zarathustra.tor.k0nsl.org

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 104.244.76.245, located in Roost, Luxembourg and belongs to PONYNET - FranTech Solutions, US. The main domain is zarathustra.tor.k0nsl.org.

This is the only time zarathustra.tor.k0nsl.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	104.244.76.245 104.244.76.245	53667 (PONYNET) (PONYNET - FranTech Solutions)
1	143.204.101.113 143.204.101.113	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	63.32.16.90 63.32.16.90	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	3

2 104.244.76.245 (Roost, Luxembourg)

ASN53667 (PONYNET - FranTech Solutions, US)
PTR: zarathustra.tor.k0nsl.org

zarathustra.tor.k0nsl.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.113 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-113.fra50.r.cloudfront.net

media.go2speed.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.16.90 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-63-32-16-90.eu-west-1.compute.amazonaws.com

go.nordvpn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	k0nsl.org zarathustra.tor.k0nsl.org	2 KB
1	nordvpn.net go.nordvpn.net	426 B
1	go2speed.org media.go2speed.org	43 KB
4	3

	Domain	Requested by
2	zarathustra.tor.k0nsl.org	zarathustra.tor.k0nsl.org
1	go.nordvpn.net	zarathustra.tor.k0nsl.org
1	media.go2speed.org	zarathustra.tor.k0nsl.org
4	3

This site contains links to these domains. Also see Links.

Domain
www.torproject.org
go.nordvpn.net

Subject Issuer	Validity	Valid
media.go2speed.org Amazon	`2019-12-01` - `2021-01-01`	a year	crt.sh
go.nordvpn.net Amazon	`2019-03-13` - `2020-04-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://zarathustra.tor.k0nsl.org/
Frame ID: 4285926F6016ADE3F474A0D8040058F1
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

4
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

46 kB
Transfer

45 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.torproject.org/
Title: Tor Anonymity Network

Search URL Search Domain Scan URL

URL: https://www.torproject.org/about/overview
Title: providing privacy

Search URL Search Domain Scan URL

URL: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=30698&source=tor_exit&file_id=23

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.0	200 OK	Primary Request / Show response zarathustra.tor.k0nsl.org/	2 KB 2 KB	66ms 36ms	Document text/html	104.244.76.245 FranTech Solutions
General Check archive.org Show headers Download Go to Full URL http://zarathustra.tor.k0nsl.org/ Protocol HTTP/1.0 Server 104.244.76.245 Roost, Luxembourg, ASN53667 (PONYNET - FranTech Solutions, US), Reverse DNS zarathustra.tor.k0nsl.org Software / Resource Hash `2ef66a762be42a2ca507366996f849b28e7d361abae344a45347018f32f4df1a` Request headers Host zarathustra.tor.k0nsl.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Sat, 18 Jan 2020 02:36:43 GMT Content-Type text/html X-Your-Address-Is 85.159.237.68 Content-Encoding identity Content-Length 2347 Expires Sat, 18 Jan 2020 02:56:43 GMT
GET H/1.0	404 Not found	null zarathustra.tor.k0nsl.org/	0 0	65ms 36ms	Stylesheet text/plain	104.244.76.245 FranTech Solutions
General Check archive.org Show headers Download Go to Full URL http://zarathustra.tor.k0nsl.org/null Requested by Host: zarathustra.tor.k0nsl.org URL: http://zarathustra.tor.k0nsl.org/ Protocol HTTP/1.0 Server 104.244.76.245 Roost, Luxembourg, ASN53667 (PONYNET - FranTech Solutions, US), Reverse DNS zarathustra.tor.k0nsl.org Software / Resource Hash Request headers Referer http://zarathustra.tor.k0nsl.org/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Sat, 18 Jan 2020 02:36:43 GMT
GET H2	200	300x250v10.gif media.go2speed.org/brand/files/nordvpn/15/	43 KB 43 KB	584ms 519ms	Image image/gif	143.204.101.113 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://media.go2speed.org/brand/files/nordvpn/15/300x250v10.gif Requested by Host: zarathustra.tor.k0nsl.org URL: http://zarathustra.tor.k0nsl.org/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.113 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-113.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `433373ab69bd0659231d8d41d3dafb919de9b3c4101c2c3694611a2328825d11` Request headers Referer http://zarathustra.tor.k0nsl.org/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers date Sat, 18 Jan 2020 02:36:44 GMT via 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront) etag "09d8af252c57c0c123a4aae638005b02" last-modified Sat, 10 Aug 2019 10:05:08 GMT server AmazonS3 x-amz-cf-pop FRA50-C1 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/gif status 200 accept-ranges bytes content-length 43557 x-amz-cf-id ZmlndyKl6JnLOIx0I7UUI8e55o6Rhwf7aKNy1q_wZAt-w5SDCVuyAw==
GET H/1.1	200 OK	aff_i go.nordvpn.net/	43 B 426 B	126ms 33ms	Image image/gif	63.32.16.90 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://go.nordvpn.net/aff_i?offer_id=15&file_id=23&aff_id=30698&source=tor_exit Requested by Host: zarathustra.tor.k0nsl.org URL: http://zarathustra.tor.k0nsl.org/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 63.32.16.90 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-63-32-16-90.eu-west-1.compute.amazonaws.com Software nginx/1.13.12 / Resource Hash `ac05f643d51698438fc2504bc237b5a39ce1248b037dbf446aaca4ce65c3182c` Request headers Referer http://zarathustra.tor.k0nsl.org/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Pragma no-cache Date Sat, 18 Jan 2020 02:36:43 GMT Server nginx/1.13.12 tracking_id 102f6a0b1060a375e15141fbc2a080 Content-Type image/gif Access-Control-Allow-Origin * Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Content-Length 43 X-Request-Id d2de59754a8453332cd9b2726ced25da Expires Sat, 26 Jul 1997 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

go.nordvpn.net
media.go2speed.org
zarathustra.tor.k0nsl.org
104.244.76.245
143.204.101.113
63.32.16.90
2ef66a762be42a2ca507366996f849b28e7d361abae344a45347018f32f4df1a
433373ab69bd0659231d8d41d3dafb919de9b3c4101c2c3694611a2328825d11
ac05f643d51698438fc2504bc237b5a39ce1248b037dbf446aaca4ce65c3182c

zarathustra.tor.k0nsl.org Open in urlscan Pro 104.244.76.245 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

4 Requests

50 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

46 kBTransfer

45 kBSize

0 Cookies

3 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

Indicators

zarathustra.tor.k0nsl.org Open in urlscan Pro
104.244.76.245 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

46 kB
Transfer

45 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions