urlscan.io logo urlscan.io
SecurityTrails logo

seltifans.xyz Open in urlscan Pro
104.21.91.95  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://linkmajonk.page.link/NdgdPGkddWZMTgKp6
Effective URL: https://seltifans.xyz/go-land/59/1079
Submission: On October 23 via manual from AU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 7 domains to perform 5 HTTP transactions. The main IP is 104.21.91.95, located in United States and belongs to CLOUDFLARENET, US. The main domain is seltifans.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 7th 2021. Valid for: a year.
This is the only time seltifans.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 142.250.185.142 15169 (GOOGLE)
1 92.53.68.202 49505 (SELECTEL)
1 172.67.161.251 13335 (CLOUDFLAR...)
1 1 95.216.64.168 24940 (HETZNER-AS)
1 104.21.91.95 13335 (CLOUDFLAR...)
1 157.240.20.19 32934 (FACEBOOK)
5 5
1    142.250.185.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f14.1e100.net
linkmajonk.page.link
1    92.53.68.202 (Russian Federation)

ASN49505 (SELECTEL, RU)
515720.selcdn.ru
1    172.67.161.251 (United States)

ASN13335 (CLOUDFLARENET, US)
abucoins.com
1    95.216.64.168 (Finland)

ASN24940 (HETZNER-AS, DE)
PTR: s1.offerhost.ru
push-finance.online
1    104.21.91.95 (United States)

ASN13335 (CLOUDFLARENET, US)
seltifans.xyz
1    157.240.20.19 (United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net
connect.facebook.net
Domain Requested by
1 connect.facebook.net seltifans.xyz
1 seltifans.xyz 515720.selcdn.ru
1 push-finance.online 1 redirects
1 abucoins.com 515720.selcdn.ru
1 515720.selcdn.ru
1 linkmajonk.page.link 1 redirects
0 bucentaur.xyz Failed seltifans.xyz
5 7

This site contains no links.

Subject Issuer Validity Valid
*.selcdn.ru
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2020-11-26 -
2021-12-27		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-28 -
2022-06-27		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-08-02 -
2021-10-31		 3 months crt.sh

This page contains 1 frames:

Frame: https://bucentaur.xyz/go-offer/59/1079
Frame ID: 021B6543E24D598CF3BCCA91DAA88735
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://linkmajonk.page.link/NdgdPGkddWZMTgKp6 HTTP 302
    https://515720.selcdn.ru/firebasegoogle/redikmailrutreker.html Page URL
  2. https://push-finance.online/mailru HTTP 302
    https://seltifans.xyz/go-land/59/1079 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

5
Requests

80 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

5
IPs

3
Countries

146 kB
Transfer

216 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://linkmajonk.page.link/NdgdPGkddWZMTgKp6 HTTP 302
    https://515720.selcdn.ru/firebasegoogle/redikmailrutreker.html Page URL
  2. https://push-finance.online/mailru HTTP 302
    https://seltifans.xyz/go-land/59/1079 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://linkmajonk.page.link/NdgdPGkddWZMTgKp6 HTTP 302
  • https://515720.selcdn.ru/firebasegoogle/redikmailrutreker.html

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redikmailrutreker.html
515720.selcdn.ru/firebasegoogle/
Redirect Chain
  • https://linkmajonk.page.link/NdgdPGkddWZMTgKp6
  • https://515720.selcdn.ru/firebasegoogle/redikmailrutreker.html
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://515720.selcdn.ru/firebasegoogle/redikmailrutreker.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
92.53.68.202 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
/
Resource Hash
93fe9b585ddd54fa5ab93868f725845b9af28301977ef5194f7c181609f9f767

Request headers

:method
GET
:authority
515720.selcdn.ru
:scheme
https
:path
/firebasegoogle/redikmailrutreker.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges
content-length
1111
content-type
text/html
etag
"ea93d7d181a77d664349f64e19fdcf0b"
last-modified
Fri, 22 Oct 2021 06:54:56 GMT
x-timestamp
1634885695.81213
x-trans-id
16b047e0db11f9a6
date
Sat, 23 Oct 2021 22:26:19 GMT
age
1042

Redirect headers

content-type
application/binary
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sat, 23 Oct 2021 22:43:41 GMT
location
https://515720.selcdn.ru/firebasegoogle/redikmailrutreker.html
content-security-policy
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport script-src 'report-sample' 'nonce-tfUxCcsf6x6vl4b9hkDIog' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' script-src 'nonce-tfUxCcsf6x6vl4b9hkDIog' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport
cross-origin-resource-policy
same-site
cross-origin-opener-policy
unsafe-none
server
ESF
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
pre-loading.gif
abucoins.com/img/trade/ 		115 KB
116 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://abucoins.com/img/trade/pre-loading.gif
Requested by
Host: 515720.selcdn.ru
URL: https://515720.selcdn.ru/firebasegoogle/redikmailrutreker.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.161.251 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4659a7ed772eca6506d57d46aa4ebc2673f5376d274f8aab9382b87ec4b7f01d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://515720.selcdn.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 23 Oct 2021 22:43:41 GMT
cf-cache-status
MISS
last-modified
Mon, 07 Aug 2017 08:47:44 GMT
server
cloudflare
etag
"59882930-1cc0e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3T8ObhHAeqoUaxBP8CJEf9VGG5VXjmH3ald9tZS7bvmNP4Bgsz%2BNq%2BTm22MwPyrG2D6k4Pn2WAiukjedVPJyjwzYPX9f6WHmZiJdcxBNqnzZrIkBWO6dq8QoNmp7H4U%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6a2e7c584b1b411a-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
117774
Primary Request 1079
seltifans.xyz/go-land/59/
Redirect Chain
  • https://push-finance.online/mailru
  • https://seltifans.xyz/go-land/59/1079
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://seltifans.xyz/go-land/59/1079
Requested by
Host: 515720.selcdn.ru
URL: https://515720.selcdn.ru/firebasegoogle/redikmailrutreker.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.91.95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.21
Resource Hash
43afc553005c409e5e833098404a5af2d4b730b78e13d92bc577de2723d62662

Request headers

:method
GET
:authority
seltifans.xyz
:scheme
https
:path
/go-land/59/1079
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://515720.selcdn.ru/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://515720.selcdn.ru/firebasegoogle/redikmailrutreker.html

Response headers

date
Sat, 23 Oct 2021 22:43:43 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.21
cache-control
private, must-revalidate
pragma
no-cache
expires
-1
set-cookie
XSRF-TOKEN=eyJpdiI6Im5CRncwV0tsZkQ3RFZFYWtMQTdoU0E9PSIsInZhbHVlIjoiQ0t0Uys0MWhJWnN4MDBScVwvOHJvUkFcLzNCZXNyQVFxZkJjRE9xTGMyUHVaMllXRVBpZVprV2NzbXdBcXVCZ290IiwibWFjIjoiNjk0Zjg3MThkNjJhMGUwMjRmMzBlM2E3N2RmODkzM2NkODI3YTg2MTA0MTU0NDM1YWNhMGFiYzA3OGE5NThiZiJ9; expires=Sun, 24-Oct-2021 00:43:43 GMT; Max-Age=7200; path=/ bendercash_session=eyJpdiI6ImJvZXdhQVBHU3lhRGYxVnd1K2p3ckE9PSIsInZhbHVlIjoiQnNTS2FVd3phOWhpaWY3YXRCb0o2YnBPVXZibEMrQm5mOThCVEVNOVdyajFPajl6alBvT2Rqb1JZOWY5WVZuRiIsIm1hYyI6IjFmNDQ3MGZiN2IyOWRlNTgyOTE4YWI1ODU5Y2IyMDFjNzA3ZjUzMDNkZmUxN2ZlMzJlNDQ0MDQ3OGJiYzFkYmUifQ%3D%3D; expires=Sun, 24-Oct-2021 00:43:43 GMT; Max-Age=7200; path=/; httponly
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TO1tmg8yX4m8e7ZyarQP9ufJKPq0mZGSFIzCoWfHq9A6Oe3iBcem43fvZIEf5ZGE6FkAWJTc4KtCxEOx9mPEjdgTrJPCG0x7Ncx6YBjLOgxdkAREDRnk7mu47fuS4Dkh"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6a2e7c628b0bf9d6-PRG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Server
nginx/1.20.1
Date
Sat, 23 Oct 2021 22:43:43 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
X-Powered-By
PHP/7.4.22
Access-Control-Allow-Origin
*
Set-Cookie
qwerty_mailru=0; expires=Sun, 24-Oct-2021 22:43:42 GMT; Max-Age=86400; path=/
Location
https://seltifans.xyz/go-land/59/1079
Strict-Transport-Security
max-age=31536000;
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: seltifans.xyz
URL: https://seltifans.xyz/go-land/59/1079
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.20.19 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-frt3.fbcdn.net
Software
/
Resource Hash
4b5e988359c30afd1d84b7a5118296f1fc33f4527d530b096ca27aa7fbfef99a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seltifans.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
25969
x-xss-protection
0
pragma
public
x-fb-debug
pFbPlO25IeCMIooml1OdRT0nPRb2N2M57sqS5CuXjr6kdy/FUO9QpUlL/1YInyjessgDqf8MgbfO/ZDkrLncfQ==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sat, 23 Oct 2021 22:43:43 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
1079
bucentaur.xyz/go-offer/59/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bucentaur.xyz
URL
https://bucentaur.xyz/go-offer/59/1079

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| fbq function| _fbq function| pageRedirect

3 Cookies

Domain/Path Name / Value
push-finance.online/ Name: qwerty_mailru
Value: 0
seltifans.xyz/ Name: XSRF-TOKEN
Value: eyJpdiI6Im5CRncwV0tsZkQ3RFZFYWtMQTdoU0E9PSIsInZhbHVlIjoiQ0t0Uys0MWhJWnN4MDBScVwvOHJvUkFcLzNCZXNyQVFxZkJjRE9xTGMyUHVaMllXRVBpZVprV2NzbXdBcXVCZ290IiwibWFjIjoiNjk0Zjg3MThkNjJhMGUwMjRmMzBlM2E3N2RmODkzM2NkODI3YTg2MTA0MTU0NDM1YWNhMGFiYzA3OGE5NThiZiJ9
seltifans.xyz/ Name: bendercash_session
Value: eyJpdiI6ImJvZXdhQVBHU3lhRGYxVnd1K2p3ckE9PSIsInZhbHVlIjoiQnNTS2FVd3phOWhpaWY3YXRCb0o2YnBPVXZibEMrQm5mOThCVEVNOVdyajFPajl6alBvT2Rqb1JZOWY5WVZuRiIsIm1hYyI6IjFmNDQ3MGZiN2IyOWRlNTgyOTE4YWI1ODU5Y2IyMDFjNzA3ZjUzMDNkZmUxN2ZlMzJlNDQ0MDQ3OGJiYzFkYmUifQ%3D%3D