joy.riehofaverpass.tk

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3033::ac43:8b3e, located in United States and belongs to CLOUDFLARENET, US. The main domain is joy.riehofaverpass.tk.
TLS certificate: Issued by E1 on August 15th 2023. Valid for: 3 months.

This is the only time joy.riehofaverpass.tk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3033::ac43:8b3e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7d9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:247b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.225.137.121 3.225.137.121	14618 (AMAZON-AES) (AMAZON-AES)
4	4

1 2606:4700:3033::ac43:8b3e (United States)

ASN13335 (CLOUDFLARENET, US)

joy.riehofaverpass.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7d9 (United States)

ASN13335 (CLOUDFLARENET, US)

www.macleans.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:247b (United States)

ASN13335 (CLOUDFLARENET, US)

www.newmarket.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.225.137.121 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-137-121.compute-1.amazonaws.com

via.placeholder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	placeholder.com via.placeholder.com — Cisco Umbrella Rank: 32087	606 B
1	newmarket.ca www.newmarket.ca	226 KB
1	macleans.ca www.macleans.ca	3 MB
1	riehofaverpass.tk joy.riehofaverpass.tk	9 KB
4	4

	Domain	Requested by
1	via.placeholder.com	joy.riehofaverpass.tk
1	www.newmarket.ca	joy.riehofaverpass.tk
1	www.macleans.ca	joy.riehofaverpass.tk
1	joy.riehofaverpass.tk
4	4

This site contains no links.

Subject Issuer	Validity	Valid
riehofaverpass.tk E1	`2023-08-15` - `2023-11-13`	3 months	crt.sh
macleans.ca Cloudflare Inc ECC CA-3	`2023-06-22` - `2024-06-20`	a year	crt.sh
newmarket.ca GTS CA 1P5	`2023-07-11` - `2023-10-09`	3 months	crt.sh
placeholder.com Amazon RSA 2048 M01	`2023-01-25` - `2024-02-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://joy.riehofaverpass.tk/
Frame ID: 0428701B0F7D843981FDE01871D8C2A1
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Separation Agreements in Ontario

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

4
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

3003 kB
Transfer

3015 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
joy.riehofaverpass.tk/ 26 KB
9 KB 216ms
172ms Document
text/html 2606:4700:3033::ac43:8b3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://joy.riehofaverpass.tk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:8b3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8934f353f699fb1d19c811ab6da5ba0339a4adb318bcbdc3816a2f9494802bfc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f925297c90d42e4-EWR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 19 Aug 2023 12:15:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2BBG0zKrEQeSCMEr%2B69Gqkrs8Kh44FqWAVpgpOY9ozqbiTPX7PcUPgMDapcA6IH%2F8K041MTU2%2FZ5XmZod9g2Eg3FqNvqJ11Kkbe8Zi7hG6bvJG2WNv7HpbS6xsnSmasO82iekq%2FQYhoNzd6k1FNLU9LAj0A%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 QUARANTINE-NATION-STAY-HOME-HUTCHINS-APR3.jpg
www.macleans.ca/wp-content/uploads/2020/04/ 3 MB
3 MB 72ms
48ms Image
image/jpeg 2606:4700::6812:7d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.macleans.ca/wp-content/uploads/2020/04/QUARANTINE-NATION-STAY-HOME-HUTCHINS-APR3.jpg

Requested by

Host: joy.riehofaverpass.tk
URL: https://joy.riehofaverpass.tk/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37b2fd58826b34bc6a96143578da1428c303ffe4cc0d6e605685b3082f126f93

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://joy.riehofaverpass.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 12:15:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp
alt-svc: h3=":443"; ma=86400
content-length: 2829654
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 03 Apr 2020 18:03:45 GMT
server: cloudflare
etag: "5e877a81-2b2d56"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7f9252990ef6c448-EWR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 GuyCouple.jpg
www.newmarket.ca/LivingHere/PublishingImages/Pages/Civil-Ceremony-Booking0925-3615/ 226 KB
226 KB 315ms
277ms Image
image/jpeg 2606:4700:10::ac43:247b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.newmarket.ca/LivingHere/PublishingImages/Pages/Civil-Ceremony-Booking0925-3615/GuyCouple.jpg

Requested by

Host: joy.riehofaverpass.tk
URL: https://joy.riehofaverpass.tk/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:247b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

ad44c1a248f2472a119a803daffec75d4025310f22217464aac76da075c27bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://joy.riehofaverpass.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

spiislatency: 1
date: Sat, 19 Aug 2023 12:15:33 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
x-powered-by: ASP.NET
x-sharepointhealthscore: 0
resourcetag: rt:B28BBE04-65E6-4E54-A7CC-A87C192C37E6@00000000002
public-extension: http://schemas.microsoft.com/repl-2
request-id: 5bfed1a0-37b9-c072-36e8-764595059b05
content-length: 231043
microsoftsharepointteamservices: 15.0.0.4641
x-ms-invokeapp: 1; RequireReadOnly
sprequestduration: 72
last-modified: Sun, 27 Sep 2015 00:36:35 GMT
server: cloudflare
sprequestguid: 5bfed1a0-37b9-c072-36e8-764595059b05
etag: "{B28BBE04-65E6-4E54-A7CC-A87C192C37E6},2"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: private,max-age=0
accept-ranges: bytes
cf-ray: 7f9252991d1c1a34-EWR
expires: Fri, 04 Aug 2023 12:15:35 GMT

GET
H2 200 50x50
via.placeholder.com/ 480 B
606 B 54ms
30ms Image
image/png 3.225.137.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://via.placeholder.com/50x50
Requested by: Host: joy.riehofaverpass.tk
URL: https://joy.riehofaverpass.tk/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.225.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-225-137-121.compute-1.amazonaws.com
Software: Werkzeug/2.2.2 Python/3.9.16 /
Resource Hash: 3575eeb164c9c40529fd0f26fa91ca3cb1002a99dd3420486fded18662b10d3d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://joy.riehofaverpass.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 12:15:33 GMT
cache-control: public, max-age=31557600
server: Werkzeug/2.2.2 Python/3.9.16
content-length: 480
content-type: image/png

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			joy.riehofaverpass.tk/	1969-12-31 23:59:59	Name: ch1c Value: b
			.macleans.ca/	1970-01-20 14:07:29	Name: __cf_bm Value: srjZoENNkBfH6y84rMejiZXEewCuOtS_uH2Byg41_K4-1692447333-0-ATVVLTAMvVQjF+1iWWTLlXj/vFjxg+q1DGNyLgUAC5+W8CC1iSv2Fz/P+F8+edEu4bx7SU4bi8af6pJA6Pz0TTw=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

joy.riehofaverpass.tk
via.placeholder.com
www.macleans.ca
www.newmarket.ca
2606:4700:10::ac43:247b
2606:4700:3033::ac43:8b3e
2606:4700::6812:7d9
3.225.137.121
3575eeb164c9c40529fd0f26fa91ca3cb1002a99dd3420486fded18662b10d3d
37b2fd58826b34bc6a96143578da1428c303ffe4cc0d6e605685b3082f126f93
8934f353f699fb1d19c811ab6da5ba0339a4adb318bcbdc3816a2f9494802bfc
ad44c1a248f2472a119a803daffec75d4025310f22217464aac76da075c27bee

joy.riehofaverpass.tk Open in urlscan Pro 2606:4700:3033::ac43:8b3e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

4 IPs

1 Countries

3003 kBTransfer

3015 kBSize

2 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

2 Cookies

Indicators

joy.riehofaverpass.tk Open in urlscan Pro
2606:4700:3033::ac43:8b3e Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

3003 kB
Transfer

3015 kB
Size

2
Cookies

4 HTTP transactions
0 data transactions