urlscan.io logo urlscan.io
SecurityTrails logo

www.vipmaske.covid19testi.info Open in urlscan Pro
116.202.128.32  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.vipmaske.covid19testi.info/
Submission: On December 24 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 22 HTTP transactions. The main IP is 116.202.128.32, located in Germany and belongs to HETZNER-AS, DE. The main domain is www.vipmaske.covid19testi.info.
TLS certificate: Issued by R3 on December 24th 2020. Valid for: 3 months.
This is the only time www.vipmaske.covid19testi.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 116.202.128.32 24940 (HETZNER-AS)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 94.73.150.159 34619 (CIZGI)
1 2a00:1450:400... 15169 (GOOGLE)
22 6
13    116.202.128.32 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: cpanel2.hostlab.net.tr
www.vipmaske.covid19testi.info
2    2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh6.googleusercontent.com
3    2a00:1450:4001:815::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh3.googleusercontent.com
lh5.googleusercontent.com
1    94.73.150.159 (Turkey)

ASN34619 (CIZGI, TR)
PTR: 94-73-150-159.cizgibilgisayar.com
riddexturkiye.com
1    2a00:1450:4001:81f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
Domain Requested by
13 www.vipmaske.covid19testi.info www.vipmaske.covid19testi.info
2 lh3.googleusercontent.com www.vipmaske.covid19testi.info
2 lh6.googleusercontent.com www.vipmaske.covid19testi.info
1 www.youtube.com www.vipmaske.covid19testi.info
1 riddexturkiye.com www.vipmaske.covid19testi.info
1 lh5.googleusercontent.com www.vipmaske.covid19testi.info
0 fonts.googleapis.com Failed www.vipmaske.covid19testi.info
22 7

This site contains links to these domains. Also see Links.

Domain
api.whatsapp.com
instagram.com
Subject Issuer Validity Valid
www.vipmaske.covid19testi.info
R3		 2020-12-24 -
2021-03-24		 3 months crt.sh
*.googleusercontent.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
riddexturkiye.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-12 -
2021-06-12		 a year crt.sh
*.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.vipmaske.covid19testi.info/
Frame ID: 9AFA8A8A898FB600F1A0A611FB8ED298
Requests: 22 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bYH03UYW1Ec?rel=0&autoplay=1
Frame ID: F483EF88CDE80A4E461CFA89F49D80C2
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bYH03UYW1Ec?rel=0&autoplay=1
Frame ID: BE61A9640B144F010370DE46EF644557
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com\/(?:v|embed)/i
Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i
Overall confidence: 100%
Detected patterns
  • html /<link [^>]*href="[^"]+lightbox(?:\.min)?\.css/i
  • script /lightbox.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

22
Requests

91 %
HTTPS

60 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

1161 kB
Transfer

1793 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.vipmaske.covid19testi.info/ 		72 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
40f88554cb7fd2f831c99af5cc2f556787573609a1114bb70f4dfa159d098836

Request headers

:method
GET
:authority
www.vipmaske.covid19testi.info
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

set-cookie
PHPSESSID=v785cb7s9lc82hq8hv4si810h1; path=/
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
content-encoding
gzip
date
Thu, 24 Dec 2020 22:15:08 GMT
server
LiteSpeed
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000
jquery.js
www.vipmaske.covid19testi.info/javascript/ 		267 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/javascript/jquery.js
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
8ade6740a1d3cfedf81e28d9250929341207b23a55f1be90ccc26cf6d98e052a

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:08 GMT
content-encoding
br
last-modified
Thu, 16 Jul 2020 14:59:30 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
78778
expires
Thu, 31 Dec 2020 22:15:08 GMT
mobil-style.css
www.vipmaske.covid19testi.info/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/css/mobil-style.css
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
1eaf7fa1e72e9fdec0dd02177446f1d04e5000cbd59dab4f43be45aa085135e1

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:08 GMT
content-encoding
br
last-modified
Thu, 16 Jul 2020 14:59:30 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1863
expires
Thu, 31 Dec 2020 22:15:08 GMT
jquery.min.js
www.vipmaske.covid19testi.info/javascript/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/javascript/jquery.min.js
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 24 Dec 2020 22:15:08 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1236
content-type
text/html
jquery.mobile-1.4.2.min.js
www.vipmaske.covid19testi.info/javascript/ 		191 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/javascript/jquery.mobile-1.4.2.min.js
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
f98fd48328362914da559ab76b47eefef3d85437afa36d5da327ed40b2847aaa

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:08 GMT
content-encoding
br
last-modified
Thu, 16 Jul 2020 14:59:30 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
52789
expires
Thu, 31 Dec 2020 22:15:08 GMT
jquery.mobile-1.4.2.css
www.vipmaske.covid19testi.info/css/ 		235 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/css/jquery.mobile-1.4.2.css
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
e239a57e579bc4d5f6815eb8a42431d6fe725e4ffb7da525e34cf34805e37ed4

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:08 GMT
content-encoding
br
last-modified
Thu, 16 Jul 2020 14:59:30 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
26350
expires
Thu, 31 Dec 2020 22:15:08 GMT
jquery.lightbox.css
www.vipmaske.covid19testi.info/css/ 		5 KB
864 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/css/jquery.lightbox.css
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
bf09a356d2377e4b136a09ec3162e57b8767e23d0ae59aa4b84df557aec34322

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:08 GMT
content-encoding
br
last-modified
Thu, 16 Jul 2020 14:59:30 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
830
expires
Thu, 31 Dec 2020 22:15:08 GMT
jquery.lightbox.js
www.vipmaske.covid19testi.info/javascript/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/javascript/jquery.lightbox.js
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
a341167d295bc44e834d918b7babe326fa77e8eaa055970a28c7abc3db2d175e

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:08 GMT
content-encoding
br
last-modified
Thu, 16 Jul 2020 14:59:30 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
7691
expires
Thu, 31 Dec 2020 22:15:08 GMT
V6ETmnhtguVs_Dzqd3pbibAKcq1dTpkfp4bU4hpj8FrMWeuCjDnQ3YJ3qOsKqKIMnYLN2IMwnwvr8mD9HvNcVh9NEu-8cFjfpz2lCrzpe9ZpVQulDeOYGUScMRccaA=w1000
lh6.googleusercontent.com/ 		89 KB
89 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/V6ETmnhtguVs_Dzqd3pbibAKcq1dTpkfp4bU4hpj8FrMWeuCjDnQ3YJ3qOsKqKIMnYLN2IMwnwvr8mD9HvNcVh9NEu-8cFjfpz2lCrzpe9ZpVQulDeOYGUScMRccaA=w1000
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
29a9ad593228a7b88c969dd82df1116a0d9bbf4c862a0af9799325c1b0a965b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:09 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="1mas.jpg"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
90701
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 24 Dec 2020 14:22:24 GMT
F8AqEpLVeNqdy_fLFOb9Zoo9ogRElu7lGM7qhJUsfOtEyR1ZSryxOOktAhRSw5A5W8li20J7kzaF0r_x02xchCN3eLQdUfAl9TfbgKg-uEbOZEHKgzj1_KZh5LjNPA=w550
lh3.googleusercontent.com/ 		167 KB
167 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/F8AqEpLVeNqdy_fLFOb9Zoo9ogRElu7lGM7qhJUsfOtEyR1ZSryxOOktAhRSw5A5W8li20J7kzaF0r_x02xchCN3eLQdUfAl9TfbgKg-uEbOZEHKgzj1_KZh5LjNPA=w550
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5bbf63fc0d29c22ac3c929e40e78669aaefeb758c93128707c529a5cea0a78a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:09 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="2mas.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170878
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 24 Dec 2020 12:06:08 GMT
WsYfWCye-U72YslubOyMludpTL4Fm84mg1ag_uligEIC_A4YdM4bamxoahBaU2V01BOM3qp-Tjw50fs8fyQSA5ORgXQsFPJ-gNuL8cqthXeM5yo9Djkct658TvTOKQ=w550
lh5.googleusercontent.com/ 		158 KB
159 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/WsYfWCye-U72YslubOyMludpTL4Fm84mg1ag_uligEIC_A4YdM4bamxoahBaU2V01BOM3qp-Tjw50fs8fyQSA5ORgXQsFPJ-gNuL8cqthXeM5yo9Djkct658TvTOKQ=w550
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5f1eb6bdf2137b9b469e648f84268aa12e2de51e37a0619bd49c0ba525c2de58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:09 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="3mas - Kopya.png"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
162009
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 24 Dec 2020 12:06:08 GMT
93uVWn-RDWb9N5brGT_Z5cC28hFz7h7sn9wYEuOdz6EYkPoJtF8xihCm0E4pbfABpeYpQx6aW7mrnTJbuYcVHvlfKuzZIlC3SYPwtB7VykCf0YUPS_TMMpgribqPrQ=w1080
lh3.googleusercontent.com/ 		131 KB
131 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/93uVWn-RDWb9N5brGT_Z5cC28hFz7h7sn9wYEuOdz6EYkPoJtF8xihCm0E4pbfABpeYpQx6aW7mrnTJbuYcVHvlfKuzZIlC3SYPwtB7VykCf0YUPS_TMMpgribqPrQ=w1080
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9936333705b7b421fbabcb235f387544e6c5d2eae6560b71c09e03961a230162
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:09 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="7mas.jpeg"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133796
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 24 Dec 2020 12:06:08 GMT
whatsapp.png
riddexturkiye.com/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://riddexturkiye.com/whatsapp.png
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
94.73.150.159 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-150-159.cizgibilgisayar.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
922c9f4e0f0d52fb4c742a1b4e0dfb4d56e16bbd1bad5b430bd1b746a903f423

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Powered-By-Plesk
PleskWin
Date
Thu, 24 Dec 2020 22:15:01 GMT
Last-Modified
Sun, 14 Jun 2020 12:30:51 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"1c9c2aa44742d61:0"
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
20392
qHD6BdR7t4SXr16Arsd0mWbAFyYYoaoNwuQptxmWEubv0OVwEJUORuseDny_wl9KQ9rDw4F0pU55LEMDWZdiNtruT6mGby_41hPmy1T6mhO-pzXPyooEQQnmoHBQ8Q=w1024
lh6.googleusercontent.com/ 		412 KB
412 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/qHD6BdR7t4SXr16Arsd0mWbAFyYYoaoNwuQptxmWEubv0OVwEJUORuseDny_wl9KQ9rDw4F0pU55LEMDWZdiNtruT6mGby_41hPmy1T6mhO-pzXPyooEQQnmoHBQ8Q=w1024
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4398b5ff05baa92e8004dfd2ef9fc226c340daae77f8fe6c6e558bdf827e1418
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:09 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="1024px-Instagram_icon.png"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
421639
x-xss-protection
0
expires
Fri, 25 Dec 2020 22:15:09 GMT
jquery.chained.js
www.vipmaske.covid19testi.info/javascript/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/javascript/jquery.chained.js
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
2e9e0612507b2bac748f98424607fe3c2bb284efe09ea19c342819a849ad062a

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:08 GMT
content-encoding
br
last-modified
Thu, 16 Jul 2020 14:59:30 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1049
expires
Thu, 31 Dec 2020 22:15:08 GMT
jquery.chained.remote.js
www.vipmaske.covid19testi.info/javascript/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/javascript/jquery.chained.remote.js
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
ca9eb0f1ec43d7cdcc191f9fe7c6493020250c690093aca2ce3f37fe878e057c

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Dec 2020 22:15:08 GMT
content-encoding
br
last-modified
Thu, 16 Jul 2020 14:59:30 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1609
expires
Thu, 31 Dec 2020 22:15:08 GMT
css
fonts.googleapis.com/ 		0
0
jquery.min.js
www.vipmaske.covid19testi.info/javascript/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vipmaske.covid19testi.info/javascript/jquery.min.js
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash

Request headers

Referer
https://www.vipmaske.covid19testi.info/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 24 Dec 2020 22:15:08 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1236
content-type
text/html
bYH03UYW1Ec
www.youtube.com/embed/ Frame F483 		0
0
bYH03UYW1Ec
www.youtube.com/embed/ Frame BE61 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/bYH03UYW1Ec?rel=0&autoplay=1
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/javascript/jquery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/bYH03UYW1Ec?rel=0&autoplay=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.vipmaske.covid19testi.info/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.vipmaske.covid19testi.info/

Response headers

content-length
20826
cache-control
no-cache
x-content-type-options
nosniff
content-type
text/html; charset=utf-8
strict-transport-security
max-age=31536000
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
expires
Tue, 27 Apr 1971 19:44:06 GMT
date
Thu, 24 Dec 2020 22:15:09 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
set-cookie
VISITOR_INFO1_LIVE=GTmczJD_nYA; path=/; domain=.youtube.com; secure; expires=Tue, 22-Jun-2021 22:15:08 GMT; httponly; samesite=None YSC=XQTdpBS7kgQ; path=/; domain=.youtube.com; secure; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Thu, 24-Dec-2020 22:45:09 GMT VISITOR_INFO1_LIVE=GTmczJD_nYA; path=/; domain=.youtube.com; secure; expires=Tue, 22-Jun-2021 22:15:08 GMT; httponly; samesite=None
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ajax-loader.gif
www.vipmaske.covid19testi.info/css/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vipmaske.covid19testi.info/css/images/ajax-loader.gif
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/css/jquery.mobile-1.4.2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682

Request headers

Referer
https://www.vipmaske.covid19testi.info/css/jquery.mobile-1.4.2.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 24 Dec 2020 22:15:08 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1236
content-type
text/html
truncated
/ 		491 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b34342ec404b196c30262ebcf2cc15d14299ef083a974f4a87d8ad00f8208141

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
truncated
/ 		34 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif
jquery-lightbox-theme.png
www.vipmaske.covid19testi.info/css/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vipmaske.covid19testi.info/css/images/jquery-lightbox-theme.png
Requested by
Host: www.vipmaske.covid19testi.info
URL: https://www.vipmaske.covid19testi.info/css/jquery.lightbox.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
116.202.128.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cpanel2.hostlab.net.tr
Software
LiteSpeed /
Resource Hash
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682

Request headers

Referer
https://www.vipmaske.covid19testi.info/css/jquery.lightbox.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 24 Dec 2020 22:15:09 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
server
LiteSpeed
content-length
1236
content-type
text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext
Domain
www.youtube.com
URL
https://www.youtube.com/embed/bYH03UYW1Ec?rel=0&autoplay=1

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| jQuery1102021484641481993028 object| form function| onorientationchange

3 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: XQTdpBS7kgQ
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: GTmczJD_nYA
www.vipmaske.covid19testi.info/ Name: PHPSESSID
Value: v785cb7s9lc82hq8hv4si810h1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
lh3.googleusercontent.com
lh5.googleusercontent.com
lh6.googleusercontent.com
riddexturkiye.com
www.vipmaske.covid19testi.info
www.youtube.com
fonts.googleapis.com
www.youtube.com
116.202.128.32
2a00:1450:4001:815::2001
2a00:1450:4001:81b::2001
2a00:1450:4001:81f::200e
94.73.150.159
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1eaf7fa1e72e9fdec0dd02177446f1d04e5000cbd59dab4f43be45aa085135e1
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682
29a9ad593228a7b88c969dd82df1116a0d9bbf4c862a0af9799325c1b0a965b4
2e9e0612507b2bac748f98424607fe3c2bb284efe09ea19c342819a849ad062a
40f88554cb7fd2f831c99af5cc2f556787573609a1114bb70f4dfa159d098836
4398b5ff05baa92e8004dfd2ef9fc226c340daae77f8fe6c6e558bdf827e1418
5bbf63fc0d29c22ac3c929e40e78669aaefeb758c93128707c529a5cea0a78a2
5f1eb6bdf2137b9b469e648f84268aa12e2de51e37a0619bd49c0ba525c2de58
8ade6740a1d3cfedf81e28d9250929341207b23a55f1be90ccc26cf6d98e052a
922c9f4e0f0d52fb4c742a1b4e0dfb4d56e16bbd1bad5b430bd1b746a903f423
9936333705b7b421fbabcb235f387544e6c5d2eae6560b71c09e03961a230162
a341167d295bc44e834d918b7babe326fa77e8eaa055970a28c7abc3db2d175e
b34342ec404b196c30262ebcf2cc15d14299ef083a974f4a87d8ad00f8208141
bf09a356d2377e4b136a09ec3162e57b8767e23d0ae59aa4b84df557aec34322
ca9eb0f1ec43d7cdcc191f9fe7c6493020250c690093aca2ce3f37fe878e057c
e239a57e579bc4d5f6815eb8a42431d6fe725e4ffb7da525e34cf34805e37ed4
f98fd48328362914da559ab76b47eefef3d85437afa36d5da327ed40b2847aaa