![](/screenshots/ba2417e8-2ad3-49c8-8b63-0556309377d8.png)
marii2.rf.gd
Open in
urlscan Pro
185.27.134.138
Public Scan
Effective URL: https://marii2.rf.gd/?i=1
Submission: On June 20 via api from US — Scanned from GB
Summary
TLS certificate: Issued by WR1 on June 19th 2024. Valid for: 3 months.
This is the only time marii2.rf.gd was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 185.27.134.138 185.27.134.138 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
1 | 172.67.149.50 172.67.149.50 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 216.137.177.184 216.137.177.184 | 55293 (A2HOSTING) (A2HOSTING) | |
1 | 172.93.49.252 172.93.49.252 | 29802 (HVC-AS) (HVC-AS) | |
2 | 70.113.131.52 70.113.131.52 | 11427 (TWC-11427...) (TWC-11427-TEXAS) | |
16 | 5 |
ASN55293 (A2HOSTING, US)
PTR: server.ericexperiment.com
www.oldavista.com |
ASN29802 (HVC-AS, US)
PTR: b2.soutocontabilidade.com
wiby.me |
ASN11427 (TWC-11427-TEXAS, US)
PTR: syn-070-113-131-052.res.spectrum.com
john.citrons.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
rf.gd
marii2.rf.gd |
110 KB |
2 |
citrons.xyz
john.citrons.xyz |
|
1 |
wiby.me
wiby.me |
2 KB |
1 |
oldavista.com
www.oldavista.com |
18 KB |
1 |
websiteout.com
counter.websiteout.com — Cisco Umbrella Rank: 606568 |
6 KB |
16 | 5 |
Domain | Requested by | |
---|---|---|
11 | marii2.rf.gd |
marii2.rf.gd
|
2 | john.citrons.xyz |
marii2.rf.gd
|
1 | wiby.me |
marii2.rf.gd
|
1 | www.oldavista.com |
marii2.rf.gd
|
1 | counter.websiteout.com |
marii2.rf.gd
|
16 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ubuntu.com |
duckdns.org |
www.gimp.org |
wiby.me |
transfem.social |
Subject Issuer | Validity | Valid | |
---|---|---|---|
marii2.rf.gd WR1 |
2024-06-19 - 2024-09-17 |
3 months | crt.sh |
websiteout.com GTS CA 1P5 |
2024-05-02 - 2024-07-31 |
3 months | crt.sh |
www.oldavista.com R3 |
2024-05-09 - 2024-08-07 |
3 months | crt.sh |
wiby.me GoGetSSL RSA DV CA |
2023-08-02 - 2024-07-12 |
a year | crt.sh |
mondecitronne.com R3 |
2024-04-15 - 2024-07-14 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://marii2.rf.gd/?i=1
Frame ID: 1A2F6664AD1C2C9A2F2E9F5B68A44952
Requests: 14 HTTP requests in this frame
Frame:
https://john.citrons.xyz/embed?ref=https://marii2.duckdns.org/
Frame ID: 5FF18C9A74152CE94096F36ECE674F66
Requests: 1 HTTP requests in this frame
Frame:
https://john.citrons.xyz/embed?ref=https://marii2.duckdns.org/
Frame ID: FFFE938E24CA228B6D848054D8668357
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/ba2417e8-2ad3-49c8-8b63-0556309377d8.png)
Page Title
Maricom 2Page URL History Show full URLs
-
http://marii2.rf.gd/
HTTP 307
https://marii2.rf.gd/ Page URL
- https://marii2.rf.gd/?i=1 Page URL
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://marii2.rf.gd/
HTTP 307
https://marii2.rf.gd/ Page URL
- https://marii2.rf.gd/?i=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://marii2.rf.gd/ HTTP 307
- https://marii2.rf.gd/
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
marii2.rf.gd/ Redirect Chain
|
824 B 687 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes.js
marii2.rf.gd/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
marii2.rf.gd/ |
2 KB 960 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
marii2.rf.gd/ |
1 KB 891 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
maricomlogow.svg
marii2.rf.gd/ |
18 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
compte.php
counter.websiteout.com/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ubuntu.png
marii2.rf.gd/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
800x600.gif
www.oldavista.com/assets/ |
18 KB 18 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
duckdns.png
marii2.rf.gd/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gimp.gif
marii2.rf.gd/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wiby.gif
wiby.me/about/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Maricom.svg
marii2.rf.gd/ |
111 KB 63 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
embed
john.citrons.xyz/ Frame 5FF1 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
embed
john.citrons.xyz/ Frame FFFE |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Tab.svg
marii2.rf.gd/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
marii2.rf.gd/ |
1 KB 699 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 undefined| event object| fence object| sharedStorage1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
marii2.rf.gd/ | Name: __test Value: 4716518663edc5f42154dbaa3d2d40af |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
counter.websiteout.com
john.citrons.xyz
marii2.rf.gd
wiby.me
www.oldavista.com
172.67.149.50
172.93.49.252
185.27.134.138
216.137.177.184
70.113.131.52
0dc75db2af4ec04651cf8309617d630e5935fc1308d004563498bee86028a5a5
1e73e121991ee928b25f4d8943e7c379b38a961ee41bb140410a453f7f24aaa3
3afc0e828ff2e831f98c866cb5ceb70456f21f3f147d9c438524b9db70cae0e1
3bc49a95f80ae2b254f0cf7be4675741f6b95e20e0104e7134dc7762266a2618
43eac775d67b2c7e3cf7f1686db87713b8bc9f6d52c69fa4aaf700798abcbf14
44e7ef1bc9f8d26dd1403c1af04e0889d036bcc6d01cac8dce1170afd861ed98
47497ad6951e6426e7d0339258b81d13de0e72c4e86e060a113a6211addab4f2
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96
594456a85814b74c7efbea4ff74275a3f4c5bd7a1dc75e9ec098ebdabbe37863
637a8e32c893cd78eef9b8b728997ee8a02106b1c724993f8a89392707da3688
83aeae91f5f20a4856aebbea2a3eafd34b9466f05fccd68b6d60b271a594ff4f
b50706a974f844ca346d31323d4b8292b178740e33e2fdfe54650d5c3977a5a1
c46cd0720ce2f2b315d527453a8bd9d0f4a9fa135eb1e8edc6d7c8544289bfd0
dd1fd86bf54ff84feb3ec50b4ac25304299f7cd0a5babbb3b77842946b469077