urlscan.io logo urlscan.io
SecurityTrails logo

viid.me Open in urlscan Pro
69.16.230.42  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy
Effective URL: http://viid.me/hqeiV6163d81387c76TAzppmgqGOeWS?r=L3RpLmlsbGF2ZWxsZWRhdHRlenphZy53d3cvLzpzcHR0aA==
Submission: On October 11 via manual from SG — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 4 HTTP transactions. The main IP is 69.16.230.42, located in United States and belongs to LIQUIDWEB, US. The main domain is viid.me.
This is the only time viid.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 62.149.142.137 31034 (ARUBA-ASN)
2 216.58.212.168 15169 (GOOGLE)
1 1 104.26.9.155 13335 (CLOUDFLAR...)
1 69.16.230.42 32244 (LIQUIDWEB)
4 3
Domain Requested by
2 ssl.google-analytics.com www.gazzettadellevalli.it
1 viid.me
1 gestyy.com 1 redirects
1 www.gazzettadellevalli.it
1 gazzettadellevalli.it 1 redirects
4 5

This site contains no links.

Subject Issuer Validity Valid
*.gazzettadellevalli.it
Actalis Domain Validation Server CA G3		 2021-03-28 -
2022-04-28		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh

This page contains 1 frames:

Primary Page: http://viid.me/hqeiV6163d81387c76TAzppmgqGOeWS?r=L3RpLmlsbGF2ZWxsZWRhdHRlenphZy53d3cvLzpzcHR0aA==
Frame ID: 69812310332AF41753B269616A9CB9AF
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy HTTP 301
    https://www.gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy Page URL
  2. https://gestyy.com/epxZoy HTTP 302
    http://viid.me/hqeiV6163d81387c76TAzppmgqGOeWS?r=L3RpLmlsbGF2ZWxsZWRhdHRlenphZy53d3cvLzpzcH... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

4
Requests

75 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

19 kB
Transfer

46 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy HTTP 301
    https://www.gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy Page URL
  2. https://gestyy.com/epxZoy HTTP 302
    http://viid.me/hqeiV6163d81387c76TAzppmgqGOeWS?r=L3RpLmlsbGF2ZWxsZWRhdHRlenphZy53d3cvLzpzcHR0aA== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy HTTP 301
  • https://www.gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
advredirect.php
www.gazzettadellevalli.it/gdv/
Redirect Chain
  • https://gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy
  • https://www.gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy
1001 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.149.142.137 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
webx371.aruba.it
Software
Apache /
Resource Hash
c581f794d1f24ab44035660fc21849b364f91afb83ec6546dbc7f284f4a4eebf

Request headers

:method
GET
:authority
www.gazzettadellevalli.it
:scheme
https
:path
/gdv/advredirect.php?url=https://gestyy.com/epxZoy
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Mon, 11 Oct 2021 06:22:11 GMT
server
Apache
content-type
text/html; charset=UTF-8

Redirect headers

date
Mon, 11 Oct 2021 06:22:11 GMT
server
Apache
location
https://www.gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy
content-length
291
content-type
text/html; charset=iso-8859-1
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: www.gazzettadellevalli.it
URL: https://www.gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.168 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f8.1e100.net
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gazzettadellevalli.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
6078
date
Mon, 11 Oct 2021 04:40:53 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Mon, 11 Oct 2021 06:40:53 GMT
__utm.gif
ssl.google-analytics.com/r/ 		35 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2087646369&utmhn=www.gazzettadellevalli.it&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=251554816&utmr=-&utmp=%2Fgdv%2Fadvredirect.php%3Furl%3Dhttps%3A%2F%2Fgestyy.com%2FepxZoy&utmht=1633933331400&utmac=UA-40694237-1&utmcc=__utma%3D242668180.2057199118.1633933331.1633933331.1633933331.1%3B%2B__utmz%3D242668180.1633933331.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=576777398&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: www.gazzettadellevalli.it
URL: https://www.gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.168 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f8.1e100.net
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gazzettadellevalli.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Oct 2021 06:22:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
Primary Request hqeiV6163d81387c76TAzppmgqGOeWS
viid.me/
Redirect Chain
  • https://gestyy.com/epxZoy
  • http://viid.me/hqeiV6163d81387c76TAzppmgqGOeWS?r=L3RpLmlsbGF2ZWxsZWRhdHRlenphZy53d3cvLzpzcHR0aA==
24 B
315 B 		Document
General
Check archive.org
Download Go to
Full URL
http://viid.me/hqeiV6163d81387c76TAzppmgqGOeWS?r=L3RpLmlsbGF2ZWxsZWRhdHRlenphZy53d3cvLzpzcHR0aA==
Protocol
HTTP/1.1
Server
69.16.230.42 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
lb01.parklogic.com
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 / PHP/5.4.16
Resource Hash
5ab44f257a83c18ca426028e0bf03b9bf2c194c0138c5c704f018cec98bd7650

Request headers

Host
viid.me
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.gazzettadellevalli.it/gdv/advredirect.php?url=https://gestyy.com/epxZoy

Response headers

Date
Mon, 11 Oct 2021 06:22:11 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By
PHP/5.4.16
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

date
Mon, 11 Oct 2021 06:22:11 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/5.6.40-0+deb8u13
set-cookie
PHPSESSID=a6ndga54ofgroib4t0iei0aph4; expires=Mon, 11-Oct-2021 07:22:11 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly hl=en; expires=Tue, 11-Oct-2022 06:22:11 GMT; Max-Age=31536000; path=/ referrer_url=https%3A%2F%2Fwww.gazzettadellevalli.it%2F; expires=Tue, 12-Oct-2021 06:22:11 GMT; Max-Age=86400; path=/; httponly cookies-enable=1; path=/; httponly
cache-control
no-cache
location
http://viid.me/hqeiV6163d81387c76TAzppmgqGOeWS?r=L3RpLmlsbGF2ZWxsZWRhdHRlenphZy53d3cvLzpzcHR0aA==
x-server-id
shn12
x-ua-compatible
IE=Edge
access-control-allow-origin
*
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PS%2BZaI%2FYYDwmTFtcgK6bqBDYtuzcfb5M9xoCwOyJ6OezmOTND4BgSriFcXZm7vXl5LziYkifrFHXmFacgLtDR4PSXE1JK65GW4kCfhbRpIrNHSEUcC9OgWXu7yk%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
69c5fe19b8e6f9d2-PRG

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster

8 Cookies

Domain/Path Name / Value
.gazzettadellevalli.it/ Name: __utma
Value: 242668180.2057199118.1633933331.1633933331.1633933331.1
.gazzettadellevalli.it/ Name: __utmc
Value: 242668180
.gazzettadellevalli.it/ Name: __utmz
Value: 242668180.1633933331.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.gazzettadellevalli.it/ Name: __utmt
Value: 1
.gazzettadellevalli.it/ Name: __utmb
Value: 242668180.1.10.1633933331
gestyy.com/ Name: hl
Value: en
gestyy.com/ Name: referrer_url
Value: https%3A%2F%2Fwww.gazzettadellevalli.it%2F
gestyy.com/ Name: cookies-enable
Value: 1

1 Console Messages

Source Level URL
Text
network error URL: http://viid.me/hqeiV6163d81387c76TAzppmgqGOeWS?r=L3RpLmlsbGF2ZWxsZWRhdHRlenphZy53d3cvLzpzcHR0aA==
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)