![](/screenshots/540ddc94-9119-409a-968b-26a2b8d888eb.png)
r.redirekted.com
Open in
urlscan Pro
66.165.243.160
Public Scan
Effective URL: https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
Submission Tags: phishingrod
Submission: On April 26 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 13th 2024. Valid for: 3 months.
This is the only time r.redirekted.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 54.157.24.8 54.157.24.8 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 | 72.52.179.174 72.52.179.174 | 32244 (LIQUIDWEB) (LIQUIDWEB) | |
4 | 66.165.243.160 66.165.243.160 | 29802 (HVC-AS) (HVC-AS) | |
3 | 2001:4860:480... 2001:4860:4802:38::178 | () () | |
15 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-157-24-8.compute-1.amazonaws.com
secure.russiavulcanx.com |
ASN32244 (LIQUIDWEB, US)
PTR: lb01.parklogic.com
ww99.russiavulcanx.com |
ASN29802 (HVC-AS, US)
PTR: 66-165-243-160.static.hvvc.us
r.redirekted.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
russiavulcanx.com
1 redirects
secure.russiavulcanx.com ww99.russiavulcanx.com |
6 KB |
4 |
redirekted.com
r.redirekted.com |
11 KB |
3 |
google-analytics.com
www.google-analytics.com |
21 KB |
0 |
googletagmanager.com
Failed
www.googletagmanager.com Failed |
|
0 |
kelkoogroup.net
Failed
de-go.kelkoogroup.net Failed |
|
15 | 5 |
Domain | Requested by | |
---|---|---|
4 | r.redirekted.com |
ww99.russiavulcanx.com
r.redirekted.com |
3 | www.google-analytics.com |
r.redirekted.com
www.google-analytics.com |
3 | secure.russiavulcanx.com |
1 redirects
secure.russiavulcanx.com
|
2 | ww99.russiavulcanx.com |
ww99.russiavulcanx.com
|
0 | www.googletagmanager.com Failed |
www.google-analytics.com
|
0 | de-go.kelkoogroup.net Failed |
r.redirekted.com
|
15 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
api.adrenalads.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
secure.russiavulcanx.com R3 |
2024-04-21 - 2024-07-20 |
3 months | crt.sh |
redirekted.com R3 |
2024-04-13 - 2024-07-12 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-04-08 - 2024-07-01 |
3 months | crt.sh |
This page contains 2 frames:
Frame:
https://de-go.kelkoogroup.net/offersearchGo?.ts=1714033202978&.sig=UIjYAXlBk2IqpDr6VG.3x7VJ0mQ-&affiliationId=96965856&comId=100535679&country=de&offerId=fefb4e6072a6525d2a0ccef9733305ad&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=tsyjaF9qKFXIGX9gxZbHKL1tFF7bPXxA2r-03EmxFF0AFXVATslAzF9IvWTkKWjMRs7NKF3ZUqVk3pdZJsmWPM&custom2=jKWjuHsyjUL9gQAxqwqSExZvyRCexFrUAQB
Frame ID: 64AF4BA60EABDFF940F4023751675231
Requests: 10 HTTP requests in this frame
Frame:
https://r.redirekted.com/go?e=DwCaxHVyVPF85wWtk3p55GsYywBeLaVW1UXdZTs7pFC9SzVuglpd8IsmEmFeHlV6x3C5kGVytQFe4QsW13B11wXuyKBeLKs8blBa4Qs-LPM8MKr64KW4RzXytmKdfmV6x3CNuTslgvFefQLNImqwtxs6p2E1VTAx5UWxcHAc03FltFquIQXWgwXbD2L75GsUAQWa5mZ78IF-AUqtkKWzxHsyLFL55GsQSPXxO2Z2uxCm8GssEmBsATs6fFEeZ3WYImq4uzsyDwL-MaVtglp4yxsbjUL8AUBVclB9xGs-DKF9SJr9flBjcxsyj3F8uPs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Frame ID: F376416B9345B178F1CEA5ADA75DCF72
Requests: 5 HTTP requests in this frame
Screenshot
![](/screenshots/540ddc94-9119-409a-968b-26a2b8d888eb.png)
Page URL History Show full URLs
- https://secure.russiavulcanx.com/ Page URL
- https://secure.russiavulcanx.com/.IGV0hOcNusVJOgqoD1HuWTk0PssdueKB Page URL
-
https://secure.russiavulcanx.com/
HTTP 302
http://ww99.russiavulcanx.com/ HTTP 307
https://ww99.russiavulcanx.com/ HTTP 307
http://ww99.russiavulcanx.com/ Page URL
- http://ww99.russiavulcanx.com/page/bouncy.php?&bpae=Gbh%2BtC0HvUx%2F9pthzWl3yE0ZPjJ9XKtnmGBscRXNUVlpFc5QEO... Page URL
-
http://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78b...
HTTP 307
https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78b... Page URL
Detected technologies
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Click here to continue.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://secure.russiavulcanx.com/ Page URL
- https://secure.russiavulcanx.com/.IGV0hOcNusVJOgqoD1HuWTk0PssdueKB Page URL
-
https://secure.russiavulcanx.com/
HTTP 302
http://ww99.russiavulcanx.com/ HTTP 307
https://ww99.russiavulcanx.com/ HTTP 307
http://ww99.russiavulcanx.com/ Page URL
- http://ww99.russiavulcanx.com/page/bouncy.php?&bpae=Gbh%2BtC0HvUx%2F9pthzWl3yE0ZPjJ9XKtnmGBscRXNUVlpFc5QEOjO6jhLFmHfy44ZPLEd5s15epkLPBTmRqFCk%2F8gT4Z2DVQBH2K7%2FVAewEPaLbXm2zD1YBd3Qn3Y3IOt6WnUesbO8zhQMnDtYvuLanYixvz131wdRJoMDUseuGmkJr0VU7hE5XpEMDySF8V8O16ov%2FNuOSm%2F2opINOJLE3PgC3PNEgDkt3hQfVQzNSTpNRjRpayqJYt%2B0PyPffPUyO8Tzvh3c3hb1aLk5Vkop5FW4PIIzpbRJ9%2BqpaC%2FAm4u66imRbLi%2Fq3x9Jj%2FXi2qOgw7GiyQzhEJUq2%2FQ%2FVt2sQbGPZfv0kLDGMXctPOM6qtscycsP0L9GgY5IwG2qXrPcNxzGrDEsZCBIl96VueUVnu5mxqH4atZaz75ZW4LTqfgJ%2Fp%2BV5tjRxhTdc8h5F3XNUSB8AfbiFr0bLwCNlus0%2F3impttKydS8%2FejeM%3D&redirectType=js&inIframe=false&inPopUp=false Page URL
-
http://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
HTTP 307
https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://secure.russiavulcanx.com/ HTTP 302
- http://ww99.russiavulcanx.com/ HTTP 307
- https://ww99.russiavulcanx.com/ HTTP 307
- http://ww99.russiavulcanx.com/
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
secure.russiavulcanx.com/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
secure.russiavulcanx.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
.IGV0hOcNusVJOgqoD1HuWTk0PssdueKB
secure.russiavulcanx.com/ |
140 B 302 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ww99.russiavulcanx.com/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
secure.russiavulcanx.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bouncy.php
ww99.russiavulcanx.com/page/ |
889 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
redirect
r.redirekted.com/ Redirect Chain
|
844 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adren.css
r.redirekted.com/css/ |
243 B 479 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adren.min.js
r.redirekted.com/js/ |
7 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
go
r.redirekted.com/ Frame F376 |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Frame F376 |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ Frame F376 |
15 B 159 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ Frame F376 |
35 B 195 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
offersearchGo
de-go.kelkoogroup.net/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
js
www.googletagmanager.com/gtag/ Frame F376 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- secure.russiavulcanx.com
- URL
- https://secure.russiavulcanx.com/favicon.ico
- Domain
- secure.russiavulcanx.com
- URL
- https://secure.russiavulcanx.com/favicon.ico
- Domain
- de-go.kelkoogroup.net
- URL
- https://de-go.kelkoogroup.net/offersearchGo?.ts=1714033202978&.sig=UIjYAXlBk2IqpDr6VG.3x7VJ0mQ-&affiliationId=96965856&comId=100535679&country=de&offerId=fefb4e6072a6525d2a0ccef9733305ad&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=tsyjaF9qKFXIGX9gxZbHKL1tFF7bPXxA2r-03EmxFF0AFXVATslAzF9IvWTkKWjMRs7NKF3ZUqVk3pdZJsmWPM&custom2=jKWjuHsyjUL9gQAxqwqSExZvyRCexFrUAQB
- Domain
- www.googletagmanager.com
- URL
- https://www.googletagmanager.com/gtag/js?id=G-TG55WX34R2&cx=c&_slc=1
Verdicts & Comments Add Verdict or Comment
22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| utf8_encode function| md5 function| screenSize function| readCookie function| reverse function| str_rot13 function| str_rot47 function| base64_encode function| js_encode function| readySetGo object| ck number| nstr string| md5str object| scr number| scrw number| scrh string| t string| urlp string| b64 string| str_encode object| ifrm1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
secure.russiavulcanx.com/ | Name: m6RW96QaECHb2mXiRi7YQBqlkYuoZc7A Value: 1 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
de-go.kelkoogroup.net
r.redirekted.com
secure.russiavulcanx.com
ww99.russiavulcanx.com
www.google-analytics.com
www.googletagmanager.com
de-go.kelkoogroup.net
secure.russiavulcanx.com
www.googletagmanager.com
2001:4860:4802:38::178
54.157.24.8
66.165.243.160
72.52.179.174
697a60a5acbead5bf1a911bede22e2a465beb09be4c61ebb18c57d71d36c4f0b
8597d8112ffa8f07199b715746aebe0bc4180e1c23cf4de02ef8fdc8f57e0bdc
c8a64e0af33ffc6c5ac383016c4ae410a3eed7c45bd96ced049d49b7785a5fa2
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777
e565762315315c4d2824d5038fbf15f22004472ef178b2fca374815a2335ca01