urlscan.io logo urlscan.io
SecurityTrails logo

spellads.com Open in urlscan Pro
185.49.85.110  Public Scan

Go To Rescan Add Verdict Report
URL: http://spellads.com/
Submission: On December 21 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 185.49.85.110, located in Iran, Islamic Republic Of and belongs to ASIATECH, IR. The main domain is spellads.com.
This is the only time spellads.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 185.49.85.110 43754 (ASIATECH)
3 185.143.234.120 205585 (ARVANCLOU...)
1 185.166.104.3 202319 (CAFEBAZAAR)
1 5 185.143.233.120 205585 (ARVANCLOU...)
1 51.83.105.55 16276 (OVH)
10 5
1    185.49.85.110 (Iran, Islamic Republic Of)

ASN43754 (ASIATECH, IR)
spellads.com
3    185.143.234.120 (Iran, Islamic Republic Of)

ASN205585 (ARVANCLOUD-CDN-, IR)
van.najva.com
1    185.166.104.3 (Iran, Islamic Republic Of)

ASN202319 (CAFEBAZAAR, IR)
cdn.yektanet.com
5    185.143.233.120 (Iran, Islamic Republic Of)

ASN205585 (ARVANCLOUD-CDN-, IR)
ua.yektanet.com
audience.yektanet.com
1    51.83.105.55 (France)

ASN16276 (OVH, FR)
cookie.najva.com
Apex Domain
Subdomains		 Transfer
6 yektanet.com
cdn.yektanet.com — Cisco Umbrella Rank: 63126
ua.yektanet.com — Cisco Umbrella Rank: 68841
audience.yektanet.com — Cisco Umbrella Rank: 72474
18 KB
4 najva.com
van.najva.com — Cisco Umbrella Rank: 116443
cookie.najva.com — Cisco Umbrella Rank: 506429
49 KB
1 spellads.com
spellads.com
839 B
10 3
Domain Requested by
4 ua.yektanet.com 1 redirects cdn.yektanet.com
ua.yektanet.com
3 van.najva.com spellads.com
van.najva.com
1 audience.yektanet.com cdn.yektanet.com
1 cookie.najva.com
1 cdn.yektanet.com van.najva.com
1 spellads.com
10 6

This site contains no links.

Subject Issuer Validity Valid
van.najva.com
R3		 2023-10-16 -
2024-01-14		 3 months crt.sh
cdn.yektanet.com
R3		 2023-11-27 -
2024-02-25		 3 months crt.sh
yektanet.com
R3		 2023-10-15 -
2024-01-13		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://spellads.com/
Frame ID: B6C362E8CD5919FF7094FD6DFF6A4506
Requests: 8 HTTP requests in this frame

Frame: https://ua.yektanet.com/cookie/iframe/
Frame ID: B3EC4D4E39CF3F7B65EB3F34D9046713
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

10
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

5
IPs

2
Countries

67 kB
Transfer

240 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://ua.yektanet.com/pixel?id=njv-email HTTP 302
  • https://cookie.najva.com/matching/?yektanet_user_id=ec5d8aa6-c97c-4a8d-9cc3-9f13b842d350&njc=

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
spellads.com/ 		1 KB
839 B 		Document
General
Check archive.org
Download Go to
Full URL
http://spellads.com/
Protocol
HTTP/1.1
Server
185.49.85.110 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
Software
/
Resource Hash
1cf0812509c5938bfe6604f9d05c2618f40cda4a15b3f6953c534eb346fa6fd3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
accept-ranges
bytes
content-encoding
gzip
content-length
566
content-type
text/html
date
Thu, 21 Dec 2023 10:11:24 GMT
last-modified
Tue, 26 Sep 2023 15:09:34 GMT
vary
Accept-Encoding
local-messaging.css
van.najva.com/static/cdn/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://van.najva.com/static/cdn/css/local-messaging.css?v=2023011021011
Requested by
Host: spellads.com
URL: http://spellads.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.143.234.120 , Iran, Islamic Republic Of, ASN205585 (ARVANCLOUD-CDN-, IR),
Reverse DNS
Software
ArvanCloud /
Resource Hash
5456146fcd0c934436c0fcb3855719e3d9bed96cb15f27dee2f11b89df20ac71
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://spellads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires
Thu, 21 Dec 2023 11:11:25 GMT
date
Thu, 21 Dec 2023 10:11:25 GMT
content-encoding
br
x-cache-status
MISS
x-cache
HIT
server-timing
total;dur=0
x-xss-protection
1; mode=block
x-request-id
37e3ea69b1f59c879f6e5d32c9e6b518
x-sid
4106
last-modified
Mon, 27 Dec 2021 16:31:31 GMT
server
ArvanCloud
etag
W/"20685ae09d2ce2a080031240f15c7725"
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
text/css
access-control-allow-origin
*
x-rgw-object-type
Normal
access-control-allow-credentials
true
cache-control
max-age=3600
access-control-max-age
1728000
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
x-amz-meta-mtime
1623484316
new-website410895-website-51158-3d354d16-3709-428d-b12f-009781800221.js
van.najva.com/static/js/scripts/ 		180 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://van.najva.com/static/js/scripts/new-website410895-website-51158-3d354d16-3709-428d-b12f-009781800221.js?v=2023011021011
Requested by
Host: spellads.com
URL: http://spellads.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.143.234.120 , Iran, Islamic Republic Of, ASN205585 (ARVANCLOUD-CDN-, IR),
Reverse DNS
Software
ArvanCloud /
Resource Hash
484ac1557316809102bc68e7d4b2310c43ac896352e33e7aeda1015f1f47f90c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://spellads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 10:11:25 GMT
content-encoding
br
x-cache-status
MISS
x-cache
HIT
server-timing
total;dur=0
x-xss-protection
1; mode=block
x-request-id
6e7a1c856176adb73cd67af2d7379c49
x-sid
4106
last-modified
Thu, 28 Sep 2023 11:50:47 GMT
server
ArvanCloud
etag
W/"2f564f1fbfcf3cbec14a0263b0dc65de"
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-rgw-object-type
Normal
access-control-allow-credentials
true
cache-control
max-age=3600
access-control-max-age
1728000
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
expires
Thu, 21 Dec 2023 11:11:25 GMT
new-website410895-website-51158-3d354d16-3709-428d-b12f-009781800221.json
van.najva.com/static/js/scripts/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://van.najva.com/static/js/scripts/new-website410895-website-51158-3d354d16-3709-428d-b12f-009781800221.json?v=2023-12-21T10
Requested by
Host: van.najva.com
URL: https://van.najva.com/static/js/scripts/new-website410895-website-51158-3d354d16-3709-428d-b12f-009781800221.js?v=2023011021011
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.143.234.120 , Iran, Islamic Republic Of, ASN205585 (ARVANCLOUD-CDN-, IR),
Reverse DNS
Software
ArvanCloud /
Resource Hash
ff8555f136d630f445e51b84fbbd12f9564f637f5b754a433b476a362779ff87
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://spellads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 10:11:25 GMT
content-encoding
br
x-cache-status
MISS
x-cache
MISS
server-timing
total;dur=96
x-xss-protection
1; mode=block
x-request-id
0847497d35f817ed984eaf320dd80e20
x-sid
4102
last-modified
Thu, 28 Sep 2023 11:50:49 GMT
server
ArvanCloud
etag
W/"3539ccaf49651654452d244f4ddc888e"
vary
Accept-Encoding, Origin
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
application/json
access-control-allow-origin
*
x-rgw-object-type
Normal
access-control-allow-credentials
true
cache-control
max-age=3600
access-control-max-age
1728000
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
expires
Thu, 21 Dec 2023 11:11:25 GMT
complete.js
cdn.yektanet.com/rg_woebegone/scripts_v4/pijZHGAR/ 		43 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.yektanet.com/rg_woebegone/scripts_v4/pijZHGAR/complete.js?v=2023-12-21T10
Requested by
Host: van.najva.com
URL: https://van.najva.com/static/js/scripts/new-website410895-website-51158-3d354d16-3709-428d-b12f-009781800221.js?v=2023011021011
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.166.104.3 , Iran, Islamic Republic Of, ASN202319 (CAFEBAZAAR, IR),
Reverse DNS
Software
Delivery /
Resource Hash
aa13018609b6c07644a4c01a79916410831b69e1db35aa3d03ed8f77154ead67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://spellads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 10:11:26 GMT
strict-transport-security
max-age=31536000
x-zrk-cs
MISS
last-modified
Tue, 21 Nov 2023 16:08:17 GMT
server
Delivery
x-amz-request-id
tx00000cf65e33496baefe6-0065840f4e-8439d35-default
etag
W/"db8272534da83478e4506e9a4c4e21ad"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
content-encoding
br
x-rgw-object-type
Normal
cache-control
public, max-age=3600
x-zrk-us
200
x-zrk-sn
3001
/
cookie.najva.com/matching/
Redirect Chain
  • https://ua.yektanet.com/pixel?id=njv-email
  • https://cookie.najva.com/matching/?yektanet_user_id=ec5d8aa6-c97c-4a8d-9cc3-9f13b842d350&njc=
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cookie.najva.com/matching/?yektanet_user_id=ec5d8aa6-c97c-4a8d-9cc3-9f13b842d350&njc=
Protocol
H2
Server
51.83.105.55 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://spellads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

expires
0
pragma
no-cache
date
Thu, 21 Dec 2023 10:11:26 GMT
last-modified
Thursday, 21-Dec-2023 10:11:26 GMT
server
ArvanCloud
x-cache
BYPASS
content-type
text/html
location
https://cookie.najva.com/matching/?yektanet_user_id=ec5d8aa6-c97c-4a8d-9cc3-9f13b842d350&njc=
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
server-timing
total;dur=101
content-length
151
x-xss-protection
1; mode=block
x-request-id
216ff44ac0fca7d65cc8bcca3b99a51f
x-sid
4107
/
audience.yektanet.com/api/v1/scripts/preview/validate/ 		5 B
442 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://audience.yektanet.com/api/v1/scripts/preview/validate/?app_id=pijZHGAR
Requested by
Host: cdn.yektanet.com
URL: https://cdn.yektanet.com/rg_woebegone/scripts_v4/pijZHGAR/complete.js?v=2023-12-21T10
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.143.233.120 , Iran, Islamic Republic Of, ASN205585 (ARVANCLOUD-CDN-, IR),
Reverse DNS
Software
ArvanCloud /
Resource Hash
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://spellads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 10:11:26 GMT
x-cache
BYPASS
server-timing
total;dur=153
content-length
5
x-xss-protection
1; mode=block
x-request-id
d497b046b0f57965b98d3ff4322fec15
x-sid
4107
pragma
no-cache
server
ArvanCloud
allow
GET, OPTIONS
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
http://spellads.com
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Authorization
expires
0
/
ua.yektanet.com/cookie/iframe/ Frame B3EC 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ua.yektanet.com/cookie/iframe/
Requested by
Host: cdn.yektanet.com
URL: https://cdn.yektanet.com/rg_woebegone/scripts_v4/pijZHGAR/complete.js?v=2023-12-21T10
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.143.233.120 , Iran, Islamic Republic Of, ASN205585 (ARVANCLOUD-CDN-, IR),
Reverse DNS
Software
ArvanCloud /
Resource Hash
ec23baab8cd3483c4877e0e191853c7566fef52363c7abf347286f63a93b9c99
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://spellads.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
content-encoding
br
content-type
text/html
date
Thu, 21 Dec 2023 10:11:26 GMT
expires
0
last-modified
Thursday, 21-Dec-2023 10:11:26 GMT
pragma
no-cache
server
ArvanCloud
server-timing
total;dur=153
vary
Accept-Encoding
x-cache
BYPASS
x-request-id
1f5b9fbf1accdcf3565f376693488179
x-sid
4107
x-xss-protection
1; mode=block
__fake.gif
ua.yektanet.com/ 		42 B
688 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://ua.yektanet.com/__fake.gif?aa=event&abe=L&abf=978fc4e2-d003-49b7-a8c1-3f3e4796d8a2&abj=1&aed=pub&abh=&sv=4&st=complete.js&psc=694&psi=745&ac=http%3A%2F%2Fspellads.com%2F&ae=%7B%7D&ad=spellads.com&as=&aef=pijZHGAR&aec=277640&ai=c4102b49-9917-8545-834b-e422bf327ce2&abw=1584&abb=76&aby=1600&abz=1200&al=1600&am=1200&abk=Test
Requested by
Host: cdn.yektanet.com
URL: https://cdn.yektanet.com/rg_woebegone/scripts_v4/pijZHGAR/complete.js?v=2023-12-21T10
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.143.233.120 , Iran, Islamic Republic Of, ASN205585 (ARVANCLOUD-CDN-, IR),
Reverse DNS
Software
ArvanCloud /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://spellads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires
0
pragma
no-cache
date
Thu, 21 Dec 2023 10:11:26 GMT
last-modified
Thursday, 21-Dec-2023 10:11:26 GMT
server
ArvanCloud
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
server-timing
total;dur=153
accept-ranges
bytes
content-length
42
x-xss-protection
1; mode=block
x-request-id
905abfd1dcc5fd15bc3bface1918bd9d
x-sid
4107
set
ua.yektanet.com/cookie/ Frame B3EC 		74 B
797 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ua.yektanet.com/cookie/set
Requested by
Host: ua.yektanet.com
URL: https://ua.yektanet.com/cookie/iframe/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.143.233.120 , Iran, Islamic Republic Of, ASN205585 (ARVANCLOUD-CDN-, IR),
Reverse DNS
Software
ArvanCloud /
Resource Hash
47bc06af8c5cc306fa3dbd09f66ddeef0743f5e68f972b8d60aa9596eb48af23
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ua.yektanet.com/cookie/iframe/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 21 Dec 2023 10:11:26 GMT
content-encoding
br
x-cache
BYPASS
server-timing
total;dur=88
x-xss-protection
1; mode=block
x-request-id
00b59e0d8e0a2bfef1899f4eb674a314
x-sid
4107
pragma
no-cache
last-modified
Thursday, 21-Dec-2023 10:11:26 GMT
server
ArvanCloud
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
expires
0

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| configFile object| Najva object| ynWebpackJsonp boolean| yektanet_ua-script-pijZHGAR_is_loaded function| yektanet

7 Cookies

Domain/Path Name / Value
.yektanet.com/ Name: gearbox_ad_token
Value: ec5d8aa6-c97c-4a8d-9cc3-9f13b842d350
.yektanet.com/ Name: analytics_global_token
Value: ec5d8aa6-c97c-4a8d-9cc3-9f13b842d350
spellads.com/ Name: analytics_token
Value: 933a0eb4-c35b-f053-45d6-95952f7462d7
spellads.com/ Name: analytics_session_token
Value: c4102b49-9917-8545-834b-e422bf327ce2
spellads.com/ Name: yektanet_session_last_activity
Value: 12/21/2023
spellads.com/ Name: _yngt_iframe
Value: 1
spellads.com/ Name: _yngt
Value: ec5d8aa6-c97c-4a8d-9cc3-9f13b842d350

1 Console Messages

Source Level URL
Text
network error URL: https://cookie.najva.com/matching/?yektanet_user_id=ec5d8aa6-c97c-4a8d-9cc3-9f13b842d350&njc=
Message:
Failed to load resource: the server responded with a status of 503 ()