517s61.reminews.com Open in urlscan Pro
213.174.135.2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://delivery.taroads.com/redirect?id=199999
Effective URL:
https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1831963&ymid=2110292241086010f7f1e5402a886c249886&rc=1...
Submission: On October 30 via manual (October 30th 2021, 3:41:24 am UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 213.174.135.2, located in Ashburn, United States and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is 517s61.reminews.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 22nd 2021. Valid for: a year.

This is the only time 517s61.reminews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	2606:4700:303... 2606:4700:3034::ac43:8011	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	109.206.162.83 109.206.162.83	50245 (SERVEREL-AS) (SERVEREL-AS)
1	213.174.135.2 213.174.135.2	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	213.174.135.1 213.174.135.1	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
9	3

2 2606:4700:3034::ac43:8011 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

delivery.taroads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.206.162.83 (Netherlands) 1 redirects

ASN50245 (SERVEREL-AS, NL)
PTR: 83.162.serverel.net

hadesleta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.174.135.2 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

517s61.reminews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.174.135.1 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

123.selornews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	selornews.com 123.selornews.com	13 KB
2	taroads.com 2 redirects delivery.taroads.com	1 KB
1	reminews.com 517s61.reminews.com	7 KB
1	hadesleta.com 1 redirects hadesleta.com	563 B
9	4

	Domain	Requested by
2	123.selornews.com	517s61.reminews.com
2	delivery.taroads.com	2 redirects
1	517s61.reminews.com
1	hadesleta.com	1 redirects
9	4

This site contains no links.

Subject Issuer	Validity	Valid
*.reminews.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-22` - `2022-11-21`	a year	crt.sh
*.selornews.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-18` - `2022-02-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1831963&ymid=2110292241086010f7f1e5402a886c249886&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true
Frame ID: 8DA72BA71E0CE875CF617C20468F3A76
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://delivery.taroads.com/redirect?id=199999 HTTP 301
https://delivery.taroads.com/redirect?id=199999 HTTP 302
https://hadesleta.com/1831963/ HTTP 302
https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1831963&ymid=2110292241086010f7f1e... Page URL

Page Statistics

9
Requests

33 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

20 kB
Transfer

18 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://delivery.taroads.com/redirect?id=199999 HTTP 301
https://delivery.taroads.com/redirect?id=199999 HTTP 302
https://hadesleta.com/1831963/ HTTP 302
https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1831963&ymid=2110292241086010f7f1e5402a886c249886&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response 517s61.reminews.com/dannig/common-player-arrow/ Redirect Chain http://delivery.taroads.com/redirect?id=199999 https://delivery.taroads.com/redirect?id=199999 https://hadesleta.com/1831963/ https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1831963&ymid=2110292241086010f7f1e5402a886c249886&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true	6 KB 7 KB	36ms 7ms	Document text/html	213.174.135.2 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1831963&ymid=2110292241086010f7f1e5402a886c249886&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.18.0 / Resource Hash `dccc56b4834577790633f041a5c730b0f283352e63c8509a9da3961b170b6f96` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Sat, 30 Oct 2021 03:41:20 GMT content-type text/html; charset=utf-8 content-length 6611 server nginx/1.18.0 last-modified Tue, 26 Oct 2021 15:52:40 GMT etag f46a63e0e4e733d7ddc6f46da00863bf x-timestamp 1635263559.76455 x-trans-id tx95e2a7ba7c464270ba905-00617824f2 x-openstack-request-id tx95e2a7ba7c464270ba905-00617824f2 cache-control max-age=172800 access-control-allow-origin * access-control-allow-methods HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS access-control-allow-headers Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization access-control-expose-headers X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp expires Mon, 01 Nov 2021 03:41:20 GMT vary Accept-Encoding x-proxy-cache HIT accept-ranges bytes Redirect headers server nginx date Sat, 30 Oct 2021 03:41:20 GMT content-type text/html; charset=utf-8 content-length 249 location https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1831963&ymid=2110292241086010f7f1e5402a886c249886&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true timing-allow-origin *
GET H2	200	script.js Show response 123.selornews.com/dannig/common-player-arrow/	4 KB 5 KB	61ms 16ms	Script application/javascript	213.174.135.1 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://123.selornews.com/dannig/common-player-arrow/script.js?a=19 Requested by Host: 517s61.reminews.com URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1831963&ymid=2110292241086010f7f1e5402a886c249886&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.18.0 / Resource Hash `4d23eca65ee87fd5bce9aaefc863c5f836ad13dbb3069c72533bddfe2054d0d9` Request headers Accept-Language de-DE,de;q=0.9 Referer https://517s61.reminews.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sat, 30 Oct 2021 03:41:20 GMT x-openstack-request-id txdfe140e023434246a85d1-00617824f1 x-trans-id txdfe140e023434246a85d1-00617824f1 x-timestamp 1631013005.68768 accept-ranges bytes expires Mon, 01 Nov 2021 03:41:20 GMT last-modified Tue, 07 Sep 2021 11:10:06 GMT server nginx/1.18.0 etag 9d479878f1dadd7ee15cebf73891e8ae vary Accept-Encoding access-control-allow-methods HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp cache-control max-age=172800 content-length 4281 access-control-allow-headers Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization x-proxy-cache HIT
GET H2	200	icon1.png 123.selornews.com/dannig/common-player-arrow/img/	7 KB 8 KB	62ms 18ms	Image image/png	213.174.135.1 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://123.selornews.com/dannig/common-player-arrow/img/icon1.png Requested by Host: 517s61.reminews.com URL: https://517s61.reminews.com/dannig/common-player-arrow/index.html?var=1831963&ymid=2110292241086010f7f1e5402a886c249886&rc=1&mrc=0&fsc=0&zoneid=1601571&tburl=https://play-vids.com/?geo=de&proxy=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.18.0 / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://517s61.reminews.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sat, 30 Oct 2021 03:41:20 GMT x-openstack-request-id tx0b662d3b54ec43759731d-00617824f6 x-trans-id tx0b662d3b54ec43759731d-00617824f6 x-timestamp 1621260766.56573 accept-ranges bytes expires Mon, 01 Nov 2021 03:41:20 GMT last-modified Mon, 17 May 2021 14:12:47 GMT server nginx/1.18.0 etag 3d0ab5834c8bf7134e4d21fa3288317f vary Accept-Encoding access-control-allow-methods HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS content-type image/png access-control-allow-origin * access-control-expose-headers X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp cache-control max-age=172800 content-length 7252 access-control-allow-headers Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization x-proxy-cache HIT
GET		icon2.png 123.selornews.com/dannig/common-player-arrow/img/	0 0

GET		icon3.png 123.selornews.com/dannig/common-player-arrow/img/	0 0

GET		icon4.png 123.selornews.com/dannig/common-player-arrow/img/	0 0

GET		icon5.png 123.selornews.com/dannig/common-player-arrow/img/	0 0

GET		icon7.png 123.selornews.com/dannig/common-player-arrow/img/	0 0

GET		icon8.png 123.selornews.com/dannig/common-player-arrow/img/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 123.selornews.com
URL: https://123.selornews.com/dannig/common-player-arrow/img/icon2.png

Domain: 123.selornews.com
URL: https://123.selornews.com/dannig/common-player-arrow/img/icon3.png

Domain: 123.selornews.com
URL: https://123.selornews.com/dannig/common-player-arrow/img/icon4.png

Domain: 123.selornews.com
URL: https://123.selornews.com/dannig/common-player-arrow/img/icon5.png

Domain: 123.selornews.com
URL: https://123.selornews.com/dannig/common-player-arrow/img/icon7.png

Domain: 123.selornews.com
URL: https://123.selornews.com/dannig/common-player-arrow/img/icon8.png

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
delivery.taroads.com/	1970-01-19 22:19:46	Name: ___tasd Value: e5,
hadesleta.com/	1970-01-20 07:05:01	Name: UID Value: 2110292241a7140a1f41b342268ceb1b6e7c
hadesleta.com/	1970-01-19 22:20:51	Name: OXCCLK Value: ABPemAAAAAAAAAAB
hadesleta.com/	1970-01-19 22:20:51	Name: OXPCLK Value: AAHg4AAAAAAAAAAB
hadesleta.com/	1970-01-19 22:20:51	Name: ppucnt Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

123.selornews.com
517s61.reminews.com
delivery.taroads.com
hadesleta.com
123.selornews.com
109.206.162.83
213.174.135.1
213.174.135.2
2606:4700:3034::ac43:8011
4d23eca65ee87fd5bce9aaefc863c5f836ad13dbb3069c72533bddfe2054d0d9
dccc56b4834577790633f041a5c730b0f283352e63c8509a9da3961b170b6f96

517s61.reminews.com Open in urlscan Pro 213.174.135.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

9 Requests

33 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

20 kBTransfer

18 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

5 Cookies

Indicators

517s61.reminews.com Open in urlscan Pro
213.174.135.2 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

33 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

20 kB
Transfer

18 kB
Size

5
Cookies

9 HTTP transactions
0 data transactions