a550f Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:18 GMT last-modified Sun, 11 Oct 2020 01:24:58 GMT server Apache accept-ranges bytes etag "486375b-3d318-5b15b0cc60e80" content-length 250648 content-type image/png
GET H2	200	horizontal.png ideaslibresoficial.com/dl/guess/	5 KB 5 KB	980ms 980ms	Image image/png	72.167.126.225 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://ideaslibresoficial.com/dl/guess/horizontal.png Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.167.126.225 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 225.126.167.72.host.secureserver.net Software Apache / Resource Hash d379630f9694c5d1b89c52020420a824457ef5fc0e3daae1dd101a226c61ec90 Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:18 GMT last-modified Sun, 11 Oct 2020 01:24:58 GMT server Apache accept-ranges bytes etag "486373a-12e0-5b15b0cc60e80" content-length 4832 content-type image/png
GET H2	200	black.png ideaslibresoficial.com/dl/guess/	11 KB 11 KB	982ms 982ms	Image image/png	72.167.126.225 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://ideaslibresoficial.com/dl/guess/black.png Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.167.126.225 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 225.126.167.72.host.secureserver.net Software Apache / Resource Hash df8e91e89e60f25adb96a11a4d5b8a42da3fa2707da4da009947dc4d092ba3ab Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:19 GMT last-modified Sun, 11 Oct 2020 01:24:58 GMT server Apache accept-ranges bytes etag "4863735-2d5e-5b15b0cc60e80" content-length 11614 content-type image/png
GET H2	200	s.js Show response waust.at/	8 KB 4 KB	248ms 85ms	Script application/x-javascript	172.67.71.57 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://waust.at/s.js Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.57 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1 Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 12 Jan 2023 17:19:17 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2482 etag W/"63c04115-2170" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQXahgCTM4shIJqJT4UjLNHpxiG%2BAKAlF5lADWf9u2BNFTRYbdxoQjQkt6jpD5Ho8z2vaumHVL4rvtKqN8xiRG13D3m8Dgd3ouaczl4y850x8P%2FsC5hVAklT"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * cache-control max-age=86400 cf-ray 82cd151fb894867e-MAD expires Tue, 28 Nov 2023 19:40:56 GMT
GET H2	200	light-v2.woff2 ideaslibresoficial.com/dl/guess/	33 KB 33 KB	255ms 255ms	Font font/woff2	72.167.126.225 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://ideaslibresoficial.com/dl/guess/light-v2.woff2 Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/guess/main.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.167.126.225 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 225.126.167.72.host.secureserver.net Software Apache / Resource Hash eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0 Request headers Referer https://ideaslibresoficial.com/dl/guess/main.css Origin https://ideaslibresoficial.com accept-language pt-PT,pt;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:19 GMT content-encoding br last-modified Sun, 11 Oct 2020 01:24:58 GMT server Apache etag "486373d-8266-5b15b0cc60e80-br" vary Accept-Encoding content-type font/woff2 accept-ranges bytes content-length 33386
GET H2	200	bold-v2.woff2 ideaslibresoficial.com/dl/guess/	31 KB 31 KB	242ms 242ms	Font font/woff2	72.167.126.225 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://ideaslibresoficial.com/dl/guess/bold-v2.woff2 Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/guess/main.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.167.126.225 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 225.126.167.72.host.secureserver.net Software Apache / Resource Hash 06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47 Request headers Referer https://ideaslibresoficial.com/dl/guess/main.css Origin https://ideaslibresoficial.com accept-language pt-PT,pt;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:19 GMT content-encoding br last-modified Sun, 11 Oct 2020 01:24:58 GMT server Apache etag "4863737-7af8-5b15b0cc60e80-br" vary Accept-Encoding content-type font/woff2 accept-ranges bytes content-length 31484
GET H2	200	/ Show response t.dtscout.com/i/	2 KB 2 KB	397ms 278ms	Script application/javascript	141.101.120.11 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.dtscout.com/i/?l=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2Frstontova.php%3F%2Fsrtvonsone%2F%26action%3DFqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh&j=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2F Requested by Host: waust.at URL: https://waust.at/s.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 141.101.120.11 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 37d7722cc0cc3f2c0a28d966847afc2422a45757e53f7ae23e7c7dc033706603 Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:20 GMT x-t 0.299 content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BI%2BUekXAtOE9ub0rO%2BOorH1NrnOapKScJ6uUr7CyaLsTkv1fCgThHLjpoJ4TjvUiXskDcnqfbxaJZKuEMGzqo74hyBCm9OeNbrLqfnoi3ZldCR3kD5mRxcuHq%2FZx53k%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control no-cache x-s ger1 cf-ray 82cd15259a8048a0-LIS expires Mon, 27 Nov 2023 20:22:18 GMT
GET H2	200	/ Show response whos.amung.us/pingjs/	28 B 182 B	301ms 185ms	Script text/javascript	104.22.75.171 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://whos.amung.us/pingjs/?k=ilmgguie5t&t=Update%20DVLA%20-%20GOV.UK%20Verify%20-%20GOV.UK&c=s&x=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2Frstontova.php%3F%2Fsrtvonsone%2F%26action%3DFqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh&y=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2F&a=0&d=1.254&v=27&r=1363 Requested by Host: waust.at URL: https://waust.at/s.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.22.75.171 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f28f9cb8f23ee42408d7b4f69aa73649785ec86d7a539b5d7b482f5c6617a28b Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:19 GMT content-encoding gzip cf-cache-status DYNAMIC server cloudflare cf-ray 82cd15259ea903f6-LIS content-type text/javascript;charset=UTF-8
GET H2	200	govuk-crest.png ideaslibresoficial.com/dl/guess/	4 KB 4 KB	251ms 251ms	Image image/png	72.167.126.225 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://ideaslibresoficial.com/dl/guess/govuk-crest.png Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/guess/main.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.167.126.225 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 225.126.167.72.host.secureserver.net Software Apache / Resource Hash bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/dl/guess/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:19 GMT last-modified Sun, 11 Oct 2020 01:24:58 GMT server Apache accept-ranges bytes etag "4863739-e00-5b15b0cc60e80" content-length 3584 content-type image/png
GET H2	200	tc.js Show response cdn.tynt.com/	26 KB 9 KB	200ms 73ms	Script application/javascript	104.18.34.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.tynt.com/tc.js Requested by Host: waust.at URL: https://waust.at/s.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.34.83 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash df92371a548b99f90afb3caeb15fdd106cbb37809b0f3f9db3db055e581ac28a Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:20 GMT content-encoding gzip cf-cache-status HIT last-modified Thu, 05 Oct 2023 15:09:06 GMT server cloudflare age 149001 etag W/"651ed192-66a6" vary Accept-Encoding content-type application/javascript cache-control public, max-age=259200 cf-ray 82cd152789be950c-LIS expires Thu, 30 Nov 2023 20:22:20 GMT
GET DATA	200 OK	truncated /	439 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac Request headers accept-language pt-PT,pt;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/gif
GET H2	200	/ Show response t.dtscout.com/pv/	51 B 362 B	278ms 278ms	Script application/javascript	141.101.120.11 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.dtscout.com/pv/?_a=v&_h=ideaslibresoficial.com&_ss=svx9jjop6d&_pv=1&_ls=0&_u1=1&_u3=1&_cc=pt&_pl=d&_cbid=2h0k&_cb=_dtspv.c Requested by Host: t.dtscout.com URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2Frstontova.php%3F%2Fsrtvonsone%2F%26action%3DFqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh&j=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2F Protocol H2 Security TLS 1.3, , AES_128_GCM Server 141.101.120.11 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 63f7b1e8c14a391d2dda5e6233c19dce8a7abd66decabf8aed8f1d62f86b07c8 Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Mon, 27 Nov 2023 20:22:20 GMT x-t 0.164 content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LR6fEgSAWQmpNVq%2B2IDvuNvtfkp%2FNB5%2BT%2BufKJmItKmHR%2BkZI4ul8jaIBEEQuwKji%2B%2BVtPFfofhW80pzPQPP%2BBd23KGppUPChU%2F7A9KdIhYCUJHOW9ErWfbCSrpak0s%3D"}],"group":"cf-nel","max_age":604800} x-c 0 content-type application/javascript cache-control no-cache cf-ray 82cd15275e2248a0-LIS expires Mon, 27 Nov 2023 20:22:19 GMT
GET H2	204	p ic.tynt.com/b/	0 228 B	484ms 159ms	Image text/plain	67.202.105.33
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!ilmgguie5t&lm=0&ts=1701116540198&dn=TC&iso=0&pu=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2Frstontova.php%3F%2Fsrtvonsone%2F%26action%3DFqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh&r=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2F&t=Update%20DVLA%20-%20GOV.UK%20Verify%20-%20GOV.UK&chmob=0 Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 -, , ASN (), Reverse DNS Software nginx/1.16.1 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers expires "Sat, 26 Jul 1997 05:00:00 GMT" date Mon, 27 Nov 2023 20:22:20 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	200	v2 Show response de.tynt.com/deb/	4 B 327 B	485ms 159ms	Script application/javascript	67.202.105.33
General Check archive.org Show headers Download Go to Full URL https://de.tynt.com/deb/v2?id=w!ilmgguie5t&dn=TC&cc=1&chmob=0&r=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2F&pu=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2Frstontova.php%3F%2Fsrtvonsone%2F%26action%3DFqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Requested by Host: cdn.tynt.com URL: https://cdn.tynt.com/tc.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 -, , ASN (), Reverse DNS Software / Resource Hash d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179 Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA" date Mon, 27 Nov 2023 20:22:20 GMT cache-control max-age=86400 content-type application/javascript accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile content-length 4 expires Tue, 28 Nov 2023 20:22:20 GMT
GET H2	204	p ic.tynt.com/b/	0 227 B	160ms 160ms	Image text/plain	67.202.105.33
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!ilmgguie5t&lm=0&ts=1701116540198&dn=TC&iso=0&pu=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2Frstontova.php%3F%2Fsrtvonsone%2F%26action%3DFqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh&r=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2F&t=Update%20DVLA%20-%20GOV.UK%20Verify%20-%20GOV.UK Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 -, , ASN (), Reverse DNS Software nginx/1.16.1 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers expires "Sat, 26 Jul 1997 05:00:00 GMT" date Mon, 27 Nov 2023 20:22:20 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET H2	204	p ic.tynt.com/b/	0 227 B	159ms 159ms	Image text/plain	67.202.105.33
General Check archive.org Show headers Download Go to Show image Full URL https://ic.tynt.com/b/p?id=w!ilmgguie5t&lm=0&ts=1701116540198&dn=TC&iso=0&pu=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2Frstontova.php%3F%2Fsrtvonsone%2F%26action%3DFqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh&r=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2F Requested by Host: ideaslibresoficial.com URL: https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh Protocol H2 Security TLS 1.3, , AES_256_GCM Server 67.202.105.33 -, , ASN (), Reverse DNS Software nginx/1.16.1 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language pt-PT,pt;q=0.9 Referer https://ideaslibresoficial.com/dl/rstontova.php?/srtvonsone/&action=FqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers expires "Sat, 26 Jul 1997 05:00:00 GMT" date Mon, 27 Nov 2023 20:22:20 GMT cache-control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" server nginx/1.16.1 p3p CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
GET		p ic.tynt.com/b/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

ic.tynt.com

URL

https://ic.tynt.com/b/p?id=w!ilmgguie5t&lm=0&ts=1701116540198&dn=TC&iso=0&pu=https%3A%2F%2Fideaslibresoficial.com%2Fdl%2Frstontova.php%3F%2Fsrtvonsone%2F%26action%3DFqrMXwcGKCKpjyfTEtPAZWdgUPxCGxoczGUYaywmkqgcOHUh

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| qgpAH function| zQZxJvQJT function| myXNwPWtge2 function| CEQwLwuJPM3 function| abQuNL4 object| _wau object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x2 object| Tynt object| _dtspv object| _33Across function| __uspapi

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ideaslibresoficial.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: c6fd2e147298df2dbfdd96cb16af478d
			.dtscout.com/	1970-01-20 16:32:01	Name: m Value: 1
			.dtscout.com/	1970-01-20 16:32:10	Name: oa Value: 1
			.dtscout.com/	1970-01-20 18:55:56	Name: df Value: 1701116539

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.tynt.com
cz.magickbook.live
de.tynt.com
ic.tynt.com
ideaslibresoficial.com
t.dtscout.com
waust.at
whos.amung.us
ic.tynt.com
104.18.34.83
104.22.75.171
141.101.120.11
172.67.71.57
178.63.126.226
67.202.105.33
72.167.126.225
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
259f44ce08f4d3e659c4bd4ce23435a7dcef0beee49110fdd647191e5865b447
37d7722cc0cc3f2c0a28d966847afc2422a45757e53f7ae23e7c7dc033706603
471fe7c33b2ac6fccc2200b7ecbf2db41349a7ae218afe24f204cb84fc5a550f
63f7b1e8c14a391d2dda5e6233c19dce8a7abd66decabf8aed8f1d62f86b07c8
73656dfe1a932a43c947396aefec6cfd1dc93cc0e5c0058c91a6a49d3e19fadd
b1d3d6097907be9c4730892b74c227e857dbaedd28c8480d52d51d17dbcb054c
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
d173b9d141f0f9f0fdad7c66b39a88c4df9bd5db0012a9235b0c68c7c364fcea
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d379630f9694c5d1b89c52020420a824457ef5fc0e3daae1dd101a226c61ec90
df8e91e89e60f25adb96a11a4d5b8a42da3fa2707da4da009947dc4d092ba3ab
df92371a548b99f90afb3caeb15fdd106cbb37809b0f3f9db3db055e581ac28a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
f28f9cb8f23ee42408d7b4f69aa73649785ec86d7a539b5d7b482f5c6617a28b
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac