urlscan.io logo urlscan.io
SecurityTrails logo

visitrotator2.com Open in urlscan Pro
2606:4700:20::681a:9d7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://goo.gl/qVnoPb?bWFyY3RvbmdsZXQlNDBob3RtYWlsLmNvbQ==
Effective URL: http://visitrotator2.com/api/remove.php
Submission: On April 15 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 2606:4700:20::681a:9d7, located in United States and belongs to CLOUDFLARENET, US. The main domain is visitrotator2.com.
This is the only time visitrotator2.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 2a00:1450:400... 15169 (GOOGLE)
1 46.249.48.11 50673 (SERVERIUS-AS)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 209.197.3.15 20446 (HIGHWINDS3)
4 3
Apex Domain
Subdomains		 Transfer
2 visitrotator2.com
visitrotator2.com
2 KB
2 goo.gl
goo.gl
1 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com
23 KB
1 leenadigsya.us
leenadigsya.us
930 B
4 4
Domain Requested by
2 visitrotator2.com leenadigsya.us
visitrotator2.com
2 goo.gl 2 redirects
1 stackpath.bootstrapcdn.com visitrotator2.com
1 leenadigsya.us
4 4

This site contains no links.

Subject Issuer Validity Valid
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh

This page contains 1 frames:

Primary Page: http://visitrotator2.com/api/remove.php
Frame ID: BC368CA4F112E7B1B90EC180ED2F2402
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://goo.gl/qVnoPb?bWFyY3RvbmdsZXQlNDBob3RtYWlsLmNvbQ== HTTP 302
    http://leenadigsya.us/?&nbugd Page URL
  2. https://goo.gl/wU1LfL HTTP 302
    http://visitrotator2.com/api/unsub.php?affid=1004dtQtx-foinwefo Page URL
  3. http://visitrotator2.com/api/remove.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

25 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

26 kB
Transfer

153 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://goo.gl/qVnoPb?bWFyY3RvbmdsZXQlNDBob3RtYWlsLmNvbQ== HTTP 302
    http://leenadigsya.us/?&nbugd Page URL
  2. https://goo.gl/wU1LfL HTTP 302
    http://visitrotator2.com/api/unsub.php?affid=1004dtQtx-foinwefo Page URL
  3. http://visitrotator2.com/api/remove.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://goo.gl/qVnoPb?bWFyY3RvbmdsZXQlNDBob3RtYWlsLmNvbQ== HTTP 302
  • http://leenadigsya.us/?&nbugd
Request Chain 1
  • https://goo.gl/wU1LfL HTTP 302
  • http://visitrotator2.com/api/unsub.php?affid=1004dtQtx-foinwefo

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
leenadigsya.us/
Redirect Chain
  • https://goo.gl/qVnoPb?bWFyY3RvbmdsZXQlNDBob3RtYWlsLmNvbQ==
  • http://leenadigsya.us/?&nbugd
720 B
930 B 		Document
General
Check archive.org
Download Go to
Full URL
http://leenadigsya.us/?&nbugd
Protocol
HTTP/1.1
Server
46.249.48.11 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
amsdemo-web01.rackco.com
Software
nginx / PHP/5.4.16 PleskLin
Resource Hash

Request headers

Host
leenadigsya.us
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx
Date
Wed, 15 Apr 2020 12:48:39 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/5.4.16 PleskLin

Redirect headers

status
302
content-type
application/binary
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Apr 2020 12:48:39 GMT
location
http://leenadigsya.us/?&nbugd
strict-transport-security
max-age=31536000
content-security-policy
script-src 'report-sample' 'nonce-rkG8CK0Vhh4RsdIC1inf2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' script-src 'nonce-rkG8CK0Vhh4RsdIC1inf2g' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport
server
ESF
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
Cookie set unsub.php
visitrotator2.com/api/
Redirect Chain
  • https://goo.gl/wU1LfL
  • http://visitrotator2.com/api/unsub.php?affid=1004dtQtx-foinwefo
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://visitrotator2.com/api/unsub.php?affid=1004dtQtx-foinwefo
Requested by
Host: leenadigsya.us
URL: http://leenadigsya.us/?&nbugd
Protocol
HTTP/1.1
Server
2606:4700:20::681a:9d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.24 PleskLin
Resource Hash

Request headers

Host
visitrotator2.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://leenadigsya.us/?&nbugd
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://leenadigsya.us/?&nbugd

Response headers

Date
Wed, 15 Apr 2020 12:48:39 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d00be03675a4c1e3291d60946225fe6ae1586954919; expires=Fri, 15-May-20 12:48:39 GMT; path=/; domain=.visitrotator2.com; HttpOnly; SameSite=Lax
X-Powered-By
PHP/7.2.24 PleskLin
CF-Cache-Status
DYNAMIC
Server
cloudflare
CF-RAY
5845c838496e1752-FRA
Content-Encoding
gzip
cf-request-id
021f7b77310000175211139200000001

Redirect headers

status
302
content-type
application/binary
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Apr 2020 12:48:39 GMT
location
http://visitrotator2.com/api/unsub.php?affid=1004dtQtx-foinwefo
strict-transport-security
max-age=31536000
content-security-policy
script-src 'report-sample' 'nonce-mKOFZLX1NRyb7F++Dh4m5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' script-src 'nonce-mKOFZLX1NRyb7F++Dh4m5A' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport
server
ESF
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
Primary Request Cookie set remove.php
visitrotator2.com/api/ 		963 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://visitrotator2.com/api/remove.php
Requested by
Host: visitrotator2.com
URL: http://visitrotator2.com/api/unsub.php?affid=1004dtQtx-foinwefo
Protocol
HTTP/1.1
Server
2606:4700:20::681a:9d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.24 PleskLin
Resource Hash
3a08312068e34b88631ab61e812645fe871260bd33d8f3ca0d7f2a35ee1f15fd

Request headers

Host
visitrotator2.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://visitrotator2.com/api/unsub.php?affid=1004dtQtx-foinwefo
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
__cfduid=d00be03675a4c1e3291d60946225fe6ae1586954919
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://visitrotator2.com/api/unsub.php?affid=1004dtQtx-foinwefo

Response headers

Date
Wed, 15 Apr 2020 12:48:39 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.2.24 PleskLin
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=l931ruao87dlgvepc18jqrdq1n; path=/
CF-Cache-Status
DYNAMIC
Server
cloudflare
CF-RAY
5845c8390b8e1752-FRA
Content-Encoding
gzip
cf-request-id
021f7b77a20000175211141200000001
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/ 		150 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css
Requested by
Host: visitrotator2.com
URL: http://visitrotator2.com/api/remove.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
vip0x00f.map2.ssl.hwcdn.net
Software
/
Resource Hash
6b3bef53dc4a96ec07149d02a60b5fd026332bbce0b4ece79f3c55e3ddb85f5c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://visitrotator2.com/api/remove.php
Origin
http://visitrotator2.com

Response headers

date
Wed, 15 Apr 2020 12:48:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 21 Dec 2018 19:19:47 GMT
status
200
etag
"1545419987"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
22972

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

2 Cookies

Domain/Path Name / Value
visitrotator2.com/ Name: PHPSESSID
Value: l931ruao87dlgvepc18jqrdq1n
.visitrotator2.com/ Name: __cfduid
Value: d00be03675a4c1e3291d60946225fe6ae1586954919

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

goo.gl
leenadigsya.us
stackpath.bootstrapcdn.com
visitrotator2.com
209.197.3.15
2606:4700:20::681a:9d7
2a00:1450:4001:809::200e
46.249.48.11
3a08312068e34b88631ab61e812645fe871260bd33d8f3ca0d7f2a35ee1f15fd
6b3bef53dc4a96ec07149d02a60b5fd026332bbce0b4ece79f3c55e3ddb85f5c