thermuti.cf - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 104.21.31.237, located in and belongs to CLOUDFLARENET, US. The main domain is thermuti.cf.
TLS certificate: Issued by GTS CA 1P5 on January 4th 2024. Valid for: 3 months.

This is the only time thermuti.cf was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.20.138.65 104.20.138.65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.21.31.237 104.21.31.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.209.147 172.67.209.147	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2

1 104.20.138.65 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.21.31.237 (None, )

ASN13335 (CLOUDFLARENET, US)

thermuti.cf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.209.147 (United States)

ASN13335 (CLOUDFLARENET, US)

retuogrt.buzz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	thermuti.cf thermuti.cf	3 KB
2	retuogrt.buzz retuogrt.buzz	20 KB
1	tinyurl.com 1 redirects tinyurl.com — Cisco Umbrella Rank: 16850	813 B
5	3

	Domain	Requested by
3	thermuti.cf	thermuti.cf
2	retuogrt.buzz	thermuti.cf
1	tinyurl.com	1 redirects
5	3

This site contains links to these domains. Also see Links.

Domain
retuogrt.buzz

Subject Issuer	Validity	Valid
thermuti.cf GTS CA 1P5	`2024-01-04` - `2024-04-03`	3 months	crt.sh
retuogrt.buzz GTS CA 1P5	`2023-12-30` - `2024-03-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://thermuti.cf/dating/index.php?key=2601GOOD&MDSuEk0h&subid3=1600&subid4=1200
Frame ID: 1599636A0EB856534EB0F13EEBD5976F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WARNING this site is for adults only!

Page URL History Show full URLs

https://tinyurl.com/yt38ygl3 HTTP 301
https://thermuti.cf/dating/antibot1.php?key=2601GOOD&MDSuEk0h Page URL
https://thermuti.cf/dating/antibot2.php?key=2601GOOD&MDSuEk0h Page URL
https://thermuti.cf/dating/index.php?key=2601GOOD&MDSuEk0h&subid3=1600&subid4=1200 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

23 kB
Transfer

26 kB
Size

5
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://retuogrt.buzz/click_api/?_lp=1&_token=uuid_1b6nacc2utgq2_1b6nacc2utgq265b40c8a33c5e9.04415100
Title: ENTER!

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tinyurl.com/yt38ygl3 HTTP 301
https://thermuti.cf/dating/antibot1.php?key=2601GOOD&MDSuEk0h Page URL
https://thermuti.cf/dating/antibot2.php?key=2601GOOD&MDSuEk0h Page URL
https://thermuti.cf/dating/index.php?key=2601GOOD&MDSuEk0h&subid3=1600&subid4=1200 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://tinyurl.com/yt38ygl3 HTTP 301
https://thermuti.cf/dating/antibot1.php?key=2601GOOD&MDSuEk0h

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	antibot1.php thermuti.cf/dating/ Redirect Chain https://tinyurl.com/yt38ygl3 https://thermuti.cf/dating/antibot1.php?key=2601GOOD&MDSuEk0h	379 B 648 B	978ms 244ms	Document text/html	104.21.31.237 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://thermuti.cf/dating/antibot1.php?key=2601GOOD&MDSuEk0h Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.31.237 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 84bb45fb99e536c2-YYZ content-encoding br content-type text/html; charset=UTF-8 date Fri, 26 Jan 2024 19:48:25 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Sx26k5wRAzXjKp35zlaNg0%2FOomXXtekWTTy%2BwE%2BelTG%2FxE1iDyPOy6GLzUynZvAKxFR8SBhaF5dkHpkZWNti%2FW%2F0LvMQ1dWq0mkibbWyacejbE9L8znFV5XuG0DjA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400 cache-control max-age=0, must-revalidate, no-cache, no-store, private cf-cache-status EXPIRED cf-ray 84bb45f618ac36d4-YYZ content-type text/html; charset=UTF-8 date Fri, 26 Jan 2024 19:48:24 GMT location https://thermuti.cf/dating/antibot1.php?key=2601GOOD&MDSuEk0h referrer-policy unsafe-url server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary Accept-Encoding x-content-type-options nosniff x-robots-tag noindex x-tinyurl-redirect eyJpdiI6Im1nd0djYlNjMjRNWlFQUW1GcFBxQ1E9PSIsInZhbHVlIjoiZ0ZROGxNdytpWEcxa29UTjVaQ0sxbTBoWElrMnFoU01yMzR2cForQlJmdmk5VXFQYk1GV0c2NTNTZFI1ZmVMUCIsIm1hYyI6IjM2YmQxYWM0Y2YxODRjMWRkYzdiYmZmMDgxOGI2NWJjODcwN2RhZDQ1M2VmZmRjOTE0OGRiZTU4NDA3MDg3NWMiLCJ0YWciOiIifQ== x-tinyurl-redirect-type redirect x-xss-protection 1; mode=block
GET H2	200	antibot2.php thermuti.cf/dating/	849 B 681 B	126ms 125ms	Document text/html	104.21.31.237 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://thermuti.cf/dating/antibot2.php?key=2601GOOD&MDSuEk0h Requested by Host: thermuti.cf URL: https://thermuti.cf/dating/antibot1.php?key=2601GOOD&MDSuEk0h Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.31.237 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://thermuti.cf/dating/antibot1.php?key=2601GOOD&MDSuEk0h Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 84bb45fd4d1836c2-YYZ content-encoding br content-type text/html; charset=UTF-8 date Fri, 26 Jan 2024 19:48:25 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQxEywKP6QOZp2wJXt0ifkV3D9lQX7SiuDN7CiH6esV7PhNHTbW6eRDdCMeN2kmUjaGr64LSx6K3RSz7vnue4XutjHSuUwNqYh%2FOs7z2zo4BUr0kQ1ZUpcCyJWtn6Q%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	Primary Request index.php Show response thermuti.cf/dating/	2 KB 2 KB	347ms 347ms	Document text/html	104.21.31.237 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://thermuti.cf/dating/index.php?key=2601GOOD&MDSuEk0h&subid3=1600&subid4=1200 Requested by Host: thermuti.cf URL: https://thermuti.cf/dating/antibot2.php?key=2601GOOD&MDSuEk0h Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.31.237 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5652b93e2be981200164351ecda1eb5e6a4d381c8e28d10a72ff4ca62c73fe38` Request headers Referer https://thermuti.cf/dating/antibot2.php?key=2601GOOD&MDSuEk0h Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 84bb45fe3819a244-YYZ content-encoding br content-type text/html; charset=UTF-8 date Fri, 26 Jan 2024 19:48:26 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2ChnA1a9It6hmfXVBi0oOhT0UYWaJf8HNU31pJp01XrgIzv1IdKvIzp0EHaGWLynq19cvgb%2FMwc6xDiN6HVBaL0YSd%2FZ8sT%2FCy2yPucnuZApAiSvpb3ezAhw2iZTg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	style.css retuogrt.buzz/lander/18plus/	5 KB 1 KB	82ms 32ms	Stylesheet text/css	172.67.209.147 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://retuogrt.buzz/lander/18plus/style.css Requested by Host: thermuti.cf URL: https://thermuti.cf/dating/index.php?key=2601GOOD&MDSuEk0h&subid3=1600&subid4=1200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.147 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fe0a365c65a52805e8a6e8120fbaa6b23dc254ce4065efecbbaec2673197c635` Request headers accept-language en-CA,en;q=0.9 Referer https://thermuti.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Fri, 26 Jan 2024 19:48:26 GMT content-encoding gzip cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 384647 alt-svc h3=":443"; ma=86400 last-modified Fri, 07 Apr 2023 17:01:18 GMT server cloudflare etag W/"64304c5e-1262" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qsGUko8G9E1jwJNrz4EGKwIG093vCSqQd7NcvT6ITM0ySWXtjD25J5niSWPUc334lleFFnNrfpKgktuNRp6e8E0gw7lClftAr6WLKTUoDo1p8183dsvyTsWUKMyx%2B2jl"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * cache-control max-age=864000 cf-ray 84bb4600b93a3987-YYZ expires Thu, 01 Feb 2024 08:57:39 GMT
GET H2	200	3.png retuogrt.buzz/lander/18plus/i/	18 KB 18 KB	82ms 33ms	Image image/png	172.67.209.147 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://retuogrt.buzz/lander/18plus/i/3.png Requested by Host: thermuti.cf URL: https://thermuti.cf/dating/index.php?key=2601GOOD&MDSuEk0h&subid3=1600&subid4=1200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.147 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `68b1dd768586aaeaff37127c5aea25f95b1cf86cf56a20410e526d7fb8dc7875` Request headers accept-language en-CA,en;q=0.9 Referer https://thermuti.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Fri, 26 Jan 2024 19:48:26 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 384647 alt-svc h3=":443"; ma=86400 content-length 18564 last-modified Fri, 07 Apr 2023 17:01:18 GMT server cloudflare etag "64304c5e-4884" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IJ9ZW826e7z%2Bc3sKK5%2FirJjdVqMydOkkdBU%2FIZYGSq%2B9G0O5wIO7eI8ImyXD9fP6Kg7oRXnjCTwDPCNYkJuhWdHav9FyOiQt0irdsR9GRgae5W%2FgH5nk4N26rkHWOMuT"}],"group":"cf-nel","max_age":604800} content-type image/png access-control-allow-origin * cache-control max-age=864000 accept-ranges bytes cf-ray 84bb4600b93b3987-YYZ expires Thu, 01 Feb 2024 08:57:39 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tinyurl.com/	1970-01-20 17:58:20	Name: __cf_bm Value: DfZ8hIFw6Lva8WCwSKiMLI_iHMI1EqgXMvsbQmXLmd4-1706298504-1-AavNsCxjRa7UVMM9I173GmAu2ihsG+jYUF7KLln259bPMGi1LK7PJJonxR+FIKEureDVHOkA99rHExBRcNwglP4=
thermuti.cf/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9gcobodrv7je5kle1igcf3o2ng
.thermuti.cf/	1970-01-20 17:59:44	Name: _subid Value: 1b6nacc2utgq2
.thermuti.cf/	1970-01-20 17:59:44	Name: 5533f Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM1OVwiOjE3MDYyOTg1MDZ9LFwiY2FtcGFpZ25zXCI6e1wiNDZcIjoxNzA2Mjk4NTA2fSxcInRpbWVcIjoxNzA2Mjk4NTA2fSJ9.gYeXnxX7ccEjGuCKEZn8me_dF2ISD-AuRz9dRAr8zpU
.thermuti.cf/	1970-01-20 17:59:44	Name: _token Value: uuid_1b6nacc2utgq2_1b6nacc2utgq265b40c8a33c5e9.04415100

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

retuogrt.buzz
thermuti.cf
tinyurl.com
104.20.138.65
104.21.31.237
172.67.209.147
5652b93e2be981200164351ecda1eb5e6a4d381c8e28d10a72ff4ca62c73fe38
68b1dd768586aaeaff37127c5aea25f95b1cf86cf56a20410e526d7fb8dc7875
fe0a365c65a52805e8a6e8120fbaa6b23dc254ce4065efecbbaec2673197c635

thermuti.cf Open in urlscan Pro 104.21.31.237 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

23 kBTransfer

26 kBSize

5 Cookies

1 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

5 Cookies

Indicators

thermuti.cf Open in urlscan Pro
104.21.31.237 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

23 kB
Transfer

26 kB
Size

5
Cookies

5 HTTP transactions
0 data transactions