govipshuttles.com Open in urlscan Pro
172.67.184.123 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tersano.ch/5Hikt
Effective URL:
https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03
Submission: On April 23 via manual (April 23rd 2024, 11:24:26 pm UTC) from AU — Scanned from CH

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 172.67.184.123, located in United States and belongs to CLOUDFLARENET, US. The main domain is govipshuttles.com.
TLS certificate: Issued by GTS CA 1P5 on April 22nd 2024. Valid for: 3 months.

This is the only time govipshuttles.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.67.136.186 172.67.136.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	52.23.188.146 52.23.188.146	14618 (AMAZON-AES) (AMAZON-AES)
1 10	172.67.184.123 172.67.184.123	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	1

1 172.67.136.186 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tersano.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.23.188.146 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-23-188-146.compute-1.amazonaws.com

mwamlp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.67.184.123 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

govipshuttles.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	govipshuttles.com 1 redirects govipshuttles.com	24 KB
1	mwamlp.com 1 redirects mwamlp.com	177 B
1	tersano.ch 1 redirects tersano.ch	436 B
9	3

	Domain	Requested by
10	govipshuttles.com	1 redirects govipshuttles.com
1	mwamlp.com	1 redirects
1	tersano.ch	1 redirects
9	3

This site contains no links.

Subject Issuer	Validity	Valid
govipshuttles.com GTS CA 1P5	`2024-04-22` - `2024-07-21`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03
Frame ID: 483EAF6B3361565CB4930F89E194576B
Requests: 5 HTTP requests in this frame

Frame: https://govipshuttles.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
Frame ID: 660B1BB186C26193569D4D499C42FCBA
Requests: 2 HTTP requests in this frame

Frame: https://govipshuttles.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: 2957DD847590A37A5340BF1FF1879D53
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

https://tersano.ch/5Hikt HTTP 301
https://mwamlp.com/5Hikt HTTP 302
https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03 Page URL
https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03 Page URL

Page Statistics

9
Requests

78 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

1
Countries

23 kB
Transfer

31 kB
Size

15
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tersano.ch/5Hikt HTTP 301
https://mwamlp.com/5Hikt HTTP 302
https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03 Page URL
https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://tersano.ch/5Hikt HTTP 301
https://mwamlp.com/5Hikt HTTP 302
https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03

Request Chain 2

https://govipshuttles.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://govipshuttles.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

503

/ Show response
govipshuttles.com/
Redirect Chain

https://tersano.ch/5Hikt
https://mwamlp.com/5Hikt
https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03

8 KB
8 KB

133ms
90ms

Document
text/html

172.67.184.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.184.123 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5ec4b3075dfc15d589e96984af5ff0a7bb5904980ed2c4b7b7b46482fef4675

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 87919b44fe7591e7-FRA
content-type: text/html; charset=utf-8
date: Tue, 23 Apr 2024 23:24:20 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6VQOvigjun3p%2BOG4%2FCOgtF1aZZNHJluwdsHqPnajqnddOmY4OrxQzsYSsKRKkc%2BZzZ7K8eSvCuQAHSfViGFZLkOUJ9VdosgB%2Bj3i27SBCs6O9vFnYOdIMxlSwGE3IBp7fDtPeg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

content-length: 0
date: Tue, 23 Apr 2024 23:24:20 GMT
location: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03
server: nginx
x-powered-by: PleskLin
x-request-id: 206948ca-523a-4650-a839-0fcc317c8367

POST
H3 204 /
govipshuttles.com/ 0
911 B 59ms
59ms XHR
text/plain 172.67.184.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03

Requested by

Host: govipshuttles.com
URL: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.184.123 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
w5O5Rebn-mDUekaQtPuISOats4c: 42282446
X-Requested-TimeStamp-Expire
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination: GET
Content-type: application/x-www-form-urlencoded
X-Requested-Type: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
StidoLX5nwFOL7Tcze3IggynS0: c8igAss5nfvLwoSw2DL4Z55Pag4
Referer: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03
X-Requested-with: XMLHttpRequest
X-Requested-TimeStamp
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 23:24:20 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h3qURv%2FJylsGPyMo2qTQzm21DYZIagcA3BQEAK2CuL5h8mtydWMii91PVaVKN1icp%2Bn%2FxEH7JUcBL31kIIG9XgySdS5r%2FUEQfVRZkcwZwh8pv%2FobzMCdJOMiBrXqfGj5lRurRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 87919b45bed391e7-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

GET
H3

200

main.js Show response
govipshuttles.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/ Frame 660B
Redirect Chain

https://govipshuttles.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://govipshuttles.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

8 KB
4 KB

26ms
25ms

Script
application/javascript

172.67.184.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://govipshuttles.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

Protocol

Server

172.67.184.123 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93d70198a15a457ba86bd2178b5c099cf40d949e7a7aca1ad040cc05c9ea6ef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Apr 2024 23:24:20 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vuXZn0ZlumvobMtOH4M1IA6cN7kqtKIFxl1QhTuzST7752hGPngWF5pwz1sQgGkU7BTZdL60TX17iJt6xpyBn6YnZNuv5%2Bdfjo8XfAVYQi1%2FeYx2AaxDDqfNjpt72UMSlFDjnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 87919b45eee391e7-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 23 Apr 2024 23:24:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lcrPVF1kcmgBJRT7vqbQ1Ixw2J0ykpSpe8Kj0ce%2FWUqJaoyl2v1jqO%2BD1uZJNNXV6WGrCGOqBL3BnjBlg0F9ZT9%2F2qlM7N1bGSlATtpYy0xdGoI%2B9YY6udn1mjXxm9hECfhkAw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
cache-control: max-age=300, public
cf-ray: 87919b45bed591e7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 503 favicon.ico
govipshuttles.com/ 6 KB
7 KB 83ms
83ms Other
text/html 172.67.184.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://govipshuttles.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.184.123 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 23:24:20 GMT
x-content-type-options: nosniff, nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qlg%2BYHlclBFLe43IoET0P73gIotmf7JDfLHXW3kn0qJyrsIcwLYCMoG2cW1c9hvz9eFIJjy%2BZW095lvR%2F5hkbnaEmvG4y4GlMDk9FkgSurJtkfB8zWMGKDN2PaSh0nXISGR3iw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 87919b45bed791e7-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
expires: 0

POST
H3 200 87919b44fe7591e7
govipshuttles.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 660B 0
589 B 40ms
40ms XHR
text/plain 172.67.184.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://govipshuttles.com/cdn-cgi/challenge-platform/h/b/jsd/r/87919b44fe7591e7
Requested by: Host: govipshuttles.com
URL: https://govipshuttles.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.184.123 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 23 Apr 2024 23:24:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jtz3BmSEwxIt8986flub4e9xcgQLbaiNh9cztsgSXndGAJsXB8U7B9jMGePQd34XqAHx4r4wBy%2BWiYAMwqmjrBleGM5R%2BtLBGMWpMaYF43BVyASbYqoAjO%2FFOsS0PuuXOl986A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 87919b467f2a91e7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 403 Primary Request / Show response
govipshuttles.com/ 2 KB
1018 B 59ms
57ms Document
text/html 172.67.184.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03

Requested by

Host: govipshuttles.com
URL: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.184.123 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

094708d3b52c8df9f45b55445e0361961a34a06e3616f094c8b2299c464c0b15

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 87919b467f2d91e7-FRA
content-encoding: br
content-type: text/html
date: Tue, 23 Apr 2024 23:24:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UaIt%2BfHB%2FFeil2VY86kPB%2FBpNmzgJRknmVybKAB4CdoXrjz98AzVWEkCk%2FrESS6WbFsRc0cI0cK%2BSFSaxKIhqiEgNm5A2souMiOAJh2PzoWuJGHHlcvrft4mAH4YeTeSGqMCjA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET
H3 200 main.js Show response
govipshuttles.com/cdn-cgi/challenge-platform/scripts/jsd/ Frame 2957 8 KB
0 26ms
25ms Script
application/javascript 172.67.184.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://govipshuttles.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Requested by

Host: govipshuttles.com
URL: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03

Protocol

Server

172.67.184.123 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93d70198a15a457ba86bd2178b5c099cf40d949e7a7aca1ad040cc05c9ea6ef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 23:24:20 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vuXZn0ZlumvobMtOH4M1IA6cN7kqtKIFxl1QhTuzST7752hGPngWF5pwz1sQgGkU7BTZdL60TX17iJt6xpyBn6YnZNuv5%2Bdfjo8XfAVYQi1%2FeYx2AaxDDqfNjpt72UMSlFDjnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 87919b45eee391e7-FRA
alt-svc: h3=":443"; ma=86400

POST
H3 200 87919b467f2d91e7 Show response
govipshuttles.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 2957 0
590 B 38ms
37ms XHR
text/plain 172.67.184.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://govipshuttles.com/cdn-cgi/challenge-platform/h/b/jsd/r/87919b467f2d91e7
Requested by: Host: govipshuttles.com
URL: https://govipshuttles.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.184.123 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 23 Apr 2024 23:24:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ArdqU4Mh5vsM7yAMOudILHNrAyEkvHmzhENVkk8h0KfjsdRXC8GLnYaFTS6n6xIAnV%2B%2BSxVJZ%2BqrKBIzKSAuqKJLl2YBdPoyJENOxApVeOgc5tZHF0nKs%2F3iVxFhZiffAhMMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 87919b472fb791e7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 403 favicon.ico
govipshuttles.com/ 548 B
628 B 60ms
59ms Other
text/html 172.67.184.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://govipshuttles.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.184.123 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Tue, 23 Apr 2024 23:24:21 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrdRgPHmll3Bsfo4s3hwFAHoHfNYFf63mcFGrgqY5eNQ0NxDAmsij%2B2mLuEluFEWKGjQBrkK6btiOo0qQm%2B6mqnpWvAR8tORTk3wnvloNFamo9IV683AsgZh5DjhNz2CVYzukA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
cf-ray: 87919b472fb891e7-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
govipshuttles.com/	1970-01-20 20:06:41	Name: BRm3Z2qbAEvyVpEV4V72HoSGRVU Value: nz5O2gbBIg6_TBfJPOGelWhgrgQ
govipshuttles.com/	1970-01-20 20:06:41	Name: PBgxdiSyWyhVQdeeDuz5-uGB38k Value: 1713914658
govipshuttles.com/	1970-01-20 20:06:41	Name: yvQaF0Yi5oriPnol6oWTKul63ic Value: 1714001058
govipshuttles.com/	1970-01-20 20:06:41	Name: vj_WIjSxIy0wK0pL9VvzY9rooKE Value: Vhy_djJttCsOCIH5wDohc7UdjsU
govipshuttles.com/	1970-01-20 20:06:41	Name: sakDe7h03HoiNRg66cKWPLvB0EU Value: -berooHqDXa9LowX-d0yGojy9eE
govipshuttles.com/	1970-01-20 20:06:41	Name: q_4VsJstCx6lgW_E39dC8GXz_ig Value: n9l9RFWkAclkyyrhlL_LoKckowE
govipshuttles.com/	1970-01-20 20:06:41	Name: KP5nkWrXR4IK4XyitcK4aY5iA40 Value: 1713914660
govipshuttles.com/	1970-01-20 20:06:41	Name: 29P0svqxNhhJLm3SIBfLJFxFpOQ Value: 1714001060
govipshuttles.com/	1970-01-20 20:06:41	Name: PLTu904GcQej4HcQgX20stSdljU Value: wbHO3C0RolMzXvZFyQ0AskhHjqk
govipshuttles.com/	1970-01-20 20:06:41	Name: XaciFLvqFDal5YQDg6fNKzK9Zis Value: _fy5IFtYTRZzp-MeeZ75ptTALmA
govipshuttles.com/	1970-01-20 20:06:41	Name: MXvpn1ffb0b37Rdnra5-WnxRNVQ Value: hvxVVBBK2lITJljzFE4lGdWtdSQ
govipshuttles.com/	1970-01-20 20:06:41	Name: DQiwF4FpNl24aDsaiUiQy3Uuyug Value: 1713914657
govipshuttles.com/	1970-01-20 20:06:41	Name: gvTiF6uuRFxDwA0zfh3OExGAsfw Value: 1714001057
govipshuttles.com/	1970-01-20 20:06:41	Name: v6FwlqTQ_4JlGTdaebN5n6qAiTU Value: rxPbw91V8qpmlSVwgxnX_S9KXmw
.govipshuttles.com/	1970-01-21 04:50:50	Name: cf_clearance Value: B6jFkuoQmJG_08qoWb.dbRW4Gf8AP6Vb4Jt9OdspsAc-1713914660-1.0.1.1-ZU48Z_wfoa57oHAIFxxkWr_gGG2rAyWqXPaCX.FkOI_Y0u.bk7hVrc_dkVt68ZOJaRu3NtIChRxHZDb5Vi20Fg

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03 Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://govipshuttles.com/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://govipshuttles.com/?utm_source=newsletter&utm_medium=campaign&utm_campaign=april03 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://govipshuttles.com/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

govipshuttles.com
mwamlp.com
tersano.ch
172.67.136.186
172.67.184.123
52.23.188.146
094708d3b52c8df9f45b55445e0361961a34a06e3616f094c8b2299c464c0b15
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
93d70198a15a457ba86bd2178b5c099cf40d949e7a7aca1ad040cc05c9ea6ef5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ec4b3075dfc15d589e96984af5ff0a7bb5904980ed2c4b7b7b46482fef4675

govipshuttles.com Open in urlscan Pro 172.67.184.123 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

78 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

1 Countries

23 kBTransfer

31 kBSize

15 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

15 Cookies

4 Console Messages

Security Headers

Indicators

govipshuttles.com Open in urlscan Pro
172.67.184.123 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

78 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

1
Countries

23 kB
Transfer

31 kB
Size

15
Cookies

9 HTTP transactions
0 data transactions