URL: http://ncscblog.co.uk/uk/buy50707667
Submission: On August 04 via automatic, source openphish

Summary

This website contacted 14 IPs in 3 countries across 13 domains to perform 34 HTTP transactions. The main IP is 80.249.131.31, located in Russian Federation and belongs to SELECTEL, RU. The main domain is ncscblog.co.uk.
This is the only time ncscblog.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Gumtree (E-commerce)

Domain & IP information

Domain Requested by
9 www.gumtree.com ncscblog.co.uk
www.gumtree.com
4 widget.replain.cc ncscblog.co.uk
widget.replain.cc
3 i.imgur.com ncscblog.co.uk
3 ncscblog.co.uk ncscblog.co.uk
2 cdn.cookielaw.org ncscblog.co.uk
1 bootstrap.smartsuppchat.com www.smartsuppchat.com
1 fonts.gstatic.com www.gumtree.com
1 www.google.de ncscblog.co.uk
1 www.google.com ncscblog.co.uk
1 www.smartsuppchat.com ncscblog.co.uk
1 googleads.g.doubleclick.net ncscblog.co.uk
1 geolocation.onetrust.com ncscblog.co.uk
1 securepubads.g.doubleclick.net ncscblog.co.uk
0 v3cq2.cloudflare.com Failed ncscblog.co.uk
0 v3cq2.tgpbf.xyz Failed ncscblog.co.uk
34 15
Subject Issuer Validity Valid
www.gumtree.com
GlobalSign RSA OV SSL CA 2018
2021-07-23 -
2022-08-24
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-07-12 -
2021-10-04
3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2021-02-12 -
2022-02-11
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2021-06-01 -
2022-05-31
a year crt.sh
*.imgur.com
DigiCert SHA2 Secure Server CA
2020-01-15 -
2022-03-16
2 years crt.sh
widget.replain.cc
R3
2021-06-26 -
2021-09-24
3 months crt.sh
*.smartsuppchat.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2020-12-02 -
2021-12-30
a year crt.sh
www.google.com
GTS CA 1C3
2021-06-28 -
2021-09-20
3 months crt.sh
www.google.de
GTS CA 1C3
2021-06-28 -
2021-09-20
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-06-28 -
2021-09-20
3 months crt.sh

This page contains 2 frames:

Primary Page: http://ncscblog.co.uk/uk/buy50707667
Frame ID: C52CCC4BC055BDF16F1954790CD93D31
Requests: 32 HTTP requests in this frame

Frame: https://widget.replain.cc/dist/css/app.98c478fa.css
Frame ID: F47D9C100B6CA157907F3B8DE5C77529
Requests: 3 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

34
Requests

76 %
HTTPS

54 %
IPv6

13
Domains

15
Subdomains

14
IPs

3
Countries

1451 kB
Transfer

2406 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set buy50707667
ncscblog.co.uk/uk/
869 KB
869 KB
Document
General
Full URL
http://ncscblog.co.uk/uk/buy50707667
Protocol
HTTP/1.1
Server
80.249.131.31 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
nginx/1.20.1 / PHP/7.4.19
Resource Hash
9852cc79baadeaf5c4b211541183dfa873619573d6f78c7ee51caa7faa86d3c1

Request headers

Host
ncscblog.co.uk
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx/1.20.1
Date
Wed, 04 Aug 2021 01:48:34 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.4.19
Set-Cookie
0800fc577294c34e0b28ad2839435945=ZWQyNjcwOTY1ODBlYTdiODA2ZDgyNzc4ZjIwZThhMTQ%3D; expires=Wed, 18-Aug-2021 01:48:34 GMT; Max-Age=1209600; path=/
06c275cbb35e43b4247a80d0.buyer.css
www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/
281 KB
55 KB
Stylesheet
General
Full URL
https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.140.166 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
166.140.244.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
cb9aebbf350579407c71d959aa2ca2f3d07606c27ed77c5552b870a6c3208c7e
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cteonnt-length
288021
date
Tue, 03 Aug 2021 00:20:01 GMT
content-encoding
gzip
last-modified
Tue, 15 Dec 2020 14:50:21 GMT
server
nginx
age
91713
vary
Accept-Encoding
content-type
text/css
via
1.1 google, 1.1 google
cache-control
public,max-age=86400
strict-transport-security
max-age=157680000
accept-ranges
bytes
alt-svc
clear, clear
content-length
56032
app.d1c48d10.css
v3cq2.tgpbf.xyz/chat/css/
0
0

normalize.css
v3cq2.tgpbf.xyz/chat/css/
0
0

all.min.css
v3cq2.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/
0
0

chat.css
v3cq2.tgpbf.xyz/chat/css/
0
0

np_chat.js
v3cq2.tgpbf.xyz/chat/js/
0
0

advertising.js
www.gumtree.com/static/1/resources/assets/rwd/js/
70 B
257 B
Script
General
Full URL
https://www.gumtree.com/static/1/resources/assets/rwd/js/advertising.js
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.140.166 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
166.140.244.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
998abfa7306e3fe360f7b733628a8e029593e740d8bf956d23e8407a8e0074c9
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 31 Jul 2021 10:02:59 GMT
via
1.1 google, 1.1 google
last-modified
Thu, 29 Jul 2021 12:01:19 GMT
server
nginx
age
315935
vary
Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=86400
strict-transport-security
max-age=157680000
accept-ranges
bytes
alt-svc
clear, clear
content-length
70
pubads_impl_2020120801.js
securepubads.g.doubleclick.net/gpt/
274 KB
97 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120801.js
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
5f02981bfcab6807a15ddfea1babc7cee05cd0f1f59abe712928de44fb6c1f0d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 04 Aug 2021 01:48:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 08 Dec 2020 09:42:29 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98829
x-xss-protection
0
expires
Wed, 04 Aug 2021 01:48:34 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
164 B
228 B
Script
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b94f9074fc2ef1b63132fc70fe244cc5d5322e5982a80b6273a45a935ae335f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 04 Aug 2021 01:48:34 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
67941fcc6e15169d-ARN
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1004041890/
2 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1004041890/?random=1609374816022&cv=9&fst=1609374816022&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=812&u_w=375&u_ah=812&u_aw=375&u_cd=30&u_his=3&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbu0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fgumtree.id-457623.online%2Fcash13450713&tiba=Double%20furnished%20room%20%7C%20in%20Newham%2C%20London%20%7C%20Gumtree&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
777328ad721f5404fd3d71a82ef58de50daee611bfcbe7356a5739b4db9411d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Aug 2021 01:48:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1044
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.8.0/
332 KB
71 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.8.0/otBannerSdk.js
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80a4168da3bfeb8a7a3d725ad6aabafc536c28503e6c053b3b8067fd1b5cd0cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 04 Aug 2021 01:48:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ZxViCiQmz7HefYYdJwAS4g==
age
1889
vary
Accept-Encoding
content-length
72918
x-ms-lease-status
unlocked
last-modified
Tue, 17 Nov 2020 08:19:35 GMT
server
cloudflare
etag
0x8D88AD1852575D6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
b42e6eae-c01e-0004-27c3-632d64000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
67941fcc68441e6d-AMS
otTCF.js
cdn.cookielaw.org/scripttemplates/6.8.0/
67 KB
15 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.8.0/otTCF.js
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13f63ab5fa8d3973eef6d6366052135fb3958b54ca2149cc691864b03ed7d848
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 04 Aug 2021 01:48:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
UnI48Uch3f3NsZp0xNCSPA==
age
1794
vary
Accept-Encoding
content-length
14815
x-ms-lease-status
unlocked
last-modified
Tue, 17 Nov 2020 08:19:34 GMT
server
cloudflare
etag
0x8D88AD1843DF90D
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a7dc3c9b-d01e-007d-2201-38442e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
67941fcc68491e6d-AMS
5E5Q67b.png
i.imgur.com/
39 KB
39 KB
Image
General
Full URL
https://i.imgur.com/5E5Q67b.png
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
0829b2e0bf8165c33a61ae18ba1252575d98215071ecae86f65e4b3ff32c1922
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 04 Aug 2021 01:48:34 GMT
x-content-type-options
nosniff
age
494526
x-cache
HIT, HIT
content-length
39997
x-served-by
cache-bwi5148-BWI, cache-fra19153-FRA
last-modified
Fri, 08 Jan 2021 07:28:25 GMT
server
cat factory 1.0
x-timer
S1628041715.648568,VS0,VE1
etag
"774f71e2a612686e100572ad0839d836"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
UOm50vK.png
i.imgur.com/
8 KB
9 KB
Image
General
Full URL
https://i.imgur.com/UOm50vK.png
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
c05402ff1ac81bddbda8404a50ef267533c74478ae8aded98cfe6803b69cffeb
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 04 Aug 2021 01:48:34 GMT
x-content-type-options
nosniff
age
1100468
x-cache
HIT, HIT
content-length
8595
x-served-by
cache-bwi5125-BWI, cache-fra19153-FRA
last-modified
Fri, 01 Jan 2021 22:05:49 GMT
server
cat factory 1.0
x-timer
S1628041715.648614,VS0,VE1
etag
"147057a3aabcb9c68ea3286a450917d8"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
d0558d91063038236b60e3ef.App_Store_Badge.svg
www.gumtree.com/static/1/resources/assets/rwd/images/svg/
12 KB
12 KB
Image
General
Full URL
https://www.gumtree.com/static/1/resources/assets/rwd/images/svg/d0558d91063038236b60e3ef.App_Store_Badge.svg
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.140.166 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
166.140.244.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
25178aeef6eb6b83b96f5f2d004eda3bffbb37122de64afbaef7107b384a4132
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 16:30:30 GMT
via
1.1 google, 1.1 google
last-modified
Mon, 19 Jul 2021 10:26:35 GMT
server
nginx
age
1243084
strict-transport-security
max-age=157680000
content-type
image/svg+xml
cache-control
public,max-age=86400
accept-ranges
bytes
alt-svc
clear, clear
content-length
12353
2961d6a9fb7950bd9b994027.google-play-badge.svg
www.gumtree.com/static/1/resources/assets/rwd/images/svg/
9 KB
3 KB
Image
General
Full URL
https://www.gumtree.com/static/1/resources/assets/rwd/images/svg/2961d6a9fb7950bd9b994027.google-play-badge.svg
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.140.166 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
166.140.244.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a0aa7e0275e1e0093e52dc6b098c69e5cf63273cb1efafcb0550e88539c14129
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 19:09:58 GMT
content-encoding
gzip
last-modified
Mon, 19 Jul 2021 10:26:35 GMT
server
nginx
age
1233516
ntcoent-length
9096
strict-transport-security
max-age=157680000
content-type
image/svg+xml
via
1.1 google, 1.1 google
cache-control
public,max-age=86400
accept-ranges
bytes
alt-svc
clear, clear
content-length
3494
email-decode.min.js
ncscblog.co.uk/cdn-cgi/scripts/5c5dd728/cloudflare-static/
0
0
Script
General
Full URL
http://ncscblog.co.uk/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
HTTP/1.1
Server
80.249.131.31 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
ncscblog.co.uk
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://ncscblog.co.uk/uk/buy50707667
Cookie
0800fc577294c34e0b28ad2839435945=ZWQyNjcwOTY1ODBlYTdiODA2ZDgyNzc4ZjIwZThhMTQ%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 04 Aug 2021 01:48:34 GMT
Server
nginx/1.20.1
Connection
keep-alive
Content-Length
196
Content-Type
text/html; charset=iso-8859-1
client.js
widget.replain.cc/dist/
3 KB
2 KB
Script
General
Full URL
https://widget.replain.cc/dist/client.js
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.21.8.220 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
758fb174a9cc0d7ef0085e27252c790177250092ef1dd87e7c629bf22597c212

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 04 Aug 2021 01:49:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Aug 2021 04:31:29 GMT
Server
nginx
ETag
W/"6108c6a1-b72"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=3600, public
Connection
keep-alive
Expires
Wed, 04 Aug 2021 02:49:36 GMT
loader.js
www.smartsuppchat.com/
23 KB
7 KB
Script
General
Full URL
https://www.smartsuppchat.com/loader.js?
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
b4bfeb1be6e77a5be771c7f615d36199e05607a8d10e4d188c994a05948bd39e

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-77-nzt
Abk73BCEdNTvIgAAAA==
x-accel-expires
@1628041740
date
Wed, 04 Aug 2021 01:48:34 GMT
content-encoding
br
etag
W/"60b8ebb2-5bf5"
last-modified
Thu, 03 Jun 2021 14:48:18 GMT
server
CDN77-Turbo
x-77-nzt-ray
F7j6dbERODI=
x-77-cache
HIT
content-type
application/javascript
cache-control
max-age=300, public, s-maxage=60
x-cache
HIT
x-age
34
x-77-pop
frankfurtDE
expires
Thu, 03 Jun 2021 14:54:34 GMT
/
www.google.com/pagead/1p-user-list/1004041890/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1004041890/?random=1609374816022&cv=9&fst=1609372800000&num=1&guid=ON&u_h=812&u_w=375&u_ah=812&u_aw=375&u_cd=30&u_his=3&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbu0&sendb=1&frm=0&url=https%3A%2F%2Fgumtree.id-457623.online%2Fcash13450713&tiba=Double%20furnished%20room%20%7C%20in%20Newham%2C%20London%20%7C%20Gumtree&async=1&fmt=3&is_vtc=1&random=4267003688&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Aug 2021 01:48:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1004041890/
42 B
569 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1004041890/?random=1609374816022&cv=9&fst=1609372800000&num=1&guid=ON&u_h=812&u_w=375&u_ah=812&u_aw=375&u_cd=30&u_his=3&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbu0&sendb=1&frm=0&url=https%3A%2F%2Fgumtree.id-457623.online%2Fcash13450713&tiba=Double%20furnished%20room%20%7C%20in%20Newham%2C%20London%20%7C%20Gumtree&async=1&fmt=3&is_vtc=1&random=4267003688&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Aug 2021 01:48:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gumtree_logo.svg
www.gumtree.com/static/1/resources/assets/rwd/images/svg/
2 KB
935 B
Image
General
Full URL
https://www.gumtree.com/static/1/resources/assets/rwd/images/svg/gumtree_logo.svg?v=7520cf27b2
Requested by
Host: www.gumtree.com
URL: https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.140.166 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
166.140.244.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
c2af04f93ca8cc9a28419c6dc2297509ca3446efb6bc21cb623483f454468d8e
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

Referer
https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 00:20:02 GMT
content-encoding
gzip
last-modified
Thu, 29 Jul 2021 12:01:18 GMT
server
nginx
age
91712
ntcoent-length
1550
strict-transport-security
max-age=157680000
content-type
image/svg+xml
via
1.1 google, 1.1 google
cache-control
public,max-age=86400
accept-ranges
bytes
alt-svc
clear, clear
content-length
841
gumtree_logo_text.svg
www.gumtree.com/static/1/resources/assets/rwd/images/svg/
5 KB
5 KB
Image
General
Full URL
https://www.gumtree.com/static/1/resources/assets/rwd/images/svg/gumtree_logo_text.svg?v=c975a8f45f
Requested by
Host: www.gumtree.com
URL: https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.140.166 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
166.140.244.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
ce48ccf69d2de8ab23244a9d5af16d03242447a1b40d527f4a80b0d2f2ea1ade
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

Referer
https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 04:56:04 GMT
via
1.1 google, 1.1 google
last-modified
Thu, 29 Jul 2021 12:01:18 GMT
server
nginx
age
75150
strict-transport-security
max-age=157680000
content-type
image/svg+xml
cache-control
public,max-age=86400
accept-ranges
bytes
alt-svc
clear, clear
content-length
5473
spinner.svg
www.gumtree.com/static/1/resources/assets/rwd/images/svg/
456 B
537 B
Image
General
Full URL
https://www.gumtree.com/static/1/resources/assets/rwd/images/svg/spinner.svg?v=8db41d6272
Requested by
Host: www.gumtree.com
URL: https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.140.166 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
166.140.244.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e310673ef98d1a4a73ba6aeab6501f4808d101fce6f28fea2695f13ccc4c1041
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

Referer
https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 04 Aug 2021 01:48:34 GMT
via
1.1 google, 1.1 google
last-modified
Mon, 02 Aug 2021 12:29:54 GMT
server
nginx
strict-transport-security
max-age=157680000
content-type
image/svg+xml
cache-control
public,max-age=86400
accept-ranges
bytes
alt-svc
clear, clear
content-length
456
BC1r9tO.jpg
i.imgur.com/
1 KB
1 KB
Image
General
Full URL
https://i.imgur.com/BC1r9tO.jpg
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
925fe3a3bcc9acbe0591df6a5827f78f1693db6d2d7f283647febe880d56b3cd
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
http://ncscblog.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 04 Aug 2021 01:48:34 GMT
x-content-type-options
nosniff
age
480207
x-cache
HIT, HIT
content-length
1162
x-served-by
cache-bwi5180-BWI, cache-fra19153-FRA
last-modified
Thu, 29 Jul 2021 12:23:29 GMT
server
cat factory 1.0
x-timer
S1628041715.705804,VS0,VE1
etag
"766648861c1884aa8da07b6c20ede5f2"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
gumshield.svg
www.gumtree.com/static/1/resources/assets/rwd/images/svg/
1 KB
807 B
Image
General
Full URL
https://www.gumtree.com/static/1/resources/assets/rwd/images/svg/gumshield.svg?v=5673c7ba9d
Requested by
Host: www.gumtree.com
URL: https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.140.166 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
166.140.244.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
468600ff5723243fe246c3e2824772366176aa98c170dd57b06afc06a20e5d90
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

Referer
https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 00:20:02 GMT
content-encoding
gzip
last-modified
Thu, 29 Jul 2021 12:01:18 GMT
server
nginx
age
91712
ntcoent-length
1316
strict-transport-security
max-age=157680000
content-type
image/svg+xml
via
1.1 google, 1.1 google
cache-control
public,max-age=86400
accept-ranges
bytes
alt-svc
clear, clear
content-length
741
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
fonts.gstatic.com/s/inter/v2/
36 KB
36 KB
Font
General
Full URL
https://fonts.gstatic.com/s/inter/v2/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
Requested by
Host: www.gumtree.com
URL: https://www.gumtree.com/static/1/resources/assets/rwd/style/framework/css/06c275cbb35e43b4247a80d0.buyer.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f9bba27460b9836abf81fb74f66ce01b11aeebe183706bbc116ed2fdcb04433d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://ncscblog.co.uk
Referer
https://www.gumtree.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 02:13:01 GMT
x-content-type-options
nosniff
age
84933
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36564
x-xss-protection
0
last-modified
Fri, 26 Jun 2020 02:37:45 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Aug 2022 02:13:01 GMT
truncated
/
11 KB
11 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f500df002ea40e6348efa2ef6da1dd95db595d63eae56a9747cfdbd9b59b9a06

Request headers

Origin
http://ncscblog.co.uk
Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
font/woff2
b7ace698b862c8521f8ec2f3.Phone_mockup_min.png
www.gumtree.com/static/1/resources/assets/rwd/images/orphans/
66 KB
66 KB
Image
General
Full URL
https://www.gumtree.com/static/1/resources/assets/rwd/images/orphans/b7ace698b862c8521f8ec2f3.Phone_mockup_min.png
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.140.166 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
166.140.244.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
12340bc62cba474d7e8e43e6e7bae9aea6b7f076a5e4fb26aaceb0c10d4c05c4
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

Referer
http://ncscblog.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 16:59:22 GMT
via
1.1 google, 1.1 google
last-modified
Mon, 19 Jul 2021 10:26:33 GMT
server
nginx
age
1241352
strict-transport-security
max-age=157680000
content-type
image/png
cache-control
public,max-age=86400
accept-ranges
bytes
alt-svc
clear, clear
content-length
67479
email-decode.min.js
ncscblog.co.uk/cdn-cgi/scripts/5c5dd728/cloudflare-static/
0
0
Script
General
Full URL
http://ncscblog.co.uk/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
HTTP/1.1
Server
80.249.131.31 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
ncscblog.co.uk
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://ncscblog.co.uk/uk/buy50707667
Cookie
0800fc577294c34e0b28ad2839435945=ZWQyNjcwOTY1ODBlYTdiODA2ZDgyNzc4ZjIwZThhMTQ%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 04 Aug 2021 01:48:34 GMT
Server
nginx/1.20.1
Connection
keep-alive
Content-Length
196
Content-Type
text/html; charset=iso-8859-1
97da4424642a9ee23325b423046ff18aa5621f25.json
bootstrap.smartsuppchat.com/widget/
824 B
1 KB
XHR
General
Full URL
https://bootstrap.smartsuppchat.com/widget/97da4424642a9ee23325b423046ff18aa5621f25.json
Requested by
Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.69.114 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-69-114.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
92503ae6d601463bf5bc01beeac4bc1befc93c54ee1cc8ca9dbe51b54d6eeabf

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

x-version
dd7aa3fd74890dee45e641d61fd476758d95b5cd
date
Wed, 04 Aug 2021 01:48:34 GMT
x-hit
redis
etag
"338-7jpCbSfU9qCF87XtNNPXu8XB24A"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=0, must-revalidate
content-length
824
app.98c478fa.css
widget.replain.cc/dist/css/ Frame F47D
27 KB
7 KB
Stylesheet
General
Full URL
https://widget.replain.cc/dist/css/app.98c478fa.css
Requested by
Host: widget.replain.cc
URL: https://widget.replain.cc/dist/client.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.21.8.220 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
dd61aaa3843f40f8932a11ec146128d54b2862eeac780c4c01754b520815eea2

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 04 Aug 2021 01:49:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Aug 2021 04:19:10 GMT
Server
nginx
ETag
W/"6108c3be-6b62"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=31536000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Thu, 04 Aug 2022 01:49:36 GMT
app.eb018d46.js
widget.replain.cc/dist/js/ Frame F47D
313 KB
115 KB
Script
General
Full URL
https://widget.replain.cc/dist/js/app.eb018d46.js
Requested by
Host: widget.replain.cc
URL: https://widget.replain.cc/dist/client.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.21.8.220 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
3a48823416a3b411c607be5540697807b433d141e4987cf610904c52a07f700d

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 04 Aug 2021 01:49:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Aug 2021 04:19:10 GMT
Server
nginx
ETag
W/"6108c3be-4e36b"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Thu, 04 Aug 2022 01:49:36 GMT
notification.ac905963.mp3
widget.replain.cc/dist/media/ Frame F47D
24 KB
24 KB
Media
General
Full URL
https://widget.replain.cc/dist/media/notification.ac905963.mp3
Requested by
Host: ncscblog.co.uk
URL: http://ncscblog.co.uk/uk/buy50707667
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.21.8.220 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx /
Resource Hash
d29d3345cf4f562771b5b807bc898e977d32a63e49bb4b084dc86acae4597c1e

Request headers

Referer
http://ncscblog.co.uk/uk/buy50707667
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range
bytes=0-

Response headers

Pragma
public
Date
Wed, 04 Aug 2021 01:49:36 GMT
Last-Modified
Tue, 03 Aug 2021 04:19:10 GMT
Server
nginx
ETag
"6108c3be-6053"
Content-Type
audio/mpeg
Content-Range
bytes 0-24658/24659
Cache-Control
max-age=31536000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Length
24659
Expires
Thu, 04 Aug 2022 01:49:36 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
v3cq2.tgpbf.xyz
URL
https://v3cq2.tgpbf.xyz/chat/css/app.d1c48d10.css?ver=112
Domain
v3cq2.tgpbf.xyz
URL
https://v3cq2.tgpbf.xyz/chat/css/normalize.css
Domain
v3cq2.cloudflare.com
URL
https://v3cq2.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css
Domain
v3cq2.tgpbf.xyz
URL
https://v3cq2.tgpbf.xyz/chat/css/chat.css?ver=1.0.5
Domain
v3cq2.tgpbf.xyz
URL
https://v3cq2.tgpbf.xyz/chat/js/np_chat.js?ver=1.0.16

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Gumtree (E-commerce)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| id_chat string| token_chat string| product_chat object| replainSettings object| _plsUBTTQ boolean| bc_s object| _smartsupp function| smartsupp function| setImmediate function| clearImmediate boolean| SMARTSUPP_LOADED object| $smartsupp object| otIabModule boolean| replainInitialized object| googletag object| google_js_reporting_queue function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| ggeac undefined| google_measure_js_timing object| ReplainWidget

1 Cookies

Domain/Path Name / Value
ncscblog.co.uk/ Name: 0800fc577294c34e0b28ad2839435945
Value: ZWQyNjcwOTY1ODBlYTdiODA2ZDgyNzc4ZjIwZThhMTQ%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bootstrap.smartsuppchat.com
cdn.cookielaw.org
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
i.imgur.com
ncscblog.co.uk
securepubads.g.doubleclick.net
v3cq2.cloudflare.com
v3cq2.tgpbf.xyz
widget.replain.cc
www.google.com
www.google.de
www.gumtree.com
www.smartsuppchat.com
v3cq2.cloudflare.com
v3cq2.tgpbf.xyz
142.250.184.226
151.101.12.193
178.21.8.220
2606:4700:10::6814:b944
2606:4700::6810:9540
2a00:1450:4001:800::2003
2a00:1450:4001:811::2003
2a00:1450:4001:813::2004
2a00:1450:4001:829::2002
2a02:6ea0:c700::10
35.244.140.166
52.29.69.114
80.249.131.31
0829b2e0bf8165c33a61ae18ba1252575d98215071ecae86f65e4b3ff32c1922
12340bc62cba474d7e8e43e6e7bae9aea6b7f076a5e4fb26aaceb0c10d4c05c4
13f63ab5fa8d3973eef6d6366052135fb3958b54ca2149cc691864b03ed7d848
1b94f9074fc2ef1b63132fc70fe244cc5d5322e5982a80b6273a45a935ae335f
25178aeef6eb6b83b96f5f2d004eda3bffbb37122de64afbaef7107b384a4132
3a48823416a3b411c607be5540697807b433d141e4987cf610904c52a07f700d
468600ff5723243fe246c3e2824772366176aa98c170dd57b06afc06a20e5d90
5f02981bfcab6807a15ddfea1babc7cee05cd0f1f59abe712928de44fb6c1f0d
758fb174a9cc0d7ef0085e27252c790177250092ef1dd87e7c629bf22597c212
777328ad721f5404fd3d71a82ef58de50daee611bfcbe7356a5739b4db9411d7
80a4168da3bfeb8a7a3d725ad6aabafc536c28503e6c053b3b8067fd1b5cd0cb
92503ae6d601463bf5bc01beeac4bc1befc93c54ee1cc8ca9dbe51b54d6eeabf
925fe3a3bcc9acbe0591df6a5827f78f1693db6d2d7f283647febe880d56b3cd
9852cc79baadeaf5c4b211541183dfa873619573d6f78c7ee51caa7faa86d3c1
998abfa7306e3fe360f7b733628a8e029593e740d8bf956d23e8407a8e0074c9
a0aa7e0275e1e0093e52dc6b098c69e5cf63273cb1efafcb0550e88539c14129
b4bfeb1be6e77a5be771c7f615d36199e05607a8d10e4d188c994a05948bd39e
c05402ff1ac81bddbda8404a50ef267533c74478ae8aded98cfe6803b69cffeb
c2af04f93ca8cc9a28419c6dc2297509ca3446efb6bc21cb623483f454468d8e
cb9aebbf350579407c71d959aa2ca2f3d07606c27ed77c5552b870a6c3208c7e
ce48ccf69d2de8ab23244a9d5af16d03242447a1b40d527f4a80b0d2f2ea1ade
d29d3345cf4f562771b5b807bc898e977d32a63e49bb4b084dc86acae4597c1e
dd61aaa3843f40f8932a11ec146128d54b2862eeac780c4c01754b520815eea2
e310673ef98d1a4a73ba6aeab6501f4808d101fce6f28fea2695f13ccc4c1041
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f500df002ea40e6348efa2ef6da1dd95db595d63eae56a9747cfdbd9b59b9a06
f9bba27460b9836abf81fb74f66ce01b11aeebe183706bbc116ed2fdcb04433d