hexrom.com Open in urlscan Pro
2606:4700:20::681a:267 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hexrom.com/halo-2/download/
Submission Tags: falconsandbox
Submission: On March 16 via api (March 16th 2023, 4:05:15 pm UTC) from US — Scanned from DE

Summary HTTP 23 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 10 domains to perform 23 HTTP transactions. The main IP is 2606:4700:20::681a:267, located in United States and belongs to CLOUDFLARENET, US. The main domain is hexrom.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 26th 2023. Valid for: a year.

This is the only time hexrom.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	2606:4700:20:... 2606:4700:20::681a:267	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	173.233.137.52 173.233.137.52	7979 (SERVERS-COM) (SERVERS-COM)
1	23.109.248.145 23.109.248.145	7979 (SERVERS-COM) (SERVERS-COM)
2	2600:9000:205... 2600:9000:2057:2e00:f:9fb4:2380:21	16509 (AMAZON-02) (AMAZON-02)
2	172.64.173.27 172.64.173.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	216.137.45.11 216.137.45.11	16509 (AMAZON-02) (AMAZON-02)
2	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4 6	2a00:1450:400... 2a00:1450:4001:829::200d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
23	11

8 2606:4700:20::681a:267 (United States)

ASN13335 (CLOUDFLARENET, US)

hexrom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.233.137.52 (United States)

ASN7979 (SERVERS-COM, US)

triumphantadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.248.145 (Netherlands)

ASN7979 (SERVERS-COM, US)

kerattogeist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:2e00:f:9fb4:2380:21 (United States)

ASN16509 (AMAZON-02, US)

dq06u9lt5akr2.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.173.27 (United States)

ASN13335 (CLOUDFLARENET, US)

pogothere.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.137.45.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-216-137-45-11.atl56.r.cloudfront.net

ydenknowled.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

denansgdfierc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::200d (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	hexrom.com hexrom.com	60 KB
6	google.com 4 redirects accounts.google.com — Cisco Umbrella Rank: 73	3 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25	20 KB
2	denansgdfierc.com denansgdfierc.com	813 B
2	ydenknowled.com ydenknowled.com	2 KB
2	pogothere.xyz pogothere.xyz — Cisco Umbrella Rank: 27761	101 KB
2	cloudfront.net dq06u9lt5akr2.cloudfront.net	48 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 108
1	kerattogeist.com kerattogeist.com
1	triumphantadvantage.com triumphantadvantage.com
23	10

	Domain	Requested by
8	hexrom.com	hexrom.com
6	accounts.google.com	4 redirects hexrom.com
2	www.google-analytics.com	hexrom.com www.google-analytics.com
2	denansgdfierc.com	hexrom.com
2	ydenknowled.com	dq06u9lt5akr2.cloudfront.net
2	pogothere.xyz	dq06u9lt5akr2.cloudfront.net
2	dq06u9lt5akr2.cloudfront.net	hexrom.com ydenknowled.com
1	www.facebook.com	hexrom.com
1	kerattogeist.com	hexrom.com
1	triumphantadvantage.com	hexrom.com
23	10

This site contains links to these domains. Also see Links.

Domain
dl2.hexrom.com
www.facebook.com
www.youtube.com
t.me
www.pinterest.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-26`	a year	crt.sh
triumphantadvantage.com R3	`2023-03-10` - `2023-06-08`	3 months	crt.sh
kerattogeist.com R3	`2023-02-14` - `2023-05-15`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
ydenknowled.com Amazon RSA 2048 M02	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-24`	2 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://hexrom.com/halo-2/download/
Frame ID: A179CA63682F26B28DF6E1DD42A55C5D
Requests: 26 HTTP requests in this frame

Frame: https://ydenknowled.com/b1dqTVYONQkgaQ5qCGsjHTtXaGQpclgLMh5nXDhvAyNfLD0dZUQuOgAiDiskADkeYzgKI09/EFYFBx9gNTsNIRUXBisXLCYZIiEiBzM8NRs5EAYqEgg8IAM8NQ0tNG4LGQ0iAzplUiUaKi88LAEuBisMHAMzAQQBLS0zJQE5IC4DPzkNOX0XWh4NFx46OV40EC0CJBcCJg8iOmZaGigADC4DMCoTPSMIAwUEMi86OV8dWgsfJhBbIgApbj8sEVsDLzoxVxw4ABw+ZRp/FQhiLiw4NQE5Jj4ADlsuYj5lGn8TFxojLzglFTkeBFYzLBwVOhASOwc6egIaGTsOPwsxIiEjOg89ExM1PDk9Ehk3XBEhHgAtbg4LBDwTPgwvLAUwCTcIASgeEDZnJjpuCQZYPWQuL1ILGxY7JBVnPTggHCEmFD4YPD4CDSo3NzM8GxA1ZQl8ECIBMhchOhFTGDcrAiwFFwwmJn0QJh4tfGc6ZjgbNAIWOB9nDHEAPjkBJ1csHyonBCNjWDAie2Ve
Frame ID: F0BE41A93D5C2FF3B37AE69E85202F32
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Halo 2 Microsoft Xbox, ROM Download (USA)

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

23
Requests

91 %
HTTPS

50 %
IPv6

10
Domains

10
Subdomains

11
IPs

3
Countries

232 kB
Transfer

410 kB
Size

6
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://dl2.hexrom.com/rom/Halo-202-20-5B-21-5D_microsoft-xbox_hexrom_com.7z.zip
Title: Download Halo 2

Search URL Search Domain Scan URL

URL: https://www.facebook.com/hexrom.download.roms

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCM2Zpkf1DYQ9ZSKPtPM_xgA

Search URL Search Domain Scan URL

URL: https://t.me/Hexrom_Com

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/hexrominfo/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AWnogHel_SzrVk-msB9Z50Xr59HLiqZl28g7OOPmOuHH6XYPUR5hXFS5o_r_BFSKTkcjcua69ifvhQ HTTP 302
https://accounts.google.com/v3/signin/identifier?dsh=S1477441503%3A1678982704482032&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AWnogHef5YXCv5DWucEFddL5l1Au4SWWjdrTEUQsbIV9MHPwVr2VNOHogq3YxXAM3Fe23Yh8m_VfJw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin

Request Chain 17

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AWnogHf8hGBPHKxpNmp_zC-eBXWaYSP_EtnYl1Z76VSui8PQnZ5Z172acGYFGbdowrdPn5vo-pm5FQ HTTP 302
https://accounts.google.com/v3/signin/identifier?dsh=S420029967%3A1678982704519434&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AWnogHdmOhhq-ycWUBp-WVMlwYJ797SWsuAqiLIdtwEJFbzAg5w1vdezGUPJ9DSeL6fYGXJIS8JSHw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin

23 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
hexrom.com/halo-2/download/ 33 KB
11 KB 319ms
266ms Document
text/html 2606:4700:20::681a:267
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
pogothere.xyz/	1970-01-20 19:01:26	Name: csu Value: 720672758048872@1@1678982704
.hexrom.com/	1970-01-20 19:59:02	Name: _ga Value: GA1.2.1535486160.1678982704
.hexrom.com/	1970-01-20 10:24:29	Name: _gid Value: GA1.2.99583995.1678982704
.hexrom.com/	1970-01-20 10:23:02	Name: _gat Value: 1
kerattogeist.com/	1970-01-20 10:24:29	Name: GL_UI4 Value: eJw9TVlugzAUhJilUQrqSBwgR8ARVMln1UP0E3l5EDdgR8YN6u1rVWrnZ0azaJIk2TU10kfBwL5Ej2PbndWousspgkR7HmXL%2B4uS3auQ%2FUkp7M06BCFnChmeJ7LkjRqU01ThJUZ%2Fzs26zWbIpRdWV8iX2JgrlNK7bSXfMGRWLITi%2Fepd5HwRn86Dcc6jNjbqtMXOrQ2r9yg%2FjNVxWB%2Bw421dFQkO91mE0fllMLpIkU9eaEL6hiclAk3Of6PUtN6CuwNu1sN%2F%2F%2FeXbbxFoelhVDx34Ur%2BB7aESuI%3D
kerattogeist.com/	1970-01-20 10:24:29	Name: GL_GI10 Value: eJxljE1qwzAUhB25cWNaEgZyAF8gBtU17TZtnGbTVQ8ghPMcRLGekJQQ9%2FTND5RAd8M3802SJGI%2BhTAOM%2Flal0%2ByKmVdl7J6Rrojhlg1eGx5b6MflNU94f6DfK%2FtgMzTzrCF2DR4uGbV8pYwXjWLG3axxhsKgXDXmjgAa6%2Ftd7f3sdB98amNRX4urvr8pP8fpCY4oJLypSq%2ByB9MS6FYviG3FFVwRFvk7%2Bwdex0J0z96%2BcxSTExQzvNxyEaYRdPTD1tS3HWB4gmNDpn4BeBuT8k%3D

Source	Level	URL Text
network	error	URL: https://accounts.google.com/v3/signin/identifier?dsh=S1477441503%3A1678982704482032&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AWnogHef5YXCv5DWucEFddL5l1Au4SWWjdrTEUQsbIV9MHPwVr2VNOHogq3YxXAM3Fe23Yh8m_VfJw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://accounts.google.com/v3/signin/identifier?dsh=S420029967%3A1678982704519434&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AWnogHdmOhhq-ycWUBp-WVMlwYJ797SWsuAqiLIdtwEJFbzAg5w1vdezGUPJ9DSeL6fYGXJIS8JSHw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://triumphantadvantage.com/b624d9539dce8efd45d92d75bb17c4d0/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

hexrom.com Open in urlscan Pro 2606:4700:20::681a:267 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

23 Requests

91 %HTTPS

50 %IPv6

10 Domains

10 Subdomains

11 IPs

3 Countries

232 kBTransfer

410 kBSize

6 Cookies

5 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

hexrom.com Open in urlscan Pro
2606:4700:20::681a:267 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

91 %
HTTPS

50 %
IPv6

10
Domains

10
Subdomains

11
IPs

3
Countries

232 kB
Transfer

410 kB
Size

6
Cookies

23 HTTP transactions
5 data transactions