urlscan.io logo urlscan.io
SecurityTrails logo

r.redirekted.com Open in urlscan Pro
66.165.243.160  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secure.russiavulcanx.com/
Effective URL: https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
Submission Tags: phishingrod
Submission: On April 26 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 15 HTTP transactions. The main IP is 66.165.243.160, located in Los Angeles, United States and belongs to HVC-AS, US. The main domain is r.redirekted.com.
TLS certificate: Issued by R3 on April 13th 2024. Valid for: 3 months.
This is the only time r.redirekted.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 3 54.157.24.8 14618 (AMAZON-AES)
2 72.52.179.174 32244 (LIQUIDWEB)
4 66.165.243.160 29802 (HVC-AS)
3 2001:4860:480... ()
15 5
Domain Requested by
4 r.redirekted.com ww99.russiavulcanx.com
r.redirekted.com
3 www.google-analytics.com r.redirekted.com
www.google-analytics.com
3 secure.russiavulcanx.com 1 redirects secure.russiavulcanx.com
2 ww99.russiavulcanx.com ww99.russiavulcanx.com
0 www.googletagmanager.com Failed www.google-analytics.com
0 de-go.kelkoogroup.net Failed r.redirekted.com
15 6

This site contains links to these domains. Also see Links.

Domain
api.adrenalads.com
Subject Issuer Validity Valid
secure.russiavulcanx.com
R3		 2024-04-21 -
2024-07-20		 3 months crt.sh
redirekted.com
R3		 2024-04-13 -
2024-07-12		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-04-08 -
2024-07-01		 3 months crt.sh

This page contains 2 frames:

Frame: https://de-go.kelkoogroup.net/offersearchGo?.ts=1714033202978&.sig=UIjYAXlBk2IqpDr6VG.3x7VJ0mQ-&affiliationId=96965856&comId=100535679&country=de&offerId=fefb4e6072a6525d2a0ccef9733305ad&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=tsyjaF9qKFXIGX9gxZbHKL1tFF7bPXxA2r-03EmxFF0AFXVATslAzF9IvWTkKWjMRs7NKF3ZUqVk3pdZJsmWPM&custom2=jKWjuHsyjUL9gQAxqwqSExZvyRCexFrUAQB
Frame ID: 64AF4BA60EABDFF940F4023751675231
Requests: 10 HTTP requests in this frame

Frame: https://r.redirekted.com/go?e=DwCaxHVyVPF85wWtk3p55GsYywBeLaVW1UXdZTs7pFC9SzVuglpd8IsmEmFeHlV6x3C5kGVytQFe4QsW13B11wXuyKBeLKs8blBa4Qs-LPM8MKr64KW4RzXytmKdfmV6x3CNuTslgvFefQLNImqwtxs6p2E1VTAx5UWxcHAc03FltFquIQXWgwXbD2L75GsUAQWa5mZ78IF-AUqtkKWzxHsyLFL55GsQSPXxO2Z2uxCm8GssEmBsATs6fFEeZ3WYImq4uzsyDwL-MaVtglp4yxsbjUL8AUBVclB9xGs-DKF9SJr9flBjcxsyj3F8uPs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Frame ID: F376416B9345B178F1CEA5ADA75DCF72
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://secure.russiavulcanx.com/ Page URL
  2. https://secure.russiavulcanx.com/.IGV0hOcNusVJOgqoD1HuWTk0PssdueKB Page URL
  3. https://secure.russiavulcanx.com/ HTTP 302
    http://ww99.russiavulcanx.com/ HTTP 307
    https://ww99.russiavulcanx.com/ HTTP 307
    http://ww99.russiavulcanx.com/ Page URL
  4. http://ww99.russiavulcanx.com/page/bouncy.php?&bpae=Gbh%2BtC0HvUx%2F9pthzWl3yE0ZPjJ9XKtnmGBscRXNUVlpFc5QEO... Page URL
  5. http://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78b... HTTP 307
    https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78b... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

15
Requests

60 %
HTTPS

25 %
IPv6

5
Domains

6
Subdomains

5
IPs

1
Countries

38 kB
Transfer

68 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secure.russiavulcanx.com/ Page URL
  2. https://secure.russiavulcanx.com/.IGV0hOcNusVJOgqoD1HuWTk0PssdueKB Page URL
  3. https://secure.russiavulcanx.com/ HTTP 302
    http://ww99.russiavulcanx.com/ HTTP 307
    https://ww99.russiavulcanx.com/ HTTP 307
    http://ww99.russiavulcanx.com/ Page URL
  4. http://ww99.russiavulcanx.com/page/bouncy.php?&bpae=Gbh%2BtC0HvUx%2F9pthzWl3yE0ZPjJ9XKtnmGBscRXNUVlpFc5QEOjO6jhLFmHfy44ZPLEd5s15epkLPBTmRqFCk%2F8gT4Z2DVQBH2K7%2FVAewEPaLbXm2zD1YBd3Qn3Y3IOt6WnUesbO8zhQMnDtYvuLanYixvz131wdRJoMDUseuGmkJr0VU7hE5XpEMDySF8V8O16ov%2FNuOSm%2F2opINOJLE3PgC3PNEgDkt3hQfVQzNSTpNRjRpayqJYt%2B0PyPffPUyO8Tzvh3c3hb1aLk5Vkop5FW4PIIzpbRJ9%2BqpaC%2FAm4u66imRbLi%2Fq3x9Jj%2FXi2qOgw7GiyQzhEJUq2%2FQ%2FVt2sQbGPZfv0kLDGMXctPOM6qtscycsP0L9GgY5IwG2qXrPcNxzGrDEsZCBIl96VueUVnu5mxqH4atZaz75ZW4LTqfgJ%2Fp%2BV5tjRxhTdc8h5F3XNUSB8AfbiFr0bLwCNlus0%2F3impttKydS8%2FejeM%3D&redirectType=js&inIframe=false&inPopUp=false Page URL
  5. http://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b HTTP 307
    https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://secure.russiavulcanx.com/ HTTP 302
  • http://ww99.russiavulcanx.com/ HTTP 307
  • https://ww99.russiavulcanx.com/ HTTP 307
  • http://ww99.russiavulcanx.com/

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
secure.russiavulcanx.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.russiavulcanx.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.157.24.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-157-24-8.compute-1.amazonaws.com
Software
openresty /
Resource Hash
697a60a5acbead5bf1a911bede22e2a465beb09be4c61ebb18c57d71d36c4f0b

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control
no-store, max-age=0
content-encoding
gzip
content-type
text/html
date
Fri, 26 Apr 2024 07:05:59 GMT
server
openresty
favicon.ico
secure.russiavulcanx.com/ 		0
0
.IGV0hOcNusVJOgqoD1HuWTk0PssdueKB
secure.russiavulcanx.com/ 		140 B
302 B 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.russiavulcanx.com/.IGV0hOcNusVJOgqoD1HuWTk0PssdueKB
Requested by
Host: secure.russiavulcanx.com
URL: https://secure.russiavulcanx.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.157.24.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-157-24-8.compute-1.amazonaws.com
Software
openresty /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://secure.russiavulcanx.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"
sec-ch-ua-platform-version
"10.0.0"

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control
no-store, max-age=0
content-encoding
gzip
content-type
text/html
date
Fri, 26 Apr 2024 07:05:59 GMT
server
openresty
/
ww99.russiavulcanx.com/
Redirect Chain
  • https://secure.russiavulcanx.com/
  • http://ww99.russiavulcanx.com/
  • https://ww99.russiavulcanx.com/
  • http://ww99.russiavulcanx.com/
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ww99.russiavulcanx.com/
Protocol
HTTP/1.1
Server
72.52.179.174 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
lb01.parklogic.com
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 / PHP/5.4.16
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"
sec-ch-ua-platform-version
"10.0.0"

Response headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
2218
Content-Type
text/html; charset=UTF-8
Date
Fri, 26 Apr 2024 07:06:02 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By
PHP/5.4.16

Redirect headers

Location
http://ww99.russiavulcanx.com/
Non-Authoritative-Reason
HttpsUpgrades
favicon.ico
secure.russiavulcanx.com/ 		0
0
bouncy.php
ww99.russiavulcanx.com/page/ 		889 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ww99.russiavulcanx.com/page/bouncy.php?&bpae=Gbh%2BtC0HvUx%2F9pthzWl3yE0ZPjJ9XKtnmGBscRXNUVlpFc5QEOjO6jhLFmHfy44ZPLEd5s15epkLPBTmRqFCk%2F8gT4Z2DVQBH2K7%2FVAewEPaLbXm2zD1YBd3Qn3Y3IOt6WnUesbO8zhQMnDtYvuLanYixvz131wdRJoMDUseuGmkJr0VU7hE5XpEMDySF8V8O16ov%2FNuOSm%2F2opINOJLE3PgC3PNEgDkt3hQfVQzNSTpNRjRpayqJYt%2B0PyPffPUyO8Tzvh3c3hb1aLk5Vkop5FW4PIIzpbRJ9%2BqpaC%2FAm4u66imRbLi%2Fq3x9Jj%2FXi2qOgw7GiyQzhEJUq2%2FQ%2FVt2sQbGPZfv0kLDGMXctPOM6qtscycsP0L9GgY5IwG2qXrPcNxzGrDEsZCBIl96VueUVnu5mxqH4atZaz75ZW4LTqfgJ%2Fp%2BV5tjRxhTdc8h5F3XNUSB8AfbiFr0bLwCNlus0%2F3impttKydS8%2FejeM%3D&redirectType=js&inIframe=false&inPopUp=false
Requested by
Host: ww99.russiavulcanx.com
URL: http://ww99.russiavulcanx.com/
Protocol
HTTP/1.1
Server
72.52.179.174 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
lb01.parklogic.com
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 / PHP/5.4.16
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
http://ww99.russiavulcanx.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
889
Content-Type
text/html; charset=UTF-8
Date
Fri, 26 Apr 2024 07:06:02 GMT
Pragma
no-cache
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By
PHP/5.4.16
Primary Request redirect
r.redirekted.com/
Redirect Chain
  • http://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
  • https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
844 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
Requested by
Host: ww99.russiavulcanx.com
URL: http://ww99.russiavulcanx.com/page/bouncy.php?&bpae=Gbh%2BtC0HvUx%2F9pthzWl3yE0ZPjJ9XKtnmGBscRXNUVlpFc5QEOjO6jhLFmHfy44ZPLEd5s15epkLPBTmRqFCk%2F8gT4Z2DVQBH2K7%2FVAewEPaLbXm2zD1YBd3Qn3Y3IOt6WnUesbO8zhQMnDtYvuLanYixvz131wdRJoMDUseuGmkJr0VU7hE5XpEMDySF8V8O16ov%2FNuOSm%2F2opINOJLE3PgC3PNEgDkt3hQfVQzNSTpNRjRpayqJYt%2B0PyPffPUyO8Tzvh3c3hb1aLk5Vkop5FW4PIIzpbRJ9%2BqpaC%2FAm4u66imRbLi%2Fq3x9Jj%2FXi2qOgw7GiyQzhEJUq2%2FQ%2FVt2sQbGPZfv0kLDGMXctPOM6qtscycsP0L9GgY5IwG2qXrPcNxzGrDEsZCBIl96VueUVnu5mxqH4atZaz75ZW4LTqfgJ%2Fp%2BV5tjRxhTdc8h5F3XNUSB8AfbiFr0bLwCNlus0%2F3impttKydS8%2FejeM%3D&redirectType=js&inIframe=false&inPopUp=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.23.3 / PHP/8.1.13
Resource Hash
c8a64e0af33ffc6c5ac383016c4ae410a3eed7c45bd96ced049d49b7785a5fa2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
http://ww99.russiavulcanx.com/page/bouncy.php?&bpae=Gbh%2BtC0HvUx%2F9pthzWl3yE0ZPjJ9XKtnmGBscRXNUVlpFc5QEOjO6jhLFmHfy44ZPLEd5s15epkLPBTmRqFCk%2F8gT4Z2DVQBH2K7%2FVAewEPaLbXm2zD1YBd3Qn3Y3IOt6WnUesbO8zhQMnDtYvuLanYixvz131wdRJoMDUseuGmkJr0VU7hE5XpEMDySF8V8O16ov%2FNuOSm%2F2opINOJLE3PgC3PNEgDkt3hQfVQzNSTpNRjRpayqJYt%2B0PyPffPUyO8Tzvh3c3hb1aLk5Vkop5FW4PIIzpbRJ9%2BqpaC%2FAm4u66imRbLi%2Fq3x9Jj%2FXi2qOgw7GiyQzhEJUq2%2FQ%2FVt2sQbGPZfv0kLDGMXctPOM6qtscycsP0L9GgY5IwG2qXrPcNxzGrDEsZCBIl96VueUVnu5mxqH4atZaz75ZW4LTqfgJ%2Fp%2BV5tjRxhTdc8h5F3XNUSB8AfbiFr0bLwCNlus0%2F3impttKydS8%2FejeM%3D&redirectType=js&inIframe=false&inPopUp=false
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 26 Apr 2024 07:06:03 GMT
Server
nginx/1.23.3
Transfer-Encoding
chunked
X-Powered-By
PHP/8.1.13

Redirect headers

Location
https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
Non-Authoritative-Reason
HttpsUpgrades
adren.css
r.redirekted.com/css/ 		243 B
479 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/css/adren.css?n=1815151556
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.23.3 /
Resource Hash
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 07:06:03 GMT
Last-Modified
Sat, 03 Jul 2021 05:46:18 GMT
Server
nginx/1.23.3
ETag
"60dff9aa-f3"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
243
adren.min.js
r.redirekted.com/js/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/js/adren.min.js?n=1815151556
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.23.3 /
Resource Hash
8597d8112ffa8f07199b715746aebe0bc4180e1c23cf4de02ef8fdc8f57e0bdc

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 07:06:03 GMT
Last-Modified
Fri, 05 Apr 2024 12:36:31 GMT
Server
nginx/1.23.3
ETag
"660ff04f-1d72"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7538
go
r.redirekted.com/ Frame F376 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/go?e=DwCaxHVyVPF85wWtk3p55GsYywBeLaVW1UXdZTs7pFC9SzVuglpd8IsmEmFeHlV6x3C5kGVytQFe4QsW13B11wXuyKBeLKs8blBa4Qs-LPM8MKr64KW4RzXytmKdfmV6x3CNuTslgvFefQLNImqwtxs6p2E1VTAx5UWxcHAc03FltFquIQXWgwXbD2L75GsUAQWa5mZ78IF-AUqtkKWzxHsyLFL55GsQSPXxO2Z2uxCm8GssEmBsATs6fFEeZ3WYImq4uzsyDwL-MaVtglp4yxsbjUL8AUBVclB9xGs-DKF9SJr9flBjcxsyj3F8uPs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/js/adren.min.js?n=1815151556
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.23.3 / PHP/8.1.13
Resource Hash
e565762315315c4d2824d5038fbf15f22004472ef178b2fca374815a2335ca01

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://r.redirekted.com/redirect?redirect_id=80fc161ecbadcdb5f2e90bb986a84b4b&request_id=402e502f78bdd15f825e7d6d64473e4b
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 26 Apr 2024 07:06:03 GMT
Server
nginx/1.23.3
Transfer-Encoding
chunked
X-Powered-By
PHP/8.1.13
analytics.js
www.google-analytics.com/ Frame F376 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/go?e=DwCaxHVyVPF85wWtk3p55GsYywBeLaVW1UXdZTs7pFC9SzVuglpd8IsmEmFeHlV6x3C5kGVytQFe4QsW13B11wXuyKBeLKs8blBa4Qs-LPM8MKr64KW4RzXytmKdfmV6x3CNuTslgvFefQLNImqwtxs6p2E1VTAx5UWxcHAc03FltFquIQXWgwXbD2L75GsUAQWa5mZ78IF-AUqtkKWzxHsyLFL55GsQSPXxO2Z2uxCm8GssEmBsATs6fFEeZ3WYImq4uzsyDwL-MaVtglp4yxsbjUL8AUBVclB9xGs-DKF9SJr9flBjcxsyj3F8uPs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://r.redirekted.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 26 Apr 2024 05:48:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4675
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 26 Apr 2024 07:48:08 GMT
collect
www.google-analytics.com/j/ Frame F376 		15 B
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=938579937&t=pageview&_s=1&dl=https%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVyVPF85wWtk3p55GsYywBeLaVW1UXdZTs7pFC9SzVuglpd8IsmEmFeHlV6x3C5kGVytQFe4QsW13B11wXuyKBeLKs8blBa4Qs-LPM8MKr64KW4RzXytmKdfmV6x3CNuTslgvFefQLNImqwtxs6p2E1VTAx5UWxcHAc03FltFquIQXWgwXbD2L75GsUAQWa5mZ78IF-AUqtkKWzxHsyLFL55GsQSPXxO2Z2uxCm8GssEmBsATs6fFEeZ3WYImq4uzsyDwL-MaVtglp4yxsbjUL8AUBVclB9xGs-DKF9SJr9flBjcxsyj3F8uPs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW&ul=de-de&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=101412190&gjid=1949387915&cid=1434705880.1714115164&tid=UA-32454353-1&_gid=312631676.1714115164&_r=1&_slc=1&z=1529513881
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://r.redirekted.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 26 Apr 2024 07:06:03 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://r.redirekted.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ Frame F376 		35 B
195 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=938579937&t=pageview&_s=2&dl=https%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVyVPF85wWtk3p55GsYywBeLaVW1UXdZTs7pFC9SzVuglpd8IsmEmFeHlV6x3C5kGVytQFe4QsW13B11wXuyKBeLKs8blBa4Qs-LPM8MKr64KW4RzXytmKdfmV6x3CNuTslgvFefQLNImqwtxs6p2E1VTAx5UWxcHAc03FltFquIQXWgwXbD2L75GsUAQWa5mZ78IF-AUqtkKWzxHsyLFL55GsQSPXxO2Z2uxCm8GssEmBsATs6fFEeZ3WYImq4uzsyDwL-MaVtglp4yxsbjUL8AUBVclB9xGs-DKF9SJr9flBjcxsyj3F8uPs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW&ul=de-de&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1434705880.1714115164&tid=UA-32454353-1&_gid=312631676.1714115164&cd1=oz9lMJE8n2kesUk8sT5ipzIxsTgfn3k8sUj%3D&z=1265409959
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/go?e=DwCaxHVyVPF85wWtk3p55GsYywBeLaVW1UXdZTs7pFC9SzVuglpd8IsmEmFeHlV6x3C5kGVytQFe4QsW13B11wXuyKBeLKs8blBa4Qs-LPM8MKr64KW4RzXytmKdfmV6x3CNuTslgvFefQLNImqwtxs6p2E1VTAx5UWxcHAc03FltFquIQXWgwXbD2L75GsUAQWa5mZ78IF-AUqtkKWzxHsyLFL55GsQSPXxO2Z2uxCm8GssEmBsATs6fFEeZ3WYImq4uzsyDwL-MaVtglp4yxsbjUL8AUBVclB9xGs-DKF9SJr9flBjcxsyj3F8uPs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://r.redirekted.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 25 Apr 2024 13:53:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
61940
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
offersearchGo
de-go.kelkoogroup.net/ 		0
0
js
www.googletagmanager.com/gtag/ Frame F376 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secure.russiavulcanx.com
URL
https://secure.russiavulcanx.com/favicon.ico
Domain
secure.russiavulcanx.com
URL
https://secure.russiavulcanx.com/favicon.ico
Domain
de-go.kelkoogroup.net
URL
https://de-go.kelkoogroup.net/offersearchGo?.ts=1714033202978&.sig=UIjYAXlBk2IqpDr6VG.3x7VJ0mQ-&affiliationId=96965856&comId=100535679&country=de&offerId=fefb4e6072a6525d2a0ccef9733305ad&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=tsyjaF9qKFXIGX9gxZbHKL1tFF7bPXxA2r-03EmxFF0AFXVATslAzF9IvWTkKWjMRs7NKF3ZUqVk3pdZJsmWPM&custom2=jKWjuHsyjUL9gQAxqwqSExZvyRCexFrUAQB
Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-TG55WX34R2&cx=c&_slc=1

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| utf8_encode function| md5 function| screenSize function| readCookie function| reverse function| str_rot13 function| str_rot47 function| base64_encode function| js_encode function| readySetGo object| ck number| nstr string| md5str object| scr number| scrw number| scrh string| t string| urlp string| b64 string| str_encode object| ifrm

1 Cookies

Domain/Path Name / Value
secure.russiavulcanx.com/ Name: m6RW96QaECHb2mXiRi7YQBqlkYuoZc7A
Value: 1

2 Console Messages

Source Level URL
Text
network error URL: https://secure.russiavulcanx.com/favicon.ico
Message:
Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network error URL: https://secure.russiavulcanx.com/favicon.ico
Message:
Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR