rdrct1.org - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 108.61.135.76, located in Matawan, United States and belongs to AS-CHOOPA - Choopa, LLC, US. The main domain is rdrct1.org.

This is the only time rdrct1.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	91.234.35.247 91.234.35.247	56485 (THEHOST-AS) (THEHOST-AS)
1 1	195.28.183.126 195.28.183.126	15626 (ITLAS) (ITLAS)
2	108.61.135.76 108.61.135.76	20473 (AS-CHOOPA) (AS-CHOOPA - Choopa)
2	13.32.158.53 13.32.158.53	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	3

2 91.234.35.247 (Ukraine)

ASN56485 (THEHOST-AS, UA)
PTR: voron.freedomain.thehost.com.ua

lkik.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.28.183.126 (Kharkov, Ukraine) 1 redirects

ASN15626 (ITLAS, UA)
PTR: zoneo446.vds

herodota.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.61.135.76 (Matawan, United States)

ASN20473 (AS-CHOOPA - Choopa, LLC, US)
PTR: 108.61.135.76.vultr.com

rdrct1.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.158.53 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-158-53.fra56.r.cloudfront.net

d3ikljl879wvvx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	cloudfront.net d3ikljl879wvvx.cloudfront.net	4 MB
2	rdrct1.org rdrct1.org	5 KB
2	lkik.us lkik.us	1 KB
1	herodota.ru 1 redirects herodota.ru	657 B
6	4

	Domain	Requested by
2	d3ikljl879wvvx.cloudfront.net	rdrct1.org
2	rdrct1.org	lkik.us rdrct1.org
2	lkik.us	lkik.us
1	herodota.ru	1 redirects
6	4

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://rdrct1.org/rnhbnnyuq
Frame ID: 0D0937BC70E04431216B8465355F802F
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://lkik.us/ Page URL
http://herodota.ru/?pakusay&charset=windows-1251&keyword=[KEYWORD] HTTP 302
http://rdrct1.org/rnhbnnyuq Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

6
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

3760 kB
Transfer

3941 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://lkik.us/ Page URL
http://herodota.ru/?pakusay&charset=windows-1251&keyword=[KEYWORD] HTTP 302
http://rdrct1.org/rnhbnnyuq Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
lkik.us/ 1 KB
896 B 93ms
56ms Document
text/html 91.234.35.247
THEHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://lkik.us/
Protocol: HTTP/1.1
Server: 91.234.35.247 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS: voron.freedomain.thehost.com.ua
Software: nginx/1.2.1 / PHP/5.4.45-0+deb7u5
Resource Hash: c3715ae234af68ae765c3177cdccdb8e1d0e51fd9cd1e0a85d248ed525f5bec3

Request headers

Host: lkik.us
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 0D0937BC70E04431216B8465355F802F

Response headers

Server: nginx/1.2.1
Date: Wed, 06 Jun 2018 08:50:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 652
Connection: keep-alive
X-Powered-By: PHP/5.4.45-0+deb7u5
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H/1.1 200
OK cs2.js
lkik.us/ 301 B
531 B 36ms
36ms Script
application/x-javascript 91.234.35.247
THEHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://lkik.us/cs2.js
Requested by: Host: lkik.us
URL: http://lkik.us/
Protocol: HTTP/1.1
Server: 91.234.35.247 , Ukraine, ASN56485 (THEHOST-AS, UA),
Reverse DNS: voron.freedomain.thehost.com.ua
Software: nginx/1.2.1 /
Resource Hash

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lkik.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: */*
Referer: http://lkik.us/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://lkik.us/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Wed, 06 Jun 2018 08:50:17 GMT
Last-Modified: Sat, 21 Apr 2018 17:08:15 GMT
Server: nginx/1.2.1
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 301
Content-Type: application/x-javascript

GET
H/1.1

200
OK

Primary Request rnhbnnyuq Show response
rdrct1.org/
Redirect Chain

http://herodota.ru/?pakusay&charset=windows-1251&keyword=[KEYWORD]
http://rdrct1.org/rnhbnnyuq

9 KB
5 KB

522ms
259ms

Document
text/html

108.61.135.76
Choopa

General

Check archive.org

Show headers Download Go to

Full URL

http://rdrct1.org/rnhbnnyuq

Requested by

Host: lkik.us
URL: http://lkik.us/

Protocol

HTTP/1.1

Server

108.61.135.76 Matawan, United States, ASN20473 (AS-CHOOPA - Choopa, LLC, US),

Reverse DNS

108.61.135.76.vultr.com

Software

nginx /

Resource Hash

bf3263f94ab0c2fbe51b38790f8196040be6006f04b69adb81ef93a9b53f9c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: rdrct1.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://lkik.us/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 0D0937BC70E04431216B8465355F802F
Referer: http://lkik.us/

Response headers

Server: nginx
Date: Wed, 06 Jun 2018 08:50:18 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
set-cookie: uord=2630b35534ff50b4b0e77916e9a7c088; path=/; expires=Fri, 05 Jun 2020 08:50:18 GMT; max-age=63072000; HttpOnly k=SFMyNTY.g3QAAAAIbQAAAARhdW5xbQAAABZ7IjEyMjgwIjoiTXB6Z05OZVl2UiJ9bQAAAANoaWRtAAAAHG1lVVBVeEdqSEdFemhXV3VkclZMRWJacnZleU9tAAAAHG1lVVBVeEdqSEdFemhXV3VkclZMRWJacnZleU90AAAAAWQABWFmZmlkYgAChpttAAAAAnJkdAAAAARkAApfX3N0cnVjdF9fZAAYRWxpeGlyLlRkZXguUm90YXRpb25EYXRhZAAOY2xpY2tlZF9vZmZlcnN0AAAAAGQACGxhbmRpbmdzbAAAAAFiAAAB6mpkAAtzZWVuX29mZmVyc2wAAAABYgAAJNdqbQAAAAVzdWJfMWQAA25pbG0AAAAFc3ViXzJkAANuaWxtAAAAB3RyYWNrZXJtAAAAB25vdHJhY2ttAAAAA3VucW0AAAALWG5oUGJib1dxU20.Ctmk2WpIPwS7_I1QYNzEd3E6VUIoJASWHasCY3CYTsU; path=/; expires=Thu, 06 Jun 2019 08:50:18 GMT; max-age=31536000 _opl=meUPUxGjHGEzhWWudrVLEbZrveyO:165531; path=/; HttpOnly
cache-control: max-age=0, private, must-revalidate
x-request-id: n3km7085u1984ocv8a8a09jtdj9ar2io
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Wed, 06 Jun 2018 08:50:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 20
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.45-0+deb7u8
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Cache-Control: max-age=0
Pragma: no-cache
Set-Cookie: 7de65=%7B%22streams%22%3A%7B%22752%22%3A1528264218%7D%2C%22campaigns%22%3A%7B%2281%22%3A1528264218%7D%2C%22time%22%3A1528264218%7D; expires=Sat, 07-Jul-2018 08:50:16 GMT; path=/; domain=.herodota.ru
Last-Modified: Wed, 06 Jun 2018 08:50:16 GMT
Location: http://rdrct1.org/rnhbnnyuq
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H/1.1 200
OK script.min.js Show response
d3ikljl879wvvx.cloudfront.net/assets/92ca6c0406acc434f71cba5a43f0aadf/ 252 KB
76 KB 71ms
53ms Script
application/javascript 13.32.158.53
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://d3ikljl879wvvx.cloudfront.net/assets/92ca6c0406acc434f71cba5a43f0aadf/script.min.js
Requested by: Host: rdrct1.org
URL: http://rdrct1.org/rnhbnnyuq
Protocol: HTTP/1.1
Server: 13.32.158.53 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-158-53.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: eca89fbed61b68693b035130b0da8c9c3a0b6d5dcc4160027908c5ca2936dc85

Request headers

Referer: http://rdrct1.org/rnhbnnyuq
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 01 Jun 2018 15:04:08 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jun 2018 10:19:06 GMT
Server: nginx
Age: 63776
ETag: W/"5b111d9a-3f0de"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=utf-8
Via: 1.1 5e6663e1b6bfcd319fbf11ba3c6a1259.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
Connection: keep-alive
X-Amz-Cf-Id: ZkOnQ7w7JNhXJGlodBBFEWhIHKBoA4B_uDkYEVmhaOCnddYDb2ETIA==

GET
H/1.1 200
OK prm.js Show response
rdrct1.org/ 0
333 B 254ms
253ms Script
application/javascript 108.61.135.76
Choopa

General

Check archive.org

Show headers Download Go to

Full URL

http://rdrct1.org/prm.js?mh=bWVVUFV4R2pIR0V6aFdXdWRyVkxFYlpydmV5Ty04Njg2&a=165531

Requested by

Host: rdrct1.org
URL: http://rdrct1.org/rnhbnnyuq

Protocol

HTTP/1.1

Server

108.61.135.76 Matawan, United States, ASN20473 (AS-CHOOPA - Choopa, LLC, US),

Reverse DNS

108.61.135.76.vultr.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: rdrct1.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: */*
Referer: http://rdrct1.org/rnhbnnyuq
Cookie: uord=2630b35534ff50b4b0e77916e9a7c088; k=SFMyNTY.g3QAAAAIbQAAAARhdW5xbQAAABZ7IjEyMjgwIjoiTXB6Z05OZVl2UiJ9bQAAAANoaWRtAAAAHG1lVVBVeEdqSEdFemhXV3VkclZMRWJacnZleU9tAAAAHG1lVVBVeEdqSEdFemhXV3VkclZMRWJacnZleU90AAAAAWQABWFmZmlkYgAChpttAAAAAnJkdAAAAARkAApfX3N0cnVjdF9fZAAYRWxpeGlyLlRkZXguUm90YXRpb25EYXRhZAAOY2xpY2tlZF9vZmZlcnN0AAAAAGQACGxhbmRpbmdzbAAAAAFiAAAB6mpkAAtzZWVuX29mZmVyc2wAAAABYgAAJNdqbQAAAAVzdWJfMWQAA25pbG0AAAAFc3ViXzJkAANuaWxtAAAAB3RyYWNrZXJtAAAAB25vdHJhY2ttAAAAA3VucW0AAAALWG5oUGJib1dxU20.Ctmk2WpIPwS7_I1QYNzEd3E6VUIoJASWHasCY3CYTsU; _opl=meUPUxGjHGEzhWWudrVLEbZrveyO:165531
Connection: keep-alive
Cache-Control: no-cache
Referer: http://rdrct1.org/rnhbnnyuq
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Wed, 06 Jun 2018 08:50:19 GMT
x-content-type-options: nosniff
Server: nginx
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
Connection: keep-alive
Content-Length: 0
x-xss-protection: 1; mode=block
x-request-id: n1gdmobr5ndvrk1hte7rvo9q0etgmd22

GET
H/1.1 200
OK 15.gif
d3ikljl879wvvx.cloudfront.net/assets/92ca6c0406acc434f71cba5a43f0aadf/images/ 4 MB
4 MB 21ms
7ms Image
image/gif 13.32.158.53
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d3ikljl879wvvx.cloudfront.net/assets/92ca6c0406acc434f71cba5a43f0aadf/images/15.gif
Requested by: Host: rdrct1.org
URL: http://rdrct1.org/rnhbnnyuq
Protocol: HTTP/1.1
Server: 13.32.158.53 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-158-53.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 007c6074789317ec2bfd04ddd1c9003eea1e51007af7b9cbb9fc47df2073c506

Request headers

Referer: http://rdrct1.org/rnhbnnyuq
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Sat, 02 Jun 2018 06:44:36 GMT
Via: 1.1 7ff3248f5aef149847858a974cf62b00.cloudfront.net (CloudFront)
Last-Modified: Fri, 01 Jun 2018 10:19:06 GMT
Server: nginx
Age: 7171
ETag: "5b111d9a-397604"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3765764
X-Amz-Cf-Id: dAaBRm44mAp5zyfwSDzhWN9Sx2cT3sKUDjFQ7alFUYc9OhksNfnNjw==

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| next function| $ function| jQuery string| u

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
rdrct1.org/	1970-01-19 01:16:51	Name: k Value: SFMyNTY.g3QAAAAIbQAAAARhdW5xbQAAABZ7IjEyMjgwIjoiTXB6Z05OZVl2UiJ9bQAAAANoaWRtAAAAHG1lVVBVeEdqSEdFemhXV3VkclZMRWJacnZleU9tAAAAHG1lVVBVeEdqSEdFemhXV3VkclZMRWJacnZleU90AAAAAWQABWFmZmlkYgAChpttAAAAAnJkdAAAAARkAApfX3N0cnVjdF9fZAAYRWxpeGlyLlRkZXguUm90YXRpb25EYXRhZAAOY2xpY2tlZF9vZmZlcnN0AAAAAGQACGxhbmRpbmdzbAAAAAFiAAAB6mpkAAtzZWVuX29mZmVyc2wAAAABYgAAJNdqbQAAAAVzdWJfMWQAA25pbG0AAAAFc3ViXzJkAANuaWxtAAAAB3RyYWNrZXJtAAAAB25vdHJhY2ttAAAAA3VucW0AAAALWG5oUGJib1dxU20.Ctmk2WpIPwS7_I1QYNzEd3E6VUIoJASWHasCY3CYTsU
rdrct1.org/	1969-12-31 23:59:59	Name: _opl Value: meUPUxGjHGEzhWWudrVLEbZrveyO:165531
rdrct1.org/	1970-01-19 10:02:27	Name: uord Value: 2630b35534ff50b4b0e77916e9a7c088

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d3ikljl879wvvx.cloudfront.net
herodota.ru
lkik.us
rdrct1.org
108.61.135.76
13.32.158.53
195.28.183.126
91.234.35.247
007c6074789317ec2bfd04ddd1c9003eea1e51007af7b9cbb9fc47df2073c506
bf3263f94ab0c2fbe51b38790f8196040be6006f04b69adb81ef93a9b53f9c00
c3715ae234af68ae765c3177cdccdb8e1d0e51fd9cd1e0a85d248ed525f5bec3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eca89fbed61b68693b035130b0da8c9c3a0b6d5dcc4160027908c5ca2936dc85

rdrct1.org Open in urlscan Pro 108.61.135.76 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

0 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

3760 kBTransfer

3941 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

3 Cookies

Indicators

rdrct1.org Open in urlscan Pro
108.61.135.76 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

3760 kB
Transfer

3941 kB
Size

3
Cookies

6 HTTP transactions
0 data transactions