urlscan.io logo urlscan.io
SecurityTrails logo

redeem-rbx.mexican32.repl.co Open in urlscan Pro
34.23.149.162  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://redeem-rbx.mexican32.repl.co/
Effective URL: https://redeem-rbx.mexican32.repl.co/
Submission: On December 27 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 7 HTTP transactions. The main IP is 34.23.149.162, located in North Charleston, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is redeem-rbx.mexican32.repl.co.
TLS certificate: Issued by R3 on November 8th 2023. Valid for: 3 months.
This is the only time redeem-rbx.mexican32.repl.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 34.23.149.162 396982 (GOOGLE-CL...)
1 162.159.128.232 13335 (CLOUDFLAR...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 1 34.90.81.51 396982 (GOOGLE-CL...)
1 107.21.90.71 14618 (AMAZON-AES)
1 2 3.120.58.45 16509 (AMAZON-02)
7 7
2    34.23.149.162 (North Charleston, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 162.149.23.34.bc.googleusercontent.com
redeem-rbx.mexican32.repl.co
1    162.159.128.232 (None, )

ASN13335 (CLOUDFLARENET, US)
media.discordapp.net
1    2a02:26f0:3500:11::215:14c6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn-icons-png.flaticon.com
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
singingfiles.com
1    34.90.81.51 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.81.90.34.bc.googleusercontent.com
m.mbuncha.com
1    107.21.90.71 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-90-71.compute-1.amazonaws.com
www.getgx.net
2    3.120.58.45 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-58-45.eu-central-1.compute.amazonaws.com
www.opera.com
Apex Domain
Subdomains		 Transfer
2 opera.com
www.opera.com — Cisco Umbrella Rank: 37064
410 B
2 repl.co
redeem-rbx.mexican32.repl.co
8 KB
1 getgx.net
www.getgx.net — Cisco Umbrella Rank: 721600
568 B
1 mbuncha.com
m.mbuncha.com
354 B
1 singingfiles.com
singingfiles.com
735 B
1 flaticon.com
cdn-icons-png.flaticon.com — Cisco Umbrella Rank: 41675
23 KB
1 discordapp.net
media.discordapp.net — Cisco Umbrella Rank: 5449
177 KB
7 7
Domain Requested by
2 www.opera.com 1 redirects www.getgx.net
2 redeem-rbx.mexican32.repl.co 1 redirects
1 www.getgx.net singingfiles.com
1 m.mbuncha.com 1 redirects
1 singingfiles.com redeem-rbx.mexican32.repl.co
1 cdn-icons-png.flaticon.com redeem-rbx.mexican32.repl.co
1 media.discordapp.net redeem-rbx.mexican32.repl.co
7 7

This site contains no links.

Subject Issuer Validity Valid
mexican32.repl.co
R3		 2023-11-08 -
2024-02-06		 3 months crt.sh
discordapp.net
Cloudflare Inc ECC CA-3		 2023-09-03 -
2024-09-02		 a year crt.sh
*.flaticon.com
R3		 2023-11-25 -
2024-02-23		 3 months crt.sh
singingfiles.com
E1		 2023-12-03 -
2024-03-02		 3 months crt.sh
getgx.net
Amazon RSA 2048 M02		 2023-07-18 -
2024-08-15		 a year crt.sh
www.opera.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-23 -
2024-07-02		 a year crt.sh

This page contains 2 frames:

Primary Page: https://redeem-rbx.mexican32.repl.co/
Frame ID: 6C5E1250DE9F640AF88B13D7E5975BFE
Requests: 3 HTTP requests in this frame

Frame: https://www.opera.com/de/gx?edition=std-1&utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_DE_LVR_OOM&utm_id=04aeb1db2663486685096512fe94272c
Frame ID: 2F278B84EE7C88A8219671DFC7A930E1
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Claim Your Robux

Page URL History Show full URLs

  1. http://redeem-rbx.mexican32.repl.co/ HTTP 308
    https://redeem-rbx.mexican32.repl.co/ Page URL

Page Statistics

7
Requests

86 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

209 kB
Transfer

207 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://redeem-rbx.mexican32.repl.co/ HTTP 308
    https://redeem-rbx.mexican32.repl.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://m.mbuncha.com/click?pid=701&offer_id=81385&sub1=1239812822&sub5=1889272 HTTP 302
  • https://www.getgx.net/21CGSFL/K76MF17/?sub1=701_1889272&sub2=658c64fb5a03df00012963e5
Request Chain 4
  • https://www.opera.com/gx?utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_DE_LVR_OOM&utm_id=04aeb1db2663486685096512fe94272c&edition=std-1 HTTP 302
  • https://www.opera.com/de/gx?edition=std-1&utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_DE_LVR_OOM&utm_id=04aeb1db2663486685096512fe94272c

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
redeem-rbx.mexican32.repl.co/
Redirect Chain
  • http://redeem-rbx.mexican32.repl.co/
  • https://redeem-rbx.mexican32.repl.co/
7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://redeem-rbx.mexican32.repl.co/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.23.149.162 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
162.149.23.34.bc.googleusercontent.com
Software
/
Resource Hash
ea4d8a8074dbd90fdf41b613dd166d9d8b6437fb432b9826156c9bbe68e9c326
Security Headers
Name Value
Strict-Transport-Security max-age=3494243; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Content-Length
7369
Content-Type
text/html; charset=utf-8
Date
Wed, 27 Dec 2023 17:55:07 GMT
Expect-Ct
max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Replit-Cluster
worf
Strict-Transport-Security
max-age=3494243; includeSubDomains

Redirect headers

Content-Length
73
Content-Type
text/html; charset=utf-8
Date
Wed, 27 Dec 2023 17:55:06 GMT
Location
https://redeem-rbx.mexican32.repl.co/
Replit-Cluster
worf
123-1236193_keyart-character-builderman-roblox-character-hd-png-download-removebg-preview.png
media.discordapp.net/attachments/1151092292321542196/1153430060011892868/ 		176 KB
177 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.discordapp.net/attachments/1151092292321542196/1153430060011892868/123-1236193_keyart-character-builderman-roblox-character-hd-png-download-removebg-preview.png?width=477&height=608
Requested by
Host: redeem-rbx.mexican32.repl.co
URL: https://redeem-rbx.mexican32.repl.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.232 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7ca6f428af8f28bfd55607ff4e2038df55a2795c3abfadf0dccc18e8450c03a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://redeem-rbx.mexican32.repl.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 17:55:07 GMT
cf-cache-status
HIT
last-modified
Mon, 18 Sep 2023 20:39:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2Fpsv09jbmY9EhpzsINmeMr4IMiH4qPQTRzNfBKJTqRdRFWp%2B0snjKnM3GjMnGQ1hWIX3MxC1fUxlfGwlRRN7SUFbw9HQlaTWS0rZd1fq9FPWEhfgDb%2BvO3b7SXt1LTiIw4K95sW"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes, bytes
cf-ray
83c36ec3fca83608-FRA
x-robots-tag
noindex, nofollow, noarchive, nocache, noimageindex, noodp
content-length
180302
expires
Thu, 26 Dec 2024 17:55:07 GMT
3305803.png
cdn-icons-png.flaticon.com/512/3305/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-icons-png.flaticon.com/512/3305/3305803.png
Requested by
Host: redeem-rbx.mexican32.repl.co
URL: https://redeem-rbx.mexican32.repl.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14c6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
71d3047566e401a76835d2f0916d49a759dba69e2f62c2e416f6659450eb2fde

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://redeem-rbx.mexican32.repl.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 17:55:07 GMT
x-amz-meta-goog-reserved-file-mtime
1596203051
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
23505
pragma
public
last-modified
Mon, 18 Sep 2023 23:12:43 GMT
etag
"703f935c30dd1dbc01d99ec6266efecf"
vary
Accept-Encoding
x-goog-generation
1695078763301965
content-type
image/png
access-control-allow-origin
*
x-default-rule
YES
cache-control
public, max-age=31536000
x-goog-stored-content-length
23505
x-amz-checksum-crc32c
k2AtZQ==
accept-ranges
bytes
x-amz-meta-x-goog-reserved-source-generation
1634217539980216
expires
Wed, 27 Dec 2023 17:55:07 GMT
show.php
singingfiles.com/ Frame 2F27 		615 B
735 B 		Document
General
Check archive.org
Download Go to
Full URL
https://singingfiles.com/show.php?l=0&u=1889272&id=54983
Requested by
Host: redeem-rbx.mexican32.repl.co
URL: https://redeem-rbx.mexican32.repl.co/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d06f682db7663858798b39ef842238caf8b0b506ab068a66499131f061c0015f

Request headers

Referer
https://redeem-rbx.mexican32.repl.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
83c36ec3fb9a5d7e-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 27 Dec 2023 17:55:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o8he8dc3rjc3EQjlyg7GJeqnoSbRb4PspNjqI%2F69kieD8%2FJfPJQCZmu9XNK7PEHlfAZLrntxLXzxqqmvX4UnlYUwWVpLaKKpfVATJoq7xmUE92%2FQUUqXaWY6EnL4SBKhdDpzcxDaNb5fjijKWJkL"}],"group":"cf-nel","max_age":604800}
server
cloudflare
/
www.getgx.net/21CGSFL/K76MF17/ Frame 2F27
Redirect Chain
  • https://m.mbuncha.com/click?pid=701&offer_id=81385&sub1=1239812822&sub5=1889272
  • https://www.getgx.net/21CGSFL/K76MF17/?sub1=701_1889272&sub2=658c64fb5a03df00012963e5
473 B
568 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.getgx.net/21CGSFL/K76MF17/?sub1=701_1889272&sub2=658c64fb5a03df00012963e5
Requested by
Host: singingfiles.com
URL: https://singingfiles.com/show.php?l=0&u=1889272&id=54983
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.21.90.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-90-71.compute-1.amazonaws.com
Software
/
Resource Hash
c59c09bf774022c8a9bbd836cd8cfc783ebfa2f5312d097ce772552094d9c696

Request headers

Referer
https://singingfiles.com/show.php?l=0&u=1889272&id=54983
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

apigw-requestid
QnS3dhEkIAMESuw=
content-length
473
content-type
text/html
date
Wed, 27 Dec 2023 17:55:08 GMT

Redirect headers

access-control-allow-origin
*
content-length
0
date
Wed, 27 Dec 2023 17:55:07 GMT
location
https://www.getgx.net/21CGSFL/K76MF17/?sub1=701_1889272&sub2=658c64fb5a03df00012963e5
referer
referrer-policy
no-referrer
server
nginx
x-adjust-use-original-forwarded-for
1
gx
www.opera.com/de/ Frame 2F27
Redirect Chain
  • https://www.opera.com/gx?utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_DE_LVR_OOM&utm_id=04aeb1db2663486685096512fe94272c&edition=std-1
  • https://www.opera.com/de/gx?edition=std-1&utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_DE_LVR_OOM&utm_id=04aeb1db2663486685096512fe94272c
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.opera.com/de/gx?edition=std-1&utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_DE_LVR_OOM&utm_id=04aeb1db2663486685096512fe94272c
Requested by
Host: www.getgx.net
URL: https://www.getgx.net/21CGSFL/K76MF17/?sub1=701_1889272&sub2=658c64fb5a03df00012963e5
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
3.120.58.45 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-58-45.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.getgx.net/21CGSFL/K76MF17/?sub1=701_1889272&sub2=658c64fb5a03df00012963e5
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=3600
content-encoding
gzip
content-language
de
content-security-policy
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Wed, 27 Dec 2023 17:55:08 GMT
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

cache-control
max-age=0
content-language
en
content-length
0
content-security-policy
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Wed, 27 Dec 2023 17:55:08 GMT
location
https://www.opera.com/de/gx?edition=std-1&utm_source=PWNgames3&utm_medium=pa&utm_campaign=PWN_DE_LVR_OOM&utm_id=04aeb1db2663486685096512fe94272c
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| showInviteOptions function| showDiscordUsername function| showLoadingScreen function| showIframe

3 Cookies

Domain/Path Name / Value
.discordapp.net/ Name: __cfruid
Value: f92326c228a3c9204be8a3aad6233bc558e6e800-1703699707
m.mbuncha.com/ Name: afclick
Value: 658c64fb5a03df00012963e5
m.mbuncha.com/ Name: afoffers
Value: {"81385":1703699707}

1 Console Messages

Source Level URL
Text
security error
Message:
Refused to frame 'https://www.opera.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://*.opera.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=3494243; includeSubDomains