urlscan.io logo urlscan.io
SecurityTrails logo

0.magic5.biz Open in urlscan Pro
188.166.64.127  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hairoak.com/1tyas2v5a3?zninxco=86&refer=https%3A%2F%2Fwww.soccerhockeyfans.com%2Fpage.php%3Fhash%3Dbaba36&ad...
Effective URL: https://0.magic5.biz/index.php?p=haygenlfgm5dcnjw&sub1=15fa6zwtlk2fnd7a
Submission Tags: falconsandbox
Submission: On December 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 6 countries across 7 domains to perform 10 HTTP transactions. The main IP is 188.166.64.127, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is 0.magic5.biz.
TLS certificate: Issued by R3 on December 14th 2021. Valid for: 3 months.
This is the only time 0.magic5.biz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 192.243.59.20 39572 (ADVANCEDH...)
1 3.69.1.168 16509 (AMAZON-02)
3 4 95.216.71.125 24940 (HETZNER-AS)
1 185.162.10.217 59729 (ITL-BG)
3 139.45.197.251 9002 (RETN-AS)
1 139.45.195.8 9002 (RETN-AS)
2 188.166.64.127 14061 (DIGITALOC...)
10 8
2    192.243.59.20 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
hairoak.com
1    3.69.1.168 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-1-168.eu-central-1.compute.amazonaws.com
venetrigni.com
4    95.216.71.125 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.125.71.216.95.clients.your-server.de
tracker-tds.info
1    185.162.10.217 (Sofia, Bulgaria)

ASN59729 (ITL-BG, UA)
PTR: vps10770.hosted-by.eurohoster.online
1.sabs-push.xyz
3    139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)
deefauph.com
1    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
2    188.166.64.127 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
magic5.biz
0.magic5.biz
Domain Requested by
4 tracker-tds.info 3 redirects 1.sabs-push.xyz
3 deefauph.com 1.sabs-push.xyz
deefauph.com
2 hairoak.com 1 redirects
1 0.magic5.biz magic5.biz
1 magic5.biz
1 my.rtmark.net deefauph.com
1 1.sabs-push.xyz
1 venetrigni.com hairoak.com
10 8

This site contains no links.

Subject Issuer Validity Valid
venetrigni.com
Amazon		 2021-07-28 -
2022-08-26		 a year crt.sh
1.sabs-push.xyz
R3		 2021-09-27 -
2021-12-26		 3 months crt.sh
deefauph.com
R3		 2021-11-07 -
2022-02-05		 3 months crt.sh
*.rtmark.net
Sectigo RSA Domain Validation Secure Server CA		 2021-11-20 -
2022-11-26		 a year crt.sh
tracker-tds.info
R3		 2021-10-20 -
2022-01-18		 3 months crt.sh
magic1.biz
R3		 2021-12-14 -
2022-03-14		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://0.magic5.biz/index.php?p=haygenlfgm5dcnjw&sub1=15fa6zwtlk2fnd7a
Frame ID: 0D58CF10FBADBAB18DE6CBB8CA2B7CE3
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

video

Page URL History Show full URLs

  1. http://hairoak.com/1tyas2v5a3?zninxco=86&refer=https%3A%2F%2Fwww.soccerhockeyfans.com%2Fpage.ph... Page URL
  2. http://hairoak.com/1tyas2v5a3?shu=c9af47f806af4638dc7bf3812b4497cf6fe8f9c60cb0110235af4ca9a2651... HTTP 302
    https://tracker-tds.info/index.php?key=tvxllufqvww9lxefbb1l&SUB_ID_SHORT=033517a4d9f8f8387ef234f4ece4... HTTP 302
    https://tracker-tds.info/index.php?key=0fy8mwoxkto2i5yaydnf&clickid=987e6zwtlk2a23ad HTTP 302
    https://1.sabs-push.xyz/?clickid=c906fzwtlk2a6ac2&uclick=zwtlk2a2&uclickhash=zwtlk2a2-zwtlk2a6-37-0-... Page URL
  3. https://tracker-tds.info/index.php?key=0m3kex8j47sh7x0wskc1 HTTP 302
    https://tracker-tds.info/nlp/index.php?sub1=15fa6zwtlk2fnd7a&url_bnm_redirect=https://magic5.biz/go/h... Page URL
  4. https://magic5.biz/go/haygenlfgm5dcnjw?sub1=15fa6zwtlk2fnd7a Page URL
  5. https://0.magic5.biz/index.php?p=haygenlfgm5dcnjw&sub1=15fa6zwtlk2fnd7a Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

8
IPs

6
Countries

107 kB
Transfer

186 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hairoak.com/1tyas2v5a3?zninxco=86&refer=https%3A%2F%2Fwww.soccerhockeyfans.com%2Fpage.php%3Fhash%3Dbaba36&ad=1497485&ud=ODMuMjQyLjg1LjE0Mg%3D%3D&td=1639598970&kw=%5B%5D&key=c2c5c7372f32d6b91781836c4ce66e51&scrWidth=1920&scrHeight=1080&tz=1&v=21.1.v.1&res=7.31&dev=r... Page URL
  2. http://hairoak.com/1tyas2v5a3?shu=c9af47f806af4638dc7bf3812b4497cf6fe8f9c60cb0110235af4ca9a26513f728f4ec63a3e65d8901de19167dc88f8146e00540b7c9179ba4b53700af3ec208a871f728f5400b5504c68d6dc0ed0c80840f36e4&pst=1639650469&rmtc=t&uuid=80f1e285-b728-41ed-91f4-a8a6a0435d91%3A3%3A1&pii=&in=false&key=c2c5c7372f32d6b91781836c4ce66e51&refer=https%3A%2F%2Fwww.soccerhockeyfans.com%2Fpage.php%3Fhash%3Dbaba36&ad=1497485&td=1639598970&scrHeight=1080&dev=r...&res=7.31&zninxco=86&ud=ODMuMjQyLjg1LjE0Mg%3D%3D&kw=%5B%5D&scrWidth=1920&tz=1&v=21.1.v.1 HTTP 302
    https://tracker-tds.info/index.php?key=tvxllufqvww9lxefbb1l&SUB_ID_SHORT=033517a4d9f8f8387ef234f4ece44c1b&cost={payout}&PLACEMENT_ID=29221&CAMPAIGN_ID=525342&DEVICE_BRAND=Unknown&BROWSER_NAME=Chrome&USER_OS=Windows&USER_CARRIER=Hetzner%20Online%20GmbH&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F96.0.4664.93%20Safari%2F537.36&REMOTE_LANGUAGE=15&BANNER_ID=1596187 HTTP 302
    https://tracker-tds.info/index.php?key=0fy8mwoxkto2i5yaydnf&clickid=987e6zwtlk2a23ad HTTP 302
    https://1.sabs-push.xyz/?clickid=c906fzwtlk2a6ac2&uclick=zwtlk2a2&uclickhash=zwtlk2a2-zwtlk2a6-37-0-17wj-6jfe-7v52-a0439f Page URL
  3. https://tracker-tds.info/index.php?key=0m3kex8j47sh7x0wskc1 HTTP 302
    https://tracker-tds.info/nlp/index.php?sub1=15fa6zwtlk2fnd7a&url_bnm_redirect=https://magic5.biz/go/haygenlfgm5dcnjw Page URL
  4. https://magic5.biz/go/haygenlfgm5dcnjw?sub1=15fa6zwtlk2fnd7a Page URL
  5. https://0.magic5.biz/index.php?p=haygenlfgm5dcnjw&sub1=15fa6zwtlk2fnd7a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://hairoak.com/1tyas2v5a3?shu=c9af47f806af4638dc7bf3812b4497cf6fe8f9c60cb0110235af4ca9a26513f728f4ec63a3e65d8901de19167dc88f8146e00540b7c9179ba4b53700af3ec208a871f728f5400b5504c68d6dc0ed0c80840f36e4&pst=1639650469&rmtc=t&uuid=80f1e285-b728-41ed-91f4-a8a6a0435d91%3A3%3A1&pii=&in=false&key=c2c5c7372f32d6b91781836c4ce66e51&refer=https%3A%2F%2Fwww.soccerhockeyfans.com%2Fpage.php%3Fhash%3Dbaba36&ad=1497485&td=1639598970&scrHeight=1080&dev=r...&res=7.31&zninxco=86&ud=ODMuMjQyLjg1LjE0Mg%3D%3D&kw=%5B%5D&scrWidth=1920&tz=1&v=21.1.v.1 HTTP 302
  • https://tracker-tds.info/index.php?key=tvxllufqvww9lxefbb1l&SUB_ID_SHORT=033517a4d9f8f8387ef234f4ece44c1b&cost={payout}&PLACEMENT_ID=29221&CAMPAIGN_ID=525342&DEVICE_BRAND=Unknown&BROWSER_NAME=Chrome&USER_OS=Windows&USER_CARRIER=Hetzner%20Online%20GmbH&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F96.0.4664.93%20Safari%2F537.36&REMOTE_LANGUAGE=15&BANNER_ID=1596187 HTTP 302
  • https://tracker-tds.info/index.php?key=0fy8mwoxkto2i5yaydnf&clickid=987e6zwtlk2a23ad HTTP 302
  • https://1.sabs-push.xyz/?clickid=c906fzwtlk2a6ac2&uclick=zwtlk2a2&uclickhash=zwtlk2a2-zwtlk2a6-37-0-17wj-6jfe-7v52-a0439f
Request Chain 8
  • https://tracker-tds.info/index.php?key=0m3kex8j47sh7x0wskc1 HTTP 302
  • https://tracker-tds.info/nlp/index.php?sub1=15fa6zwtlk2fnd7a&url_bnm_redirect=https://magic5.biz/go/haygenlfgm5dcnjw

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
1tyas2v5a3
hairoak.com/ 		4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://hairoak.com/1tyas2v5a3?zninxco=86&refer=https%3A%2F%2Fwww.soccerhockeyfans.com%2Fpage.php%3Fhash%3Dbaba36&ad=1497485&ud=ODMuMjQyLjg1LjE0Mg%3D%3D&td=1639598970&kw=%5B%5D&key=c2c5c7372f32d6b91781836c4ce66e51&scrWidth=1920&scrHeight=1080&tz=1&v=21.1.v.1&res=7.31&dev=r...
Protocol
HTTP/1.1
Server
192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
0a4ae03fcdde726ce590e601ba7ade6e4d5b393f019bc094f2ee885a5e1529bb
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx/1.17.9
Date
Thu, 16 Dec 2021 10:26:49 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
X-Request-ID
2ae70620cd46ba20429b18bdd46ec9cf
Strict-Transport-Security
max-age=0; includeSubdomains
Content-Encoding
gzip
stats
venetrigni.com/ 		40 B
284 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://venetrigni.com/stats
Requested by
Host: hairoak.com
URL: http://hairoak.com/1tyas2v5a3?zninxco=86&refer=https%3A%2F%2Fwww.soccerhockeyfans.com%2Fpage.php%3Fhash%3Dbaba36&ad=1497485&ud=ODMuMjQyLjg1LjE0Mg%3D%3D&td=1639598970&kw=%5B%5D&key=c2c5c7372f32d6b91781836c4ce66e51&scrWidth=1920&scrHeight=1080&tz=1&v=21.1.v.1&res=7.31&dev=r...
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.69.1.168 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-69-1-168.eu-central-1.compute.amazonaws.com
Software
fasthttp /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://hairoak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
http://hairoak.com
date
Thu, 16 Dec 2021 10:26:49 GMT
access-control-allow-credentials
true
server
fasthttp
content-length
40
content-type
text/html; charset=UTF-8
/
1.sabs-push.xyz/
Redirect Chain
  • http://hairoak.com/1tyas2v5a3?shu=c9af47f806af4638dc7bf3812b4497cf6fe8f9c60cb0110235af4ca9a26513f728f4ec63a3e65d8901de19167dc88f8146e00540b7c9179ba4b53700af3ec208a871f728f5400b5504c68d6dc0ed0c80840...
  • https://tracker-tds.info/index.php?key=tvxllufqvww9lxefbb1l&SUB_ID_SHORT=033517a4d9f8f8387ef234f4ece44c1b&cost={payout}&PLACEMENT_ID=29221&CAMPAIGN_ID=525342&DEVICE_BRAND=Unknown&BROWSER_NAME=Chrom...
  • https://tracker-tds.info/index.php?key=0fy8mwoxkto2i5yaydnf&clickid=987e6zwtlk2a23ad
  • https://1.sabs-push.xyz/?clickid=c906fzwtlk2a6ac2&uclick=zwtlk2a2&uclickhash=zwtlk2a2-zwtlk2a6-37-0-17wj-6jfe-7v52-a0439f
36 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1.sabs-push.xyz/?clickid=c906fzwtlk2a6ac2&uclick=zwtlk2a2&uclickhash=zwtlk2a2-zwtlk2a6-37-0-17wj-6jfe-7v52-a0439f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.162.10.217 Sofia, Bulgaria, ASN59729 (ITL-BG, UA),
Reverse DNS
vps10770.hosted-by.eurohoster.online
Software
nginx /
Resource Hash
9ac66a91a224fcafac5c2f14c223679bee15173cc73f5c924b28f15ccb23a389
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://hairoak.com/

Response headers

Server
nginx
Date
Thu, 16 Dec 2021 10:26:50 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000;
Content-Encoding
gzip

Redirect headers

Server
nginx/1.20.1
Date
Thu, 16 Dec 2021 10:26:50 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Location
https://1.sabs-push.xyz?clickid=c906fzwtlk2a6ac2&uclick=zwtlk2a2&uclickhash=zwtlk2a2-zwtlk2a6-37-0-17wj-6jfe-7v52-a0439f
Strict-Transport-Security
max-age=31536000
micro.tag.min.js
deefauph.com/pfe/current/ 		89 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://deefauph.com/pfe/current/micro.tag.min.js?z=3934095&ymid=c906fzwtlk2a6ac2&var=null
Requested by
Host: 1.sabs-push.xyz
URL: https://1.sabs-push.xyz/?clickid=c906fzwtlk2a6ac2&uclick=zwtlk2a2&uclickhash=zwtlk2a2-zwtlk2a6-37-0-17wj-6jfe-7v52-a0439f
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
445b9db367cd1663fb3516d8396e106c27963ee2862d4cbcbdc7209f46724398

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1.sabs-push.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 10:26:50 GMT
content-encoding
gzip
last-modified
Tue, 14 Dec 2021 11:51:56 GMT
server
nginx
etag
W/"61b8855c-165b3"
content-type
application/javascript
cache-control
no-cache
access-control-allow-credentials
true
truncated
/ 		97 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d00641ee14b2eddb6a47a61021bd2b664ab13bd761fee4b2e8bca7f132fdd2bc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
zone
deefauph.com/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://deefauph.com/zone?&pub=0&zone_id=3934095&is_mobile=false&domain=1.sabs-push.xyz&var=null&ymid=c906fzwtlk2a6ac2&var_3=&dsig=&action=prerequest
Requested by
Host: deefauph.com
URL: https://deefauph.com/pfe/current/micro.tag.min.js?z=3934095&ymid=c906fzwtlk2a6ac2&var=null
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://1.sabs-push.xyz/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-trace-id
ef0911ed7b9414e3dbf229f798f3c3c8
date
Thu, 16 Dec 2021 10:26:50 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-origin
https://1.sabs-push.xyz
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
0
gid.js
my.rtmark.net/ 		65 B
544 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=3934095&checkDuplicate=true&ymid=c906fzwtlk2a6ac2&var=null
Requested by
Host: deefauph.com
URL: https://deefauph.com/pfe/current/micro.tag.min.js?z=3934095&ymid=c906fzwtlk2a6ac2&var=null
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1.sabs-push.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 10:26:50 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://1.sabs-push.xyz
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
zone
deefauph.com/ 		695 B
983 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://deefauph.com/zone?&pub=0&zone_id=3934095&is_mobile=false&domain=1.sabs-push.xyz&var=null&ymid=c906fzwtlk2a6ac2&var_3=&dsig=&action=settings
Requested by
Host: deefauph.com
URL: https://deefauph.com/pfe/current/micro.tag.min.js?z=3934095&ymid=c906fzwtlk2a6ac2&var=null
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
6816c59ad1da47c58af71661b3fa7448a9c7e3206c7853a784a50ebc3ad63e32
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1.sabs-push.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-trace-id
d11c612a9b9d0d3c3d73f60bade246d9
date
Thu, 16 Dec 2021 10:26:50 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
content-type
application/json; charset=utf-8
access-control-allow-origin
https://1.sabs-push.xyz
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
695
index.php
tracker-tds.info/nlp/
Redirect Chain
  • https://tracker-tds.info/index.php?key=0m3kex8j47sh7x0wskc1
  • https://tracker-tds.info/nlp/index.php?sub1=15fa6zwtlk2fnd7a&url_bnm_redirect=https://magic5.biz/go/haygenlfgm5dcnjw
105 B
372 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tracker-tds.info/nlp/index.php?sub1=15fa6zwtlk2fnd7a&url_bnm_redirect=https://magic5.biz/go/haygenlfgm5dcnjw
Requested by
Host: 1.sabs-push.xyz
URL: https://1.sabs-push.xyz/?clickid=c906fzwtlk2a6ac2&uclick=zwtlk2a2&uclickhash=zwtlk2a2-zwtlk2a6-37-0-17wj-6jfe-7v52-a0439f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
95.216.71.125 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.125.71.216.95.clients.your-server.de
Software
nginx/1.20.1 /
Resource Hash
f5dc3246113de338f491f5fdc2d7b40f19d6df467996d9eafd07e2e9b4150399
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://1.sabs-push.xyz/?clickid=c906fzwtlk2a6ac2&uclick=zwtlk2a2&uclickhash=zwtlk2a2-zwtlk2a6-37-0-17wj-6jfe-7v52-a0439f

Response headers

Server
nginx/1.20.1
Date
Thu, 16 Dec 2021 10:26:50 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip

Redirect headers

Server
nginx/1.20.1
Date
Thu, 16 Dec 2021 10:26:50 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Location
https://tracker-tds.info/nlp/index.php?sub1=15fa6zwtlk2fnd7a&url_bnm_redirect=https://magic5.biz/go/haygenlfgm5dcnjw
Strict-Transport-Security
max-age=31536000
haygenlfgm5dcnjw
magic5.biz/go/ 		27 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://magic5.biz/go/haygenlfgm5dcnjw?sub1=15fa6zwtlk2fnd7a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.166.64.127 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
bb0b9bc17dd94c9547e2ff3b32f665739b946f7646282ef02642abf4b43c8c20
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://tracker-tds.info/

Response headers

server
nginx
date
Thu, 16 Dec 2021 10:26:50 GMT
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
truncated
/ 		557 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
762ccee9d0189f368cc719a7d880c3930afb784a011217af59492ee67b1a2326

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		450 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8d33583a99f07f8f72a40d1ff35f6a5237b6942db08714132912d9a8b9a52941

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
Primary Request index.php
0.magic5.biz/ 		27 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://0.magic5.biz/index.php?p=haygenlfgm5dcnjw&sub1=15fa6zwtlk2fnd7a
Requested by
Host: magic5.biz
URL: https://magic5.biz/go/haygenlfgm5dcnjw?sub1=15fa6zwtlk2fnd7a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.166.64.127 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
17b4d03bb716d6219164f36e97bc4d62fbf26969d924f58fc95e101f9fa72d97
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://magic5.biz/

Response headers

server
nginx
date
Thu, 16 Dec 2021 10:26:50 GMT
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
truncated
/ 		557 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
762ccee9d0189f368cc719a7d880c3930afb784a011217af59492ee67b1a2326

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		450 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8d33583a99f07f8f72a40d1ff35f6a5237b6942db08714132912d9a8b9a52941

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		378 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6935876b0112bb2bb5aa7e27c0fdf9be86e190d47a0fbff8eb8e67e25d11f68d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		377 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f9077e9ffe52966b3a279d70797b41c4eba4e6d3928471fe755fcc3856ac4b3e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| guardEnabled boolean| isChrome function| compareVersion function| getLanguage object| rootElement boolean| canStart function| text function| textr function| disableHistory function| disableIncognito function| denied function| getWorkerRegistration function| SubS function| CheckS function| urlB64ToUint8Array

15 Cookies

Domain/Path Name / Value
hairoak.com/ Name: u_pl
Value: 29221
hairoak.com/ Name: ain
Value: eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyOTIyMSwiayI6ImMyYzVjNzM3MmYzMmQ2YjkxNzgxODM2YzRjZTY2ZTUxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMjY4NiwicGlkIjo2NzI2LCJhbiI6ZmFsc2UsImxhbiI6ZmFsc2UsImNpZCI6MTksImFpZCI6MjgsInB0Ijo0LCJwayI6IjF0eWFzMnY1YTMiLCJjcGtzIjp7ICIzNCI6ImI4MjIwNDA0YzM0OGQzMDUyZjRkZDFiNzQ2ODgzNTBjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTUwOTQ3MCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcHxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjExNTM5OSwiYm4iOiJDaHJvbWUiLCJidiI6Ijk2Iiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6NTcsImMiOiJERSIsIm4iOiJHZXJtYW55In0sImEiOnRydWUsImNyIjp7Im4iOiJIZXR6bmVyIE9ubGluZSBHbWJIIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuc29jY2VyaG9ja2V5ZmFucy5jb20vcGFnZS5waHA_aGFzaD1iYWJhMzYifX0.WTyfa52EGrVDfhH3pb6snOcpFKcAafLfoaqlTIgZAjg
hairoak.com/ Name: cjs
Value: t
venetrigni.com/ Name: uid_id2
Value: 80f1e285-b728-41ed-91f4-a8a6a0435d91:3:1
hairoak.com/ Name: uid_id2
Value: 80f1e285-b728-41ed-91f4-a8a6a0435d91:3:1
hairoak.com/ Name: iprce6865d7fe7859b0012ce82b113fd37fe
Value: 3134799
hairoak.com/ Name: pdhtkv
Value: true
hairoak.com/ Name: uncs
Value: 1
hairoak.com/ Name: pdhtkv28
Value: true
hairoak.com/ Name: uncs28
Value: 1
tracker-tds.info/ Name: uclick
Value: zwtlk2a2
my.rtmark.net/ Name: ID
Value: cfd183b176e54cbf81749d1c1a4b2c91
tracker-tds.info/ Name: uclickhash
Value: zwtlk2a2-zwtlk2fn-wj-0-wj-lp4p-dz-ad88fc
.magic5.biz/ Name: uuid
Value: 73fbb9a7-6379-4f93-8ea9-51440d6e6f98
.0.magic5.biz/ Name: uuid
Value: 73fbb9a7-6379-4f93-8ea9-51440d6e6f98

1 Console Messages

Source Level URL
Text
javascript error URL: http://hairoak.com/1tyas2v5a3?zninxco=86&refer=https%3A%2F%2Fwww.soccerhockeyfans.com%2Fpage.php%3Fhash%3Dbaba36&ad=1497485&ud=ODMuMjQyLjg1LjE0Mg%3D%3D&td=1639598970&kw=%5B%5D&key=c2c5c7372f32d6b91781836c4ce66e51&scrWidth=1920&scrHeight=1080&tz=1&v=21.1.v.1&res=7.31&dev=r...(Line 63)
Message:
Refused to set unsafe header "Referer"

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0; includeSubdomains