urlscan.io logo urlscan.io
SecurityTrails logo

schuster.marketing Open in urlscan Pro
78.46.101.118  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mail.bbc.dk/
Effective URL: https://schuster.marketing/t.php?u=aHR0cHM6Ly9hc3NldHMuaWtobmFpZS5saW5rL2NsaWNrLmh0bWw%2Fd2djYW1wYWlnbmlkPTE1MjU0NzUmd2dwcm...
Submission: On July 22 via api from US — Scanned from DK
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 12 domains to perform 17 HTTP transactions. The main IP is 78.46.101.118, located in Germany and belongs to HETZNER-AS, DE. The main domain is schuster.marketing.
TLS certificate: Issued by R11 on June 30th 2024. Valid for: 3 months.
This is the only time schuster.marketing was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 185.53.177.54 61969 (TEAMINTER...)
1 2600:9000:225... 16509 (AMAZON-02)
2 54.205.103.129 14618 (AMAZON-AES)
1 1 173.239.53.32 27257 (WEBAIR-IN...)
1 1 18.184.197.212 16509 (AMAZON-02)
2 75.102.22.187 23352 (SERVERCEN...)
1 23.109.170.197 7979 (SERVERS-COM)
3 31.220.27.134 39572 (ADVANCEDH...)
1 206.54.181.250 35415 (WEBZILLA)
1 78.46.101.74 24940 (HETZNER-AS)
1 78.46.101.118 24940 (HETZNER-AS)
17 10
4    185.53.177.54 (Germany)

ASN61969 (TEAMINTERNET-AS, DE)
mail.bbc.dk
1    2600:9000:2250:9c00:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)
d38psrni17bvxu.cloudfront.net
2    54.205.103.129 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-103-129.compute-1.amazonaws.com
tanis-ats.com
1    173.239.53.32 (New York, United States)

ASN27257 (WEBAIR-INTERNET, US)
xml-v4.starvalue-2.online
1    18.184.197.212 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: eu-ip-2.short.io
go.advertia.click
2    75.102.22.187 (Chicago, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: bh7106.banahosting.com
tubemate.us
1    23.109.170.197 (Netherlands)

ASN7979 (SERVERS-COM, US)
wisteinsight.com
3    31.220.27.134 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
viinufhg.com
1    206.54.181.250 (United States)

ASN35415 (WEBZILLA, NL)
PTR: 1c2-14-d8685-250.webazilla.com
latest-554768.tgel2ebtx.ru
1    78.46.101.74 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.74.101.46.78.clients.your-server.de
approved.website
1    78.46.101.118 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.118.101.46.78.clients.your-server.de
schuster.marketing
Apex Domain
Subdomains		 Transfer
4 bbc.dk
mail.bbc.dk
2 KB
3 viinufhg.com
viinufhg.com — Cisco Umbrella Rank: 860393
21 KB
2 tubemate.us
tubemate.us
2 KB
2 tanis-ats.com
tanis-ats.com — Cisco Umbrella Rank: 304284
4 KB
1 schuster.marketing
schuster.marketing
810 B
1 approved.website
approved.website
1 KB
1 tgel2ebtx.ru
latest-554768.tgel2ebtx.ru
724 B
1 wisteinsight.com
wisteinsight.com — Cisco Umbrella Rank: 340443
1 KB
1 advertia.click
go.advertia.click
65 B
1 starvalue-2.online
xml-v4.starvalue-2.online — Cisco Umbrella Rank: 62288
186 B
1 cloudfront.net
d38psrni17bvxu.cloudfront.net
1 KB
0 ikhnaie.link Failed
assets.ikhnaie.link Failed
17 12
Domain Requested by
4 mail.bbc.dk d38psrni17bvxu.cloudfront.net
mail.bbc.dk
3 viinufhg.com tubemate.us
viinufhg.com
2 tubemate.us tanis-ats.com
2 tanis-ats.com mail.bbc.dk
tanis-ats.com
1 schuster.marketing approved.website
1 approved.website latest-554768.tgel2ebtx.ru
1 latest-554768.tgel2ebtx.ru
1 wisteinsight.com tubemate.us
1 go.advertia.click 1 redirects
1 xml-v4.starvalue-2.online 1 redirects
1 d38psrni17bvxu.cloudfront.net mail.bbc.dk
0 assets.ikhnaie.link Failed schuster.marketing
17 12

This site contains no links.

Subject Issuer Validity Valid
mail.bbc.dk
R10		 2024-07-18 -
2024-10-16		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
tanis-ats.com
Amazon RSA 2048 M02		 2024-07-02 -
2025-07-31		 a year crt.sh
tubemate.us
cPanel, Inc. Certification Authority		 2024-05-20 -
2024-08-18		 3 months crt.sh
wisteinsight.com
R10		 2024-06-11 -
2024-09-09		 3 months crt.sh
viinufhg.com
R11		 2024-06-24 -
2024-09-22		 3 months crt.sh
*.tgel2ebtx.ru
R10		 2024-06-18 -
2024-09-16		 3 months crt.sh
approved.website
R11		 2024-06-13 -
2024-09-11		 3 months crt.sh
schuster.marketing
R11		 2024-06-30 -
2024-09-28		 3 months crt.sh

This page contains 1 frames:

Frame: https://assets.ikhnaie.link/click.html?wgcampaignid=1525475&wgprogramid=7763&utm_source=webgains&utm_medium=affiliate&utm_campaign=webgains_DK_7763_5%20&clickref=DK_7763_17216687668454
Frame ID: EC243A3328EDC8A3517B521E42FC97B6
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://mail.bbc.dk/ Page URL
  2. http://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f... HTTP 307
    https://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f... Page URL
  3. https://tanis-ats.com/zclkredirect?visitid=88d2f3b1-484e-11ef-9a29-1226cfdeb361&type=js&browserWid... Page URL
  4. http://xml-v4.starvalue-2.online/click?seat=2922854&i=TZtqoPtgnzg_0 HTTP 307
    https://xml-v4.starvalue-2.online/click?seat=2922854&i=TZtqoPtgnzg_0 HTTP 302
    https://go.advertia.click/active HTTP 302
    http://tubemate.us/?lang=en HTTP 307
    https://tubemate.us/?lang=en Page URL
  5. https://viinufhg.com/dc/?blockID=351711&tb=http%3A%2F%2Finstacatcher.com%2F%3Flang%3Den Page URL
  6. https://latest-554768.tgel2ebtx.ru/click?node=413&winPrice=0.25&winCurrency=USD&id=1721668740000-3515 Page URL
  7. https://approved.website/wgn_out.php?c=DK&campaign_id=554768&wm_account_id=601354&wm_site_id=601354-1... Page URL
  8. https://schuster.marketing/t.php?u=aHR0cHM6Ly9hc3NldHMuaWtobmFpZS5saW5rL2NsaWNrLmh0bWw%2Fd2djYW1wYWlnbm... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

17
Requests

94 %
HTTPS

9 %
IPv6

12
Domains

12
Subdomains

10
IPs

3
Countries

34 kB
Transfer

60 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mail.bbc.dk/ Page URL
  2. http://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361 HTTP 307
    https://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361 Page URL
  3. https://tanis-ats.com/zclkredirect?visitid=88d2f3b1-484e-11ef-9a29-1226cfdeb361&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B02%3A00&timezoneName=Europe%2FCopenhagen Page URL
  4. http://xml-v4.starvalue-2.online/click?seat=2922854&i=TZtqoPtgnzg_0 HTTP 307
    https://xml-v4.starvalue-2.online/click?seat=2922854&i=TZtqoPtgnzg_0 HTTP 302
    https://go.advertia.click/active HTTP 302
    http://tubemate.us/?lang=en HTTP 307
    https://tubemate.us/?lang=en Page URL
  5. https://viinufhg.com/dc/?blockID=351711&tb=http%3A%2F%2Finstacatcher.com%2F%3Flang%3Den Page URL
  6. https://latest-554768.tgel2ebtx.ru/click?node=413&winPrice=0.25&winCurrency=USD&id=1721668740000-3515 Page URL
  7. https://approved.website/wgn_out.php?c=DK&campaign_id=554768&wm_account_id=601354&wm_site_id=601354-1510588844257159&tsrc=pu Page URL
  8. https://schuster.marketing/t.php?u=aHR0cHM6Ly9hc3NldHMuaWtobmFpZS5saW5rL2NsaWNrLmh0bWw%2Fd2djYW1wYWlnbmlkPTE1MjU0NzUmd2dwcm9ncmFtaWQ9Nzc2MyZ1dG1fc291cmNlPXdlYmdhaW5zJnV0bV9tZWRpdW09YWZmaWxpYXRlJnV0bV9jYW1wYWlnbj13ZWJnYWluc19ES183NzYzXzUgJmNsaWNrcmVmPURLXzc3NjNfMTcyMTY2ODc2Njg0NTQ%3D&t=NjAxMzU0eHh4NjAxMzU0LTE1MTA1ODg4NDQyNTcxNTk%3D&c=DK&tb=pu Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361 HTTP 307
  • https://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361
Request Chain 7
  • http://xml-v4.starvalue-2.online/click?seat=2922854&i=TZtqoPtgnzg_0 HTTP 307
  • https://xml-v4.starvalue-2.online/click?seat=2922854&i=TZtqoPtgnzg_0 HTTP 302
  • https://go.advertia.click/active HTTP 302
  • http://tubemate.us/?lang=en HTTP 307
  • https://tubemate.us/?lang=en

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
mail.bbc.dk/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mail.bbc.dk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.54 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
Caddy nginx /
Resource Hash
74c6670568053f912ddfb4819a4c0c482a28c9e54966c08d39ca6d408cb5410f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
accept-ch-lifetime
30
alt-svc
h3=":8443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 22 Jul 2024 17:19:21 GMT
host
{http.reverse_proxy.upstream.hostport}
server
Caddy nginx
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_DxbIeg7riPivDggSDqIjgnqzpygzpwweULMqTQb6+t+TwCN637JRwkS0zPkkOiIu/eRI7Bm5u7n2srbUL9BeQg==
x-buckets
bucket011
x-domain
bbc.dk
x-forwarded-host
mail.bbc.dk
x-language
danish
x-redirect
zeropark_zeroclick
x-ssl-c
v1
x-ssl-proxy
v2
x-subdomain
mail
x-template
tpl_CleanPeppermintBlack_twoclick
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: mail.bbc.dk
URL: https://mail.bbc.dk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:9c00:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

Referer
https://mail.bbc.dk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 04:35:29 GMT
via
1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
last-modified
Thu, 21 Mar 2024 11:48:11 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
age
45832
etag
"65fc1e7b-448"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
1096
x-amz-cf-id
Qf7_QpPNweTwUW1LBzr4qnNMsOrtRZEoXw4QkCMNDH-zRFDHnTp6fA==
track.php
mail.bbc.dk/ 		0
96 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mail.bbc.dk/track.php?domain=bbc.dk&toggle=browserjs&uid=MTcyMTY2ODc2MS4wMzg5OjAwYTY3OGQwMjA3YjUxNzU0NDdhNzE0ODg1NWNiNGJmNDJjOGE1NzUxZjkzNTY0MjdhODg4MTc4Yjc0MmI1ZTM6NjY5ZTk0OTkwOTdlZA%3D%3D
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.54 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

device-memory
8
rtt
150
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
viewport-width
1600
Referer
https://mail.bbc.dk/
dpr
1
downlink
10
ect
4g

Response headers

date
Mon, 22 Jul 2024 17:19:21 GMT
content-encoding
gzip
x-ssl-proxy
v2
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
host
{http.reverse_proxy.upstream.hostport}
server
Caddy, nginx
x-custom-track
browserjs
vary
Accept-Encoding
accept-ch-lifetime
30
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
x-forwarded-host
mail.bbc.dk
x-ssl-c
v1
alt-svc
h3=":8443"; ma=2592000
ls.php
mail.bbc.dk/ 		16 B
374 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mail.bbc.dk/ls.php?t=669e9499&token=f02a7ff83107e5bf4ee4535270d1b7b1d3903ec7
Requested by
Host: mail.bbc.dk
URL: https://mail.bbc.dk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.54 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

device-memory
8
rtt
150
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
viewport-width
1600
Referer
https://mail.bbc.dk/
dpr
1
downlink
10
ect
4g

Response headers

date
Mon, 22 Jul 2024 17:19:21 GMT
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_rwl8laPWud83VR1y+zAM2wf0FlaTROUiB3rKNBPzujmWqFtLkKtxvHPJaEkEIbFO1uGCL4QfA/JQ7W7L7+IGdg==
x-ssl-c
v1
alt-svc
h3=":8443"; ma=2592000
x-ssl-proxy
v2
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
host
{http.reverse_proxy.upstream.hostport}
server
Caddy, nginx
access-control-max-age
86400
access-control-allow-methods
POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
accept-ch-lifetime
30
charset
utf-8
x-forwarded-host
mail.bbc.dk
x-log-success
669e94994b85560ae3007f77
track.php
mail.bbc.dk/ 		0
80 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mail.bbc.dk/track.php?click=be040c2a9818d4929be142d49a673c3cd7644887&domain=bbc.dk&uid=MTcyMTY2ODc2MS4wMzg5OjAwYTY3OGQwMjA3YjUxNzU0NDdhNzE0ODg1NWNiNGJmNDJjOGE1NzUxZjkzNTY0MjdhODg4MTc4Yjc0MmI1ZTM6NjY5ZTk0OTkwOTdlZA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NjllOTQ5OTA5NzVkfHx8MTcyMTY2ODc2MS4zMjI1fGY0NTYwMTY5YjkxMjgwOGNiNTA3N2ZiNTNhNTNkMGJhY2YxZTQzNTR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmMDJhN2ZmODMxMDdlNWJmNGVlNDUzNTI3MGQxYjdiMWQzOTAzZWM3fDB8fDB8MHx8fA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.54 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

device-memory
8
rtt
150
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
viewport-width
1600
Referer
https://mail.bbc.dk/
dpr
1
downlink
10
ect
4g

Response headers

date
Mon, 22 Jul 2024 17:19:21 GMT
content-encoding
gzip
x-ssl-proxy
v2
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
host
{http.reverse_proxy.upstream.hostport}
server
Caddy, nginx
x-custom-track
none
vary
Accept-Encoding
accept-ch-lifetime
30
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
x-forwarded-host
mail.bbc.dk
x-ssl-c
v1
alt-svc
h3=":8443"; ma=2592000
85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d
tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/
Redirect Chain
  • http://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361
  • https://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361
Requested by
Host: mail.bbc.dk
URL: https://mail.bbc.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.103.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-103-129.compute-1.amazonaws.com
Software
/
Resource Hash
79c4b90da5e1eb8c6396813458b7324e3e5100368ddebde948b4820a57497a47
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://mail.bbc.dk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
3088
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Mon, 22 Jul 2024 17:19:22 GMT
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'

Redirect headers

Location
https://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361
Non-Authoritative-Reason
HttpsUpgrades
zclkredirect
tanis-ats.com/ 		355 B
771 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tanis-ats.com/zclkredirect?visitid=88d2f3b1-484e-11ef-9a29-1226cfdeb361&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B02%3A00&timezoneName=Europe%2FCopenhagen
Requested by
Host: tanis-ats.com
URL: https://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.103.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-103-129.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://tanis-ats.com/zclkvisitor/88d2f3b1-484e-11ef-9a29-1226cfdeb361/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=88dd7b04-484e-11ef-9a29-1226cfdeb361
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
355
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Mon, 22 Jul 2024 17:19:22 GMT
redirected
JS
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'
/
tubemate.us/
Redirect Chain
  • http://xml-v4.starvalue-2.online/click?seat=2922854&i=TZtqoPtgnzg_0
  • https://xml-v4.starvalue-2.online/click?seat=2922854&i=TZtqoPtgnzg_0
  • https://go.advertia.click/active
  • http://tubemate.us/?lang=en
  • https://tubemate.us/?lang=en
727 B
652 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tubemate.us/?lang=en
Requested by
Host: tanis-ats.com
URL: https://tanis-ats.com/zclkredirect?visitid=88d2f3b1-484e-11ef-9a29-1226cfdeb361&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B02%3A00&timezoneName=Europe%2FCopenhagen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
75.102.22.187 Chicago, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
bh7106.banahosting.com
Software
/
Resource Hash
37371edf364f3517173f5b9476b4853e98e6add755c9881b18e1def2acbb4c52

Request headers

Referer
https://tanis-ats.com/zclkredirect?visitid=88d2f3b1-484e-11ef-9a29-1226cfdeb361&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B02%3A00&timezoneName=Europe%2FCopenhagen
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
417
content-type
text/html; charset=UTF-8
date
Mon, 22 Jul 2024 17:19:23 GMT
vary
Accept-Encoding

Redirect headers

Location
https://tubemate.us/?lang=en
Non-Authoritative-Reason
HttpsUpgrades
84389
wisteinsight.com/1clkn/ 		6 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wisteinsight.com/1clkn/84389
Requested by
Host: tubemate.us
URL: https://tubemate.us/?lang=en
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
23.109.170.197 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://tubemate.us/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Mon, 22 Jul 2024 17:19:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=1
Server
nginx
Accept-ch
sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Connection
keep-alive
Keep-Alive
timeout=20
favicon.ico
tubemate.us/ 		796 B
909 B 		Other
General
Check archive.org
Download Go to
Full URL
https://tubemate.us/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
75.102.22.187 Chicago, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
bh7106.banahosting.com
Software
/
Resource Hash
c4b07931b3fc37bc80d56a367783e7fa7c04ced4befec7f57ed079c38c960400

Request headers

Referer
https://tubemate.us/?lang=en
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Jul 2024 17:19:24 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
content-length
796
content-type
text/html
/
viinufhg.com/dc/ 		50 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://viinufhg.com/dc/?blockID=351711&tb=http%3A%2F%2Finstacatcher.com%2F%3Flang%3Den
Requested by
Host: tubemate.us
URL: https://tubemate.us/?lang=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.220.27.134 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.23.2 /
Resource Hash
43befbb01ee9a39978f4606a60c8d11e5fd099d10a0e4eb688cb027e524ebe64

Request headers

Referer
https://tubemate.us/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch
Width, Viewport-Width, DPR, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Jul 2024 17:19:25 GMT
server
nginx/1.23.2
vary
Accept-Encoding
index
viinufhg.com/cnt/api/ 		0
222 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://viinufhg.com/cnt/api/index
Requested by
Host: viinufhg.com
URL: https://viinufhg.com/dc/?blockID=351711&tb=http%3A%2F%2Finstacatcher.com%2F%3Flang%3Den
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.220.27.134 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.23.2 /
Resource Hash

Request headers

device-memory
8
Referer
https://viinufhg.com/dc/?blockID=351711&tb=http%3A%2F%2Finstacatcher.com%2F%3Flang%3Den
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
viewport-width
1600
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 22 Jul 2024 17:19:26 GMT
server
nginx/1.23.2
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://viinufhg.com
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Cache-Control, Content-Type
content-length
0
click
latest-554768.tgel2ebtx.ru/ 		430 B
724 B 		Document
General
Check archive.org
Download Go to
Full URL
https://latest-554768.tgel2ebtx.ru/click?node=413&winPrice=0.25&winCurrency=USD&id=1721668740000-3515
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
206.54.181.250 , United States, ASN35415 (WEBZILLA, NL),
Reverse DNS
1c2-14-d8685-250.webazilla.com
Software
/
Resource Hash
57229c6d6c281e196c52554a7ee0f1791190960028398b24430cf4168e5bed92

Request headers

Referer
https://viinufhg.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
private, no-cache, no-store, must-revalidate
connection
close
date
Mon, 22 Jul 2024 17:19:26 GMT
expires
-1
pragma
no-cache
transfer-encoding
chunked
favicon.ico
viinufhg.com/ 		0
45 B 		Other
General
Check archive.org
Download Go to
Full URL
https://viinufhg.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.220.27.134 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.23.2 /
Resource Hash

Request headers

device-memory
8
Referer
https://viinufhg.com/dc/?blockID=351711&tb=http%3A%2F%2Finstacatcher.com%2F%3Flang%3Den
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
viewport-width
1600

Response headers

date
Mon, 22 Jul 2024 17:19:26 GMT
server
nginx/1.23.2
wgn_out.php
approved.website/ 		929 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://approved.website/wgn_out.php?c=DK&campaign_id=554768&wm_account_id=601354&wm_site_id=601354-1510588844257159&tsrc=pu
Requested by
Host: latest-554768.tgel2ebtx.ru
URL: https://latest-554768.tgel2ebtx.ru/click?node=413&winPrice=0.25&winCurrency=USD&id=1721668740000-3515
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.46.101.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.74.101.46.78.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Referer
https://latest-554768.tgel2ebtx.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
content-type
text/html; charset=UTF-8
date
Mon, 22 Jul 2024 17:19:26 GMT
last-modified
Monday, 22-Jul-2024 17:19:26 GMT
server
nginx
Primary Request t.php
schuster.marketing/ 		646 B
810 B 		Document
General
Check archive.org
Download Go to
Full URL
https://schuster.marketing/t.php?u=aHR0cHM6Ly9hc3NldHMuaWtobmFpZS5saW5rL2NsaWNrLmh0bWw%2Fd2djYW1wYWlnbmlkPTE1MjU0NzUmd2dwcm9ncmFtaWQ9Nzc2MyZ1dG1fc291cmNlPXdlYmdhaW5zJnV0bV9tZWRpdW09YWZmaWxpYXRlJnV0bV9jYW1wYWlnbj13ZWJnYWluc19ES183NzYzXzUgJmNsaWNrcmVmPURLXzc3NjNfMTcyMTY2ODc2Njg0NTQ%3D&t=NjAxMzU0eHh4NjAxMzU0LTE1MTA1ODg4NDQyNTcxNTk%3D&c=DK&tb=pu
Requested by
Host: approved.website
URL: https://approved.website/wgn_out.php?c=DK&campaign_id=554768&wm_account_id=601354&wm_site_id=601354-1510588844257159&tsrc=pu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
78.46.101.118 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.118.101.46.78.clients.your-server.de
Software
nginx /
Resource Hash
eaffd38a55cdec0e8e4bbb180edc95ecb2857adbf5802a500e59b2c01c29a7d2

Request headers

Referer
https://approved.website/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
content-type
text/html; charset=UTF-8
date
Mon, 22 Jul 2024 17:19:27 GMT
last-modified
Monday, 22-Jul-2024 17:19:27 GMT
server
nginx
click.html
assets.ikhnaie.link/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
assets.ikhnaie.link
URL
https://assets.ikhnaie.link/click.html?wgcampaignid=1525475&wgprogramid=7763&utm_source=webgains&utm_medium=affiliate&utm_campaign=webgains_DK_7763_5%20&clickref=DK_7763_17216687668454

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Domain/Path Name / Value
wisteinsight.com/ Name: GL_UI4
Value: eJw9jd1Og0AQhaGwtNWCTsID%2BAgstVgvTW99B7LLTula2GmGLdW3dzXRq%2FOTL%2BdEUbQoHyCeszUkV7WDJ1lXx6p56WSjt7XGZveKldxXeiuxqffPEtZ2ar3SA%2FoUVtOo2Ld%2BTmHTo0O2XduRwRweA%2FXXnB3dXApCs3ImBzEGYshhqZluE3KZQOrUiJAdTkxBxag%2BiCGRdRO8dcHHFSxoKpPiDsS7ddfPYpNFRZFFcH8ZlD8Sj601IYqelUGI32DVKY898RcsDU5nTxcAGkz7z%2F9%2BiuFnDTKDs%2B1CJH9C%2Fgbc802c
wisteinsight.com/ Name: GL_GI10
Value: eJwNykEKwjAURdHkDyKKFh52AV1BodVgx7YzZ7qCUEMarPkhjeLy7eAODlwhBJV7kI84NJ2uG93Wp7a%2BaEgHGm6gMWAz2PA26QWZQN0ZlAKK3kSfzVzdrfMcIEfseo42TMbZlR7Fdfa%2F6sHzJ6%2FDAlrb9pwiJ5MtZFQSlFkRaHmWAvKrjn8UbyJy
.viinufhg.com/ Name: sspUid
Value: b91a16aa57600d3a8120846a39131812
latest-554768.tgel2ebtx.ru/ Name: clickId_554768
Value: 1721668740000-115

2 Console Messages

Source Level URL
Text
network error URL: https://tubemate.us/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
security warning URL: https://viinufhg.com/dc/?blockID=351711&tb=http%3A%2F%2Finstacatcher.com%2F%3Flang%3Den(Line 10)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.