urlscan.io logo urlscan.io
SecurityTrails logo

thaqafia.com Open in urlscan Pro
108.179.234.183  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.3000cruises.ru/NL8O4//cf3bd309aa12ab8e5a46c24a770725fe/pfcb/fr/?i=3707104&i=3707104
Effective URL: http://thaqafia.com/new.php
Submission: On August 18 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 6 countries across 12 domains to perform 18 HTTP transactions. The main IP is 108.179.234.183, located in Houston, United States and belongs to CYRUSONE - CyrusOne LLC, US. The main domain is thaqafia.com.
This is the only time thaqafia.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 213.242.221.210 3253 (SOVINTEL-...)
1 1 2a00:1450:400... 15169 (GOOGLE)
2 108.179.234.183 20013 (CYRUSONE)
1 188.72.202.46 35415 (WEBZILLA)
3 206.190.151.100 29854 (WESTHOST)
3 4 173.192.101.24 36351 (SOFTLAYER)
3 108.168.193.189 36351 (SOFTLAYER)
1 185.59.220.22 60068 (CDN77)
1 2a00:1450:400... 15169 (GOOGLE)
1 188.72.202.47 35415 (WEBZILLA)
1 216.21.13.17 53334 (TUT-AS)
1 2400:cb00:204... 13335 (CLOUDFLAR...)
2 94.31.29.128 54104 (AS-STACKPATH)
18 13
1    213.242.221.210 (Russian Federation)

ASN3253 (SOVINTEL-EF-AS, RU)
www.3000cruises.ru
1    2a00:1450:4001:81e::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
goo.gl
2    108.179.234.183 (Houston, United States)

ASN20013 (CYRUSONE - CyrusOne LLC, US)
rakanbushnaq.net
thaqafia.com
1    188.72.202.46 (Netherlands)

ASN35415 (WEBZILLA, NL)
pusherism.com
3    206.190.151.100 (Providence, United States)

ASN29854 (WESTHOST - WestHost, Inc., US)
PTR: phase.stable-connect.com
img.viralnova.com
4    173.192.101.24 (Dallas, United States)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 18.65.c0ad.ip4.static.sl-reverse.com
p204915.clksite.com
clksite.com
3    108.168.193.189 (Dallas, United States)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: bd.c1.a86c.ip4.static.sl-reverse.com
mybestmv.com
1    185.59.220.22 (Frankfurt, Germany)

ASN60068 (CDN77, GB)
PTR: frankfurt-20.cdn77.com
c1.popads.net
1    2a00:1450:4001:80b::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.youtube.com
1    188.72.202.47 (Netherlands)

ASN35415 (WEBZILLA, NL)
pusherism.com
1    216.21.13.17 (United States)

ASN53334 (TUT-AS - Total Uptime Technologies, LLC, US)
serve.popads.net
1    2400:cb00:2048:1::6811:a7ba (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
c.adsco.re
2    94.31.29.128 (United Kingdom)

ASN54104 (AS-STACKPATH - netDNA, US)
PTR: 94.31.29.128.IPYX-077437-ZYO.above.net
p204915.mycdn.co
Domain Requested by
3 mybestmv.com thaqafia.com
3 img.viralnova.com thaqafia.com
2 clksite.com 1 redirects thaqafia.com
2 p204915.mycdn.co mybestmv.com
2 p204915.clksite.com 2 redirects
2 pusherism.com thaqafia.com
pusherism.com
1 c.adsco.re serve.popads.net
1 serve.popads.net c1.popads.net
1 www.youtube.com thaqafia.com
1 c1.popads.net thaqafia.com
1 thaqafia.com
1 rakanbushnaq.net
1 goo.gl 1 redirects
1 www.3000cruises.ru
18 14

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.youtube.com
www.intango.com
Subject Issuer Validity Valid
*.google.com
Google Internet Authority G3		 2018-08-07 -
2018-10-16		 2 months crt.sh
pusherism.com
RapidSSL SHA256 CA - G2		 2017-11-30 -
2018-11-30		 a year crt.sh
*.clksite.com
COMODO RSA Domain Validation Secure Server CA		 2017-10-09 -
2018-10-27		 a year crt.sh

This page contains 2 frames:

Primary Page: http://thaqafia.com/new.php
Frame ID: 8E5EA69A4CD3E33EAEA1585144CBE6C4
Requests: 18 HTTP requests in this frame

Frame: https://www.youtube.com/embed/UnP7-1-W4VQ?autoplay=0
Frame ID: AFFDD9EABEDE3613D21A53BBB88A769B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.3000cruises.ru/NL8O4//cf3bd309aa12ab8e5a46c24a770725fe/pfcb/fr/?i=3707104&i=3707104 Page URL
  2. https://goo.gl/NhdyXJ HTTP 301
    http://rakanbushnaq.net/new.php Page URL
  3. http://thaqafia.com/new.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

18
Requests

17 %
HTTPS

23 %
IPv6

12
Domains

14
Subdomains

13
IPs

6
Countries

284 kB
Transfer

650 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.3000cruises.ru/NL8O4//cf3bd309aa12ab8e5a46c24a770725fe/pfcb/fr/?i=3707104&i=3707104 Page URL
  2. https://goo.gl/NhdyXJ HTTP 301
    http://rakanbushnaq.net/new.php Page URL
  3. http://thaqafia.com/new.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://goo.gl/NhdyXJ HTTP 301
  • http://rakanbushnaq.net/new.php
Request Chain 6
  • http://p204915.clksite.com/adServe/banners?tid=204915_600711_0&tagid=2&hybridPop=true HTTP 301
  • http://mybestmv.com/adServe/banners?tid=204915_600711_0&tagid=2&hybridPop=true
Request Chain 8
  • http://www.youtube.com/embed/UnP7-1-W4VQ?autoplay=0 HTTP 307
  • https://www.youtube.com/embed/UnP7-1-W4VQ?autoplay=0
Request Chain 10
  • http://p204915.clksite.com/adServe/banners?tid=204915_600711_1&tagid=2&hybridPop=true HTTP 301
  • http://mybestmv.com/adServe/banners?tid=204915_600711_1&tagid=2&hybridPop=true
Request Chain 14
  • http://clksite.com/adServe/banners?tid=204915_380011_1&pause=5 HTTP 301
  • http://mybestmv.com/adServe/banners?tid=204915_380011_1&pause=5

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.3000cruises.ru/NL8O4//cf3bd309aa12ab8e5a46c24a770725fe/pfcb/fr/ 		66 B
306 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.3000cruises.ru/NL8O4//cf3bd309aa12ab8e5a46c24a770725fe/pfcb/fr/?i=3707104&i=3707104
Protocol
HTTP/1.1
Server
213.242.221.210 , Russian Federation, ASN3253 (SOVINTEL-EF-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Host
www.3000cruises.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
8E5EA69A4CD3E33EAEA1585144CBE6C4

Response headers

Server
nginx
Date
Sat, 18 Aug 2018 15:05:45 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=20
Content-Encoding
gzip
new.php
rakanbushnaq.net/
Redirect Chain
  • https://goo.gl/NhdyXJ
  • http://rakanbushnaq.net/new.php
76 B
355 B 		Document
General
Check archive.org
Download Go to
Full URL
http://rakanbushnaq.net/new.php
Protocol
HTTP/1.1
Server
108.179.234.183 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
d59568485498cd7d1a1964e97330ab6d4ea1b2067b71f79d246216125241bce4

Request headers

Host
rakanbushnaq.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.3000cruises.ru/NL8O4//cf3bd309aa12ab8e5a46c24a770725fe/pfcb/fr/?i=3707104&i=3707104
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
8E5EA69A4CD3E33EAEA1585144CBE6C4
Referer
http://www.3000cruises.ru/NL8O4//cf3bd309aa12ab8e5a46c24a770725fe/pfcb/fr/?i=3707104&i=3707104

Response headers

Server
nginx/1.12.2
Date
Sat, 18 Aug 2018 15:05:46 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Acc-Exp
600
X-Proxy-Cache
BYPASS rakanbushnaq.net
Content-Encoding
gzip

Redirect headers

status
301
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sat, 18 Aug 2018 15:05:45 GMT
location
http://rakanbushnaq.net/new.php
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
content-length
177
server
GSE
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
Primary Request new.php
thaqafia.com/ 		169 KB
64 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://thaqafia.com/new.php
Protocol
HTTP/1.1
Server
108.179.234.183 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
b9e3285ddb0ce9e65cddb7709472ffa58370e6bcc4e1bec3f0d9a80c52c93c59

Request headers

Host
thaqafia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://rakanbushnaq.net/new.php
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
8E5EA69A4CD3E33EAEA1585144CBE6C4
Referer
http://rakanbushnaq.net/new.php

Response headers

Server
nginx/1.12.2
Date
Sat, 18 Aug 2018 15:05:46 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Acc-Exp
600
X-Proxy-Cache
BYPASS thaqafia.com
Content-Encoding
gzip
ntfc.php
pusherism.com/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pusherism.com/ntfc.php?p=1907432&tco=1
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
HTTP/1.1
Server
188.72.202.46 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash
d555fab7a08bea173402b2f6d7c8339e3757647913bc5f99c6178ccc6d497660
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 18 Aug 2018 15:05:41 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Timing-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, max-age=0, no-cache
Strict-Transport-Security
max-age=1
Content-Type
application/javascript
Expires
Mon, 26 Jul 1997 05:00:00 GMT
desktop-1517001554.png
img.viralnova.com/000/507/977/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.viralnova.com/000/507/977/desktop-1517001554.png
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
HTTP/1.1
Server
206.190.151.100 Providence, United States, ASN29854 (WESTHOST - WestHost, Inc., US),
Reverse DNS
phase.stable-connect.com
Software
/
Resource Hash
6c5f27be2fb3eeed2b01da8a7b93aa13f8213e0e3e737f5620ed5e753f48a846

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 18 Aug 2018 15:05:47 GMT
Via
1.1 93bbe0e7a09d324975fb7968b790db93.cloudfront.net (CloudFront), 1.1 varnish
CF-Cache-Status
HIT
X-Cacheable
YES
Age
17074
CF-RAY
44c3a6fd65384fed-DEN
X-Cache
yHIT
Connection
keep-alive
Content-Length
18289
Last-Modified
Fri, 26 Jan 2018 21:19:15 GMT
ETag
"e3be115eaff56041e3dcd20ef690f7e0"
Vary
Accept-Encoding
X-Varnish
1430977513 1430962452
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
X-Amz-Cf-Id
iavOIbBiNLPfZ5f2OjdjGEuRDI_VsWbflh1t_4EUFzjR7aTJdUF-_Q==
Expires
Sun, 18 Aug 2019 10:21:13 GMT
desktop-1517001556.png
img.viralnova.com/000/507/978/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.viralnova.com/000/507/978/desktop-1517001556.png
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
HTTP/1.1
Server
206.190.151.100 Providence, United States, ASN29854 (WESTHOST - WestHost, Inc., US),
Reverse DNS
phase.stable-connect.com
Software
/
Resource Hash
f69d0be4feb5f52127cdaa44b0ddaeb0aa104e72c7dbec7cbc6759ad8f05d4cf

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 18 Aug 2018 15:05:47 GMT
Via
1.1 f58cdb0e43d281e74101f60fc3b46398.cloudfront.net (CloudFront), 1.1 varnish
CF-Cache-Status
HIT
X-Cacheable
YES
Age
13474
CF-RAY
44c3fee2e6bf4ff9-DEN
X-Cache
yHIT
Connection
keep-alive
Content-Length
23996
Last-Modified
Fri, 26 Jan 2018 21:19:17 GMT
ETag
"d830ce83d9999cf567f9defaa2878dc1"
Vary
Accept-Encoding
X-Varnish
1430977514 1430965081
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
X-Amz-Cf-Id
cysq-EBqz5r9qnUSmqQsNeTF1FGZCUtMTeplzwQ3R_mlJRat78w3QQ==
Expires
Sun, 18 Aug 2019 11:21:13 GMT
desktop-1517001557.png
img.viralnova.com/000/507/979/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.viralnova.com/000/507/979/desktop-1517001557.png
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
HTTP/1.1
Server
206.190.151.100 Providence, United States, ASN29854 (WESTHOST - WestHost, Inc., US),
Reverse DNS
phase.stable-connect.com
Software
/
Resource Hash
7a244d5a5875bdbc9d069b5cee2d353ea9b0cbc54ff6c146632ced5b99faf4b7

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 18 Aug 2018 15:05:47 GMT
Via
1.1 01635f0b43503ebd4bd390ca2787acb4.cloudfront.net (CloudFront), 1.1 varnish
CF-Cache-Status
HIT
X-Cacheable
YES
Age
13474
CF-RAY
44c3fee2e10a4ff3-DEN
X-Cache
yHIT
Connection
keep-alive
Content-Length
19878
Last-Modified
Fri, 26 Jan 2018 21:19:18 GMT
ETag
"293a5ec4b99361acd6202ed7dda1ee51"
Vary
Accept-Encoding
X-Varnish
1430977515 1430965082
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
X-Amz-Cf-Id
A2b7z3KZVhUvb7F89ulLpm5eYwwtdboMl-MPqAKmPyLBKu72JZIZpA==
Expires
Sun, 18 Aug 2019 11:21:13 GMT
banners
mybestmv.com/adServe/
Redirect Chain
  • http://p204915.clksite.com/adServe/banners?tid=204915_600711_0&tagid=2&hybridPop=true
  • http://mybestmv.com/adServe/banners?tid=204915_600711_0&tagid=2&hybridPop=true
25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mybestmv.com/adServe/banners?tid=204915_600711_0&tagid=2&hybridPop=true
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
HTTP/1.1
Server
108.168.193.189 Dallas, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS
bd.c1.a86c.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
b9724a8eb013ea933e5f7d2ed6076e875a0b82ad57be4377c29340221f5398dd

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 18 Aug 2018 15:05:47 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=5
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
http://mybestmv.com/adServe/banners?tid=204915_600711_0&tagid=2&hybridPop=true
Date
Sat, 18 Aug 2018 15:05:46 GMT
Server
nginx
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
178
Content-Type
text/html
pop.js
c1.popads.net/ 		68 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c1.popads.net/pop.js
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
HTTP/1.1
Server
185.59.220.22 Frankfurt, Germany, ASN60068 (CDN77, GB),
Reverse DNS
frankfurt-20.cdn77.com
Software
CDN77-Turbo /
Resource Hash
fefc31fe8b6a75aa50147bc062e2ed750e20c8d78fb24a02342c17f15f2f261a

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 18 Aug 2018 15:05:46 GMT
Content-Encoding
gzip
Last-Modified
Sun, 15 Apr 2018 14:16:47 GMT
Server
CDN77-Turbo
X-Edge-Location
frankfurtDE
ETag
W/"5ad35ecf-1108b"
Transfer-Encoding
chunked
X-Cache
HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
X-Edge-IP
185.59.220.20
Connection
keep-alive
X-Age
353741
Expires
Tue, 14 Aug 2018 12:50:04 GMT
UnP7-1-W4VQ
www.youtube.com/embed/ Frame AFFD
Redirect Chain
  • http://www.youtube.com/embed/UnP7-1-W4VQ?autoplay=0
  • https://www.youtube.com/embed/UnP7-1-W4VQ?autoplay=0
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/UnP7-1-W4VQ?autoplay=0
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:80b::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/UnP7-1-W4VQ?autoplay=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://thaqafia.com/new.php
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
8E5EA69A4CD3E33EAEA1585144CBE6C4
Referer
http://thaqafia.com/new.php

Response headers

status
200
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
gzip
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
cache-control
no-cache
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
expires
Tue, 27 Apr 1971 19:44:06 EST
date
Sat, 18 Aug 2018 15:05:46 GMT
server
YouTube Frontend Proxy
set-cookie
VISITOR_INFO1_LIVE=XsfwEOh9GwY; path=/; domain=.youtube.com; expires=Thu, 14-Feb-2019 15:05:46 GMT; httponly PREF=f1=50000000; path=/; domain=.youtube.com; expires=Fri, 19-Apr-2019 02:58:46 GMT YSC=39dQ_ioCzPw; path=/; domain=.youtube.com; httponly GPS=1; path=/; domain=.youtube.com; expires=Sat, 18-Aug-2018 15:35:46 GMT VISITOR_INFO1_LIVE=XsfwEOh9GwY; path=/; domain=.youtube.com; expires=Thu, 14-Feb-2019 15:05:46 GMT; httponly
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"

Redirect headers

Location
https://www.youtube.com/embed/UnP7-1-W4VQ?autoplay=0
Non-Authoritative-Reason
HSTS
ntfc.php
pusherism.com/ 		86 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pusherism.com/ntfc.php?p=1907432&r=ui&swver=3.0.77
Requested by
Host: pusherism.com
URL: http://pusherism.com/ntfc.php?p=1907432&tco=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
188.72.202.47 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash
9d4afdeb30fe2b4f5b025494296ec254e9407cfdfa99916ef2b75b4b68cfec6f
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 18 Aug 2018 15:05:45 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
private, max-age=86400
Strict-Transport-Security
max-age=1
Timing-Allow-Origin
*
banners
mybestmv.com/adServe/
Redirect Chain
  • http://p204915.clksite.com/adServe/banners?tid=204915_600711_1&tagid=2&hybridPop=true
  • http://mybestmv.com/adServe/banners?tid=204915_600711_1&tagid=2&hybridPop=true
25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mybestmv.com/adServe/banners?tid=204915_600711_1&tagid=2&hybridPop=true
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
HTTP/1.1
Server
108.168.193.189 Dallas, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS
bd.c1.a86c.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
acba7a72cddebba29261e446dbdd9efdd8dd3b249a78e02c630770dc139b7a58

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 18 Aug 2018 15:05:47 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=5
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
http://mybestmv.com/adServe/banners?tid=204915_600711_1&tagid=2&hybridPop=true
Date
Sat, 18 Aug 2018 15:05:47 GMT
Server
nginx
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
178
Content-Type
text/html
c
serve.popads.net/ 		239 B
777 B 		Script
General
Check archive.org
Download Go to
Full URL
http://serve.popads.net/c?r=1534604746&v=3&siteId=2805692&minBid=&popundersPerIP=&blockedCountries=&documentRef=http%3A%2F%2Frakanbushnaq.net%2Fnew.php&s=1600,1200,1,1600,1200
Requested by
Host: c1.popads.net
URL: http://c1.popads.net/pop.js
Protocol
HTTP/1.1
Server
216.21.13.17 , United States, ASN53334 (TUT-AS - Total Uptime Technologies, LLC, US),
Reverse DNS
Software
/
Resource Hash
d86b67f4e7c17128db63100b995e2ba5975d8bfef0c6825edd46d40decdcc610

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://thaqafia.com/new.php
Origin
http://thaqafia.com

Response headers

Pragma
no-cache
Date
Sat, 18 Aug 2018 15:05:46 GMT
Access-Control-Allow-Origin
*
Content-Type
text/javascript;charset=UTF-8
PopAds-EC
GIID
Cache-Control
private, no-store, no-cache, must-revalidate, no-transform, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
239
/
c.adsco.re/ 		5 B
381 B 		Script
General
Check archive.org
Download Go to
Full URL
http://c.adsco.re/
Requested by
Host: serve.popads.net
URL: http://serve.popads.net/c?r=1534604746&v=3&siteId=2805692&minBid=&popundersPerIP=&blockedCountries=&documentRef=http%3A%2F%2Frakanbushnaq.net%2Fnew.php&s=1600,1200,1,1600,1200
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::6811:a7ba , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6bdfcd47d10e9491b11ac64c8000b525b1dfb3d7590668bc4637f05a50f183b

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 18 Aug 2018 15:05:47 GMT
Cache-Control
max-age=259200,public,immutable
Server
cloudflare
Connection
keep-alive
CF-RAY
44c547d516a26451-FRA
Content-Length
5
Content-Type
text/plain;charset=UTF-8
rhpop_5.80-58.0.js
p204915.mycdn.co/script/ 		132 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://p204915.mycdn.co/script/rhpop_5.80-58.0.js
Requested by
Host: mybestmv.com
URL: http://mybestmv.com/adServe/banners?tid=204915_600711_0&tagid=2&hybridPop=true
Protocol
HTTP/1.1
Server
94.31.29.128 , United Kingdom, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
94.31.29.128.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
5899a2f85efa28f440c420e05f218fa9b244156accf5b6bd77253a66701c0d86

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 18 Aug 2018 15:05:47 GMT
Content-Encoding
gzip
Last-Modified
Wed, 18 Jul 2018 07:55:58 GMT
Server
NetDNA-cache/2.2
ETag
W/"5b4ef28e-21027"
Transfer-Encoding
chunked
X-Cache
HIT
Content-Type
application/javascript
Cache-Control
max-age=31104000
Connection
keep-alive
Expires
Tue, 13 Aug 2019 15:05:47 GMT
banners
mybestmv.com/adServe/
Redirect Chain
  • http://clksite.com/adServe/banners?tid=204915_380011_1&pause=5
  • http://mybestmv.com/adServe/banners?tid=204915_380011_1&pause=5
24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mybestmv.com/adServe/banners?tid=204915_380011_1&pause=5
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
HTTP/1.1
Server
108.168.193.189 Dallas, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS
bd.c1.a86c.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
59a2017803a7375a3a24969a5085d98e19b5c0820e7617c9f9618c66fddeda9f

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 18 Aug 2018 15:05:47 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=5
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
http://mybestmv.com/adServe/banners?tid=204915_380011_1&pause=5
Date
Sat, 18 Aug 2018 15:05:47 GMT
Server
nginx
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
178
Content-Type
text/html
advertisement.js
clksite.com/static/ 		27 B
363 B 		Script
General
Check archive.org
Download Go to
Full URL
https://clksite.com/static/advertisement.js
Requested by
Host: thaqafia.com
URL: http://thaqafia.com/new.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.192.101.24 Dallas, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS
18.65.c0ad.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
582dc3c50568b761094d84da5b58e54ab33061750ef04871288de8e57f3de79e

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 18 Aug 2018 15:05:47 GMT
Last-Modified
Mon, 12 Jun 2017 13:34:00 GMT
Server
nginx
ETag
"593e9848-1b"
Content-Type
application/javascript
Cache-Control
max-age=172800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
27
Expires
Mon, 20 Aug 2018 15:05:47 GMT
bounce-tag_5.80-58.0.js
p204915.mycdn.co/banners/bounce/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://p204915.mycdn.co/banners/bounce/bounce-tag_5.80-58.0.js
Requested by
Host: mybestmv.com
URL: http://mybestmv.com/adServe/banners?tid=204915_380011_1&pause=5
Protocol
HTTP/1.1
Server
94.31.29.128 , United Kingdom, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
94.31.29.128.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
919b2d8cdda0fd5a11b65cd266f88d18775f23cde9b5655065163534b37d194d

Request headers

Referer
http://thaqafia.com/new.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 18 Aug 2018 15:05:47 GMT
Content-Encoding
gzip
Last-Modified
Wed, 18 Jul 2018 07:55:58 GMT
Server
NetDNA-cache/2.2
ETag
W/"5b4ef28e-c144"
Transfer-Encoding
chunked
X-Cache
HIT
Content-Type
application/javascript
Cache-Control
max-age=31104000
Connection
keep-alive
Expires
Tue, 13 Aug 2019 15:05:47 GMT
truncated
/ 		577 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3d5de2aa4cb911b3c8f05f1f8346c2f6f549e33e011ee9c722f45e78d61ba205

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _pop function| s3EE object| leca object| Base64 string| popns object| BJPPopAds object| detectZoom object| PopAds object| _pao string| optionsAxXB324Fe string| laryAxXB324Fe object| _0x59e0 function| _0x3771 boolean| installOnFly object| mnr object| _$cmp object| _$pt object| _rhat2 string| _p function| Msd5875Ln195 function| _bp function| S9tt function| P4GG object| rhpt17762 function| _$ number| adblockFlag

4 Cookies

Domain/Path Name / Value
.youtube.com/ Name: PREF
Value: f1=50000000
.youtube.com/ Name: YSC
Value: HR3rsZz336o
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: h5Lt3NquSAM
thaqafia.com/ Name: rhid_c
Value: 0

2 Console Messages

Source Level URL
Text
console-api log URL: http://thaqafia.com/new.php(Line 78)
Message:
%c
console-api log URL: http://thaqafia.com/new.php(Line 80)
Message:
%c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.adsco.re
c1.popads.net
clksite.com
goo.gl
img.viralnova.com
mybestmv.com
p204915.clksite.com
p204915.mycdn.co
pusherism.com
rakanbushnaq.net
serve.popads.net
thaqafia.com
www.3000cruises.ru
www.youtube.com
108.168.193.189
108.179.234.183
173.192.101.24
185.59.220.22
188.72.202.46
188.72.202.47
206.190.151.100
213.242.221.210
216.21.13.17
2400:cb00:2048:1::6811:a7ba
2a00:1450:4001:80b::200e
2a00:1450:4001:81e::200e
94.31.29.128
3d5de2aa4cb911b3c8f05f1f8346c2f6f549e33e011ee9c722f45e78d61ba205
582dc3c50568b761094d84da5b58e54ab33061750ef04871288de8e57f3de79e
5899a2f85efa28f440c420e05f218fa9b244156accf5b6bd77253a66701c0d86
59a2017803a7375a3a24969a5085d98e19b5c0820e7617c9f9618c66fddeda9f
6c5f27be2fb3eeed2b01da8a7b93aa13f8213e0e3e737f5620ed5e753f48a846
7a244d5a5875bdbc9d069b5cee2d353ea9b0cbc54ff6c146632ced5b99faf4b7
919b2d8cdda0fd5a11b65cd266f88d18775f23cde9b5655065163534b37d194d
9d4afdeb30fe2b4f5b025494296ec254e9407cfdfa99916ef2b75b4b68cfec6f
a6bdfcd47d10e9491b11ac64c8000b525b1dfb3d7590668bc4637f05a50f183b
acba7a72cddebba29261e446dbdd9efdd8dd3b249a78e02c630770dc139b7a58
b9724a8eb013ea933e5f7d2ed6076e875a0b82ad57be4377c29340221f5398dd
b9e3285ddb0ce9e65cddb7709472ffa58370e6bcc4e1bec3f0d9a80c52c93c59
d555fab7a08bea173402b2f6d7c8339e3757647913bc5f99c6178ccc6d497660
d59568485498cd7d1a1964e97330ab6d4ea1b2067b71f79d246216125241bce4
d86b67f4e7c17128db63100b995e2ba5975d8bfef0c6825edd46d40decdcc610
f69d0be4feb5f52127cdaa44b0ddaeb0aa104e72c7dbec7cbc6759ad8f05d4cf
fefc31fe8b6a75aa50147bc062e2ed750e20c8d78fb24a02342c17f15f2f261a