t0v6b0i9.aacdn.net Open in urlscan Pro
2a02:6ea0:c700::22 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s.tf4srv.com/cimp.php?data=TVRjeE1qYzFOakEzTW53Mk5tWXlNVFkxWWpnMVltVmhOV1prTWpJek0yRmxZVGs0T0RrME1tSmtOUS0tfC...
Effective URL:
https://t0v6b0i9.aacdn.net/library/3932/f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif
Submission: On April 10 via manual (April 10th 2024, 1:38:21 pm UTC) from BG — Scanned from NL

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 2a02:6ea0:c700::22, located in Frankfurt am Main, Germany and belongs to CDN77 _, GB. The main domain is t0v6b0i9.aacdn.net. The Cisco Umbrella rank of the primary domain is 19279.
TLS certificate: Issued by R3 on February 27th 2024. Valid for: 3 months.

This is the only time t0v6b0i9.aacdn.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	95.211.229.245 95.211.229.245	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	2a02:6ea0:c70... 2a02:6ea0:c700::22	60068 (CDN77 _) (CDN77 _)
2	1

1 95.211.229.245 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

s.tf4srv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6ea0:c700::22 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)

t0v6b0i9.aacdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	aacdn.net t0v6b0i9.aacdn.net — Cisco Umbrella Rank: 19279	98 KB
1	tf4srv.com 1 redirects s.tf4srv.com — Cisco Umbrella Rank: 19012	640 B
2	2

	Domain	Requested by
2	t0v6b0i9.aacdn.net
1	s.tf4srv.com	1 redirects
2	2

This site contains no links.

Subject Issuer	Validity	Valid
aacdn.net R3	`2024-02-27` - `2024-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://t0v6b0i9.aacdn.net/library/3932/f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif
Frame ID: 3CE1DC9B7655308B9871595FD4436A99
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif (300×250)

Page URL History Show full URLs

https://s.tf4srv.com/cimp.php?data=TVRjeE1qYzFOakEzTW53Mk5tWXlNVFkxWWpnMVltVmhOV1prTWpJek0yRmxZVG... HTTP 302
https://t0v6b0i9.aacdn.net/library/3932/f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif Page URL

Page Statistics

2
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

98 kB
Transfer

97 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s.tf4srv.com/cimp.php?data=TVRjeE1qYzFOakEzTW53Mk5tWXlNVFkxWWpnMVltVmhOV1prTWpJek0yRmxZVGs0T0RrME1tSmtOUS0tfC9saWJyYXJ5LzM5MzIvZjZkYjhmNWZkNzY1OWNlNzUyYjkwYzMyNWJiNGQ1MGI1ZDdkYWZjNS5naWZ8aHR0cHN8MTMwLjIwNC4xMDUuNTF8QkdSfDI0fHh2aWRlb3MuY29tfDM5MzJ8NHw0fDZ8ODV8NDAzMHwyNTE4OHw0MHw1fDB8Mzc4fDM2OTU5MzcyfDQzNzU2NDZ8MC44MTl8MTAwfFVTRHxVU0R8MXwxfDIxfDMwMHgyNTB8Njl8QkdSfHx8NHwxfHw2NjE2OTU2ODMwZTcyNy4xMTc5Njc4OTI1ODM2NzE5MXw0YzA2OGMwZTk4ZjQ5NDkzZmRmOWMxY2UwYjNmZTY3NHwxfDB8eHZpZGVvcy5jb218MHwwfDB8MC4wMXwxfDJ8ZXhjaGFuZ2VfYmFubmVyfDB8MHw3MzEwNjF8LTF8MHw3MjcwMTF8fHwyfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjIuMC4wLjAgU2FmYXJpLzUzNy4zNiBPUFIvMTA4LjAuMC4wfHwyNHwwfDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHw5NnxPS3wxOWY0OTNmZGYxNDYzYWMyNzgxNTkxYzRjODg0ZjRkMw-- HTTP 302
https://t0v6b0i9.aacdn.net/library/3932/f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif Show response t0v6b0i9.aacdn.net/library/3932/ Redirect Chain https://s.tf4srv.com/cimp.php?data=TVRjeE1qYzFOakEzTW53Mk5tWXlNVFkxWWpnMVltVmhOV1prTWpJek0yRmxZVGs0T0RrME1tSmtOUS0tfC9saWJyYXJ5LzM5MzIvZjZkYjhmNWZkNzY1OWNlNzUyYjkwYzMyNWJiNGQ1MGI1ZDdkYWZjNS5naWZ8aH... https://t0v6b0i9.aacdn.net/library/3932/f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif	96 KB 96 KB	77ms 20ms	Document image/gif	2a02:6ea0:c700::22 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://t0v6b0i9.aacdn.net/library/3932/f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software CDN77-Turbo / Resource Hash `0c49131f724791386fbe82b6ffecea0efc4dc2de5c24a7703782279ea4ebe084` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language nl-NL,nl;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ch Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version accept-ranges bytes access-control-allow-origin * cache-control max-age=31536000 content-length 97962 content-type image/gif date Wed, 10 Apr 2024 13:38:17 GMT etag "65cb6ec5-17eaa" expires Wed, 12 Feb 2025 13:35:39 GMT last-modified Tue, 13 Feb 2024 13:29:41 GMT server CDN77-Turbo x-77-age 4924958 x-77-cache HIT x-77-nzt EgwB1GY4tAH3kJg7AAwBisclwQH3jo0PAA x-77-nzt-ray 6d204d1155dc242349961666bcb98c18 x-77-pop frankfurtDE x-accel-date 1708850617 x-accel-expires @1739367339 x-age 3905680 x-cache HIT x-robots-tag noindex, follow Redirect headers Accept-CH Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version Connection keep-alive Content-Type text/html; charset=UTF-8 Date Wed, 10 Apr 2024 13:38:17 GMT Location https://t0v6b0i9.aacdn.net/library/3932/f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif Server nginx Transfer-Encoding chunked X-Robots-Tag noindex, follow
GET H2	404	favicon.ico t0v6b0i9.aacdn.net/	2 KB 2 KB	21ms 21ms	Other text/html	2a02:6ea0:c700::22 CDN77 _
General Check archive.org Show headers Download Go to Full URL https://t0v6b0i9.aacdn.net/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB), Reverse DNS Software CDN77-Turbo / Resource Hash `7f6d0e9efc4e69263c5e868d8bf88fd26509b0ce012aa4c9b4ce1bbf7f4869dd` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" accept-language nl-NL,nl;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform-version "10.0.0" Referer https://t0v6b0i9.aacdn.net/library/3932/f6db8f5fd7659ce752b90c325bb4d50b5d7dafc5.gif sec-ch-ua-full-version-list "Google Chrome";v="123.0.6312.105", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.105" sec-ch-ua-model "" sec-ch-ua-platform "Win32" Response headers x-77-nzt EgwB1GY4tAGzDCIAAAwBisclxAH3IAAAAA x-accel-expires @1712756325 date Wed, 10 Apr 2024 13:38:17 GMT x-77-pop frankfurtDE x-77-age 8748 accept-ch server CDN77-Turbo x-77-nzt-ray 6d204d1155dc24234996166633c75a1f x-77-cache HIT content-type text/html x-cache EXPIRED x-age 8716 x-accel-date 1712747581

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.tf4srv.com/	1970-01-21 05:21:56	Name: __uvt Value: a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22661696495274e4.149197731291045893%22%3B%7D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://t0v6b0i9.aacdn.net/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s.tf4srv.com
t0v6b0i9.aacdn.net
2a02:6ea0:c700::22
95.211.229.245
0c49131f724791386fbe82b6ffecea0efc4dc2de5c24a7703782279ea4ebe084
7f6d0e9efc4e69263c5e868d8bf88fd26509b0ce012aa4c9b4ce1bbf7f4869dd

t0v6b0i9.aacdn.net Open in urlscan Pro 2a02:6ea0:c700::22 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

98 kBTransfer

97 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

t0v6b0i9.aacdn.net Open in urlscan Pro
2a02:6ea0:c700::22 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

98 kB
Transfer

97 kB
Size

1
Cookies

2 HTTP transactions
0 data transactions