zz4u.checkthislive.com Open in urlscan Pro
176.9.80.29 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://taxa.fun/
Effective URL:
https://zz4u.checkthislive.com/pornhub?tag_id=111245&clickid=%7B4565764%7D&cl=4&dp=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&bu=https...
Submission Tags: falconsandbox
Submission: On November 09 via api (November 9th 2023, 12:40:33 am UTC) from US — Scanned from NL

Summary HTTP 220 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 2 countries across 18 domains to perform 220 HTTP transactions. The main IP is 176.9.80.29, located in and belongs to . The main domain is zz4u.checkthislive.com.
TLS certificate: Issued by R3 on September 12th 2023. Valid for: 3 months.

This is the only time zz4u.checkthislive.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 95	23.158.56.201 23.158.56.201	63023 (AS-GLOBAL...) (AS-GLOBALTELEHOST)
100	23.158.56.123 23.158.56.123	63023 (AS-GLOBAL...) (AS-GLOBALTELEHOST)
3	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
3	94.130.236.73 94.130.236.73	24940 (HETZNER-AS) (HETZNER-AS)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
3	178.63.48.167 178.63.48.167	24940 (HETZNER-AS) (HETZNER-AS)
1	144.76.158.184 144.76.158.184	24940 (HETZNER-AS) (HETZNER-AS)
1	2a04:4e42:200... 2a04:4e42:200::729	54113 (FASTLY) (FASTLY)
4	176.9.80.29 176.9.80.29	() ()
1	78.47.181.156 78.47.181.156	() ()
1	45.133.44.52 45.133.44.52	() ()
1	159.69.161.134 159.69.161.134	() ()
220	13

1 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

taxa.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

taxa.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sixest.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

95 23.158.56.201 (Frankfurt am Main, Germany) 2 redirects

ASN63023 (AS-GLOBALTELEHOST, US)
PTR: 201-56-158-23.clients.gthost.com

news-bafade.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
18488df33a.news-rekexe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

100 23.158.56.123 (Frankfurt am Main, Germany)

ASN63023 (AS-GLOBALTELEHOST, US)
PTR: 123-56-158-23.clients.gthost.com

news-baroge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b594691714.news-sufuba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.130.236.73 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: revopush-show-65.t.push.house

show.revopush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.63.48.167 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: push-house-cdn-182.t.push.house

img.cdn.house	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.158.184 (Sankt Augustin, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.184.158.76.144.clients.your-server.de

errors.house	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::729 (United States)

ASN54113 (FASTLY, US)

browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 176.9.80.29 (None, )

ASN- ()

checkthislive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zz4u.checkthislive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.47.181.156 (None, )

ASN- ()

metricswpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.133.44.52 (None, )

ASN- ()

js.wpshsdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.69.161.134 (None, )

ASN- ()

notification.tubecup.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
94	news-rekexe.com 1 redirects 18488df33a.news-rekexe.com	2 MB
94	news-sufuba.com b594691714.news-sufuba.com	2 MB
6	news-baroge.com news-baroge.com	191 KB
4	checkthislive.com checkthislive.com zz4u.checkthislive.com	1 MB
4	gstatic.com fonts.gstatic.com	51 KB
3	cdn.house img.cdn.house — Cisco Umbrella Rank: 15912	11 KB
3	revopush.com show.revopush.com — Cisco Umbrella Rank: 21394	2 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
2	taxa.fun 2 redirects taxa.fun	2 KB
1	tubecup.net notification.tubecup.net	201 B
1	wpshsdk.com js.wpshsdk.com	238 B
1	metricswpsh.com metricswpsh.com
1	sixest.fun 1 redirects sixest.fun	1 KB
1	sentry-cdn.com browser.sentry-cdn.com — Cisco Umbrella Rank: 4015	20 KB
1	errors.house errors.house — Cisco Umbrella Rank: 302030 Failed	2 KB
1	news-bafade.cc 1 redirects news-bafade.cc — Cisco Umbrella Rank: 863752	120 B
0	Failed function sub() { [native code] }. Failed
0	pornhub.com Failed cdn-d-img.pornhub.com Failed
220	18

	Domain	Requested by
94	18488df33a.news-rekexe.com	1 redirects b594691714.news-sufuba.com 18488df33a.news-rekexe.com
94	b594691714.news-sufuba.com	news-baroge.com b594691714.news-sufuba.com
6	news-baroge.com	news-baroge.com
4	fonts.gstatic.com	fonts.googleapis.com
3	zz4u.checkthislive.com	checkthislive.com zz4u.checkthislive.com
3	img.cdn.house	news-baroge.com b594691714.news-sufuba.com
3	show.revopush.com	news-baroge.com b594691714.news-sufuba.com 18488df33a.news-rekexe.com
3	fonts.googleapis.com	news-baroge.com b594691714.news-sufuba.com 18488df33a.news-rekexe.com
2	taxa.fun	2 redirects
1	notification.tubecup.net
1	js.wpshsdk.com	zz4u.checkthislive.com
1	metricswpsh.com	zz4u.checkthislive.com
1	checkthislive.com	18488df33a.news-rekexe.com
1	sixest.fun	1 redirects
1	browser.sentry-cdn.com	errors.house
1	errors.house	news-baroge.com b594691714.news-sufuba.com browser.sentry-cdn.com 18488df33a.news-rekexe.com
1	news-bafade.cc	1 redirects
0	truncated Failed
0	cdn-d-img.pornhub.com Failed	b594691714.news-sufuba.com 18488df33a.news-rekexe.com
220	19

This site contains no links.

Subject Issuer	Validity	Valid
*.news-baroge.com R3	`2023-10-12` - `2024-01-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
show.revopush.com R3	`2023-09-28` - `2023-12-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
img.cdn.house R3	`2023-09-28` - `2023-12-27`	3 months	crt.sh
*.news-sufuba.com R3	`2023-10-12` - `2024-01-10`	3 months	crt.sh
errors.house R3	`2023-11-08` - `2024-02-06`	3 months	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-01` - `2024-09-01`	a year	crt.sh
*.news-rekexe.com R3	`2023-10-12` - `2024-01-10`	3 months	crt.sh
checkthislive.com R3	`2023-09-12` - `2023-12-11`	3 months	crt.sh
notification.tubecup.net R3	`2023-10-16` - `2024-01-14`	3 months	crt.sh
js.wpshsdk.com R3	`2023-09-22` - `2023-12-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://zz4u.checkthislive.com/pornhub?tag_id=111245&clickid=%7B4565764%7D&cl=4&dp=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&bu=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&eu=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&click=1&r=1
Frame ID: 42C7A43AE0258F6DB392CF5A263FBC33
Requests: 244 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://taxa.fun/ HTTP 301
https://taxa.fun/ HTTP 302
https://news-bafade.cc/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 HTTP 302
https://news-baroge.com/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Page URL
https://b594691714.news-sufuba.com/?i=1&id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Page URL
https://18488df33a.news-rekexe.com/?i=2&id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Page URL
https://18488df33a.news-rekexe.com/tb?id=8065020&land=38&monetization=user&p1=&p2=2aq1ko319chrph&p3=&p4=&type=r... HTTP 302
https://sixest.fun/WXb1wmPB HTTP 302
https://checkthislive.com/pornhub?tag_id=111245&clickid={4565764}&cl=4&dp=https%3A%2F%2Fsixest.fun%2Fz... Page URL
https://zz4u.checkthislive.com/pornhub?tag_id=111245&clickid=%7B4565764%7D&cl=4&dp=https%3A%2F%2Fsixest.fun... Page URL

Detected technologies

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

sweetalert2(?:\.all)?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

220
Requests

98 %
HTTPS

36 %
IPv6

18
Domains

19
Subdomains

13
IPs

2
Countries

4821 kB
Transfer

5479 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://taxa.fun/ HTTP 301
https://taxa.fun/ HTTP 302
https://news-bafade.cc/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 HTTP 302
https://news-baroge.com/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Page URL
https://b594691714.news-sufuba.com/?i=1&id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Page URL
https://18488df33a.news-rekexe.com/?i=2&id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Page URL
https://18488df33a.news-rekexe.com/tb?id=8065020&land=38&monetization=user&p1=&p2=2aq1ko319chrph&p3=&p4=&type=rejected HTTP 302
https://sixest.fun/WXb1wmPB HTTP 302
https://checkthislive.com/pornhub?tag_id=111245&clickid={4565764}&cl=4&dp=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&bu=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&eu=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&click=1 Page URL
https://zz4u.checkthislive.com/pornhub?tag_id=111245&clickid=%7B4565764%7D&cl=4&dp=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&bu=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&eu=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&click=1&r=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://taxa.fun/ HTTP 301
https://taxa.fun/ HTTP 302
https://news-bafade.cc/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 HTTP 302
https://news-baroge.com/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4

Request Chain 212

https://18488df33a.news-rekexe.com/tb?id=8065020&land=38&monetization=user&p1=&p2=2aq1ko319chrph&p3=&p4=&type=rejected HTTP 302
https://sixest.fun/WXb1wmPB HTTP 302
https://checkthislive.com/pornhub?tag_id=111245&clickid={4565764}&cl=4&dp=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&bu=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&eu=https%3A%2F%2Fsixest.fun%2Fz3DbMgyy&click=1

220 HTTP transactions
24 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
news-baroge.com/
Redirect Chain

http://taxa.fun/
https://taxa.fun/
https://news-bafade.cc/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4
https://news-baroge.com/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4

2 KB
3 KB

410ms
99ms

Document
text/html

23.158.56.123
AS-GLOBALTELEHOST

General

Domain/Path	Expires	Name / Value
taxa.fun/	1970-01-20 16:49:28	Name: _subid Value: 2aq1ko319chrph
taxa.fun/	1970-01-20 16:49:28	Name: _token Value: uuid_2aq1ko319chrph_2aq1ko319chrph654c2a7a21b8b7.79575736
taxa.fun/	1970-01-21 01:40:50	Name: 330d8 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc5MFwiOjE2OTk0OTA0MjZ9LFwiY2FtcGFpZ25zXCI6e1wiMTk0XCI6MTY5OTQ5MDQyNn0sXCJ0aW1lXCI6MTY5OTQ5MDQyNn0ifQ.fp_Of8Utf0_RSJX_qfXjfVag2iNby_PlV07w2i04Cr0
news-baroge.com/	1970-01-20 16:06:16	Name: clickdata Value: eyJzdWJhY2MiOjgwNjUwMjAsImxhbmQiOjIwLCJwMiI6IjJhcTFrbzMxOWNocnBoIn0=
b594691714.news-sufuba.com/	1970-01-20 16:06:16	Name: clickdata Value: eyJzdWJhY2MiOjgwNjUwMjAsImxhbmQiOjM4LCJwMiI6IjJhcTFrbzMxOWNocnBoIn0=
18488df33a.news-rekexe.com/	1970-01-20 16:06:16	Name: clickdata Value: eyJzdWJhY2MiOjgwNjUwMjAsImxhbmQiOjM4LCJwMiI6IjJhcTFrbzMxOWNocnBoIn0=

Source	Level	URL Text
javascript	error	URL: https://news-baroge.com/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Message: Access to script at 'https://errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js' from origin 'https://news-baroge.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js Message: Failed to load resource: net::ERR_FAILED
other	error	URL: https://news-baroge.com/?id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network	error	URL: https://cdn-d-img.pornhub.com/m=ecuK8daaaa/videos/201504/13/47540711/original/3.jpg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	error	URL: https://b594691714.news-sufuba.com/?i=1&id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
javascript	error	URL: https://18488df33a.news-rekexe.com/?i=2&id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Message: Access to script at 'https://errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js' from origin 'https://18488df33a.news-rekexe.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://errors.house/js-sdk-loader/c682bf15f58a4ecea9ff491233690e22.min.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cdn-d-img.pornhub.com/m=ecuK8daaaa/videos/201504/13/47540711/original/3.jpg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	error	URL: https://18488df33a.news-rekexe.com/?i=2&id=8065020&p1=&p2=2aq1ko319chrph&p3=&p4=sub4 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

zz4u.checkthislive.com Open in urlscan Pro 176.9.80.29 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

220 Requests

98 %HTTPS

36 %IPv6

18 Domains

19 Subdomains

13 IPs

2 Countries

4821 kBTransfer

5479 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

220 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 24 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

zz4u.checkthislive.com Open in urlscan Pro
176.9.80.29 Public Scan

Screenshot
Live screenshot

Full Image

220
Requests

98 %
HTTPS

36 %
IPv6

18
Domains

19
Subdomains

13
IPs

2
Countries

4821 kB
Transfer

5479 kB
Size

6
Cookies

220 HTTP transactions
24 data transactions