citilepho.gq Open in urlscan Pro
2606:4700:3036::681b:bfdf Public Scan

Go To Rescan
Add Verdict Report

URL:
https://citilepho.gq/
Submission: On March 02 via automatic, source certstream-suspicious (March 2nd 2020, 12:24:27 am UTC)

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 5 countries across 9 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3036::681b:bfdf, located in United States and belongs to CLOUDFLARENET, US. The main domain is citilepho.gq.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 5th 2020. Valid for: 8 months.

This is the only time citilepho.gq was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	2606:4700:303... 2606:4700:3036::681b:bfdf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	172.105.235.147 172.105.235.147	63949 (LINODE-AP...) (LINODE-AP Linode)
1	207.55.248.20 207.55.248.20	17054 (AS17054) (AS17054)
1	2606:4700:20:... 2606:4700:20::681a:c7f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:824::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20eb:5200:14:9994:7ac0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
15	9

4 2606:4700:3036::681b:bfdf (United States)

ASN13335 (CLOUDFLARENET, US)

citilepho.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.105.235.147 (Japan)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1889-147.members.linode.com

www.notebook-driver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.55.248.20 (St. Petersburg, United States)

ASN17054 (AS17054, US)
PTR: cp31.deluxehosting.com

www.newmodeus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:c7f (United States)

ASN13335 (CLOUDFLARENET, US)

www.notebookcheck.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:5200:14:9994:7ac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

img.auctiva.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	gstatic.com fonts.gstatic.com	47 KB
4	citilepho.gq citilepho.gq	22 KB
2	yadro.ru 1 redirects counter.yadro.ru	1 KB
1	auctiva.com img.auctiva.com	15 KB
1	blogspot.com 1.bp.blogspot.com	17 KB
1	notebookcheck.info www.notebookcheck.info	624 KB
1	newmodeus.com www.newmodeus.com	165 KB
1	notebook-driver.com www.notebook-driver.com	11 KB
1	jquery.com code.jquery.com
15	9

	Domain	Requested by
4	fonts.gstatic.com	citilepho.gq
4	citilepho.gq	citilepho.gq
2	counter.yadro.ru	1 redirects citilepho.gq
1	img.auctiva.com	citilepho.gq
1	1.bp.blogspot.com	citilepho.gq
1	www.notebookcheck.info	citilepho.gq
1	www.newmodeus.com	citilepho.gq
1	www.notebook-driver.com	citilepho.gq
1	code.jquery.com	citilepho.gq
15	9

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-02-05` - `2020-10-09`	8 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
notebook-driver.com Let's Encrypt Authority X3	`2020-02-14` - `2020-05-14`	3 months	crt.sh
www.newmodeus.com Sectigo RSA Domain Validation Secure Server CA	`2019-08-19` - `2020-08-18`	a year	crt.sh
*.googleusercontent.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.auctiva.com Go Daddy Secure Certificate Authority - G2	`2018-08-04` - `2020-09-04`	2 years	crt.sh
*.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
counter.yadro.ru GoGetSSL ECC DV CA	`2020-02-02` - `2022-05-02`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://citilepho.gq/
Frame ID: 47275BDDEE2F825F7ABDE88601A20F8E
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

15
Requests

100 %
HTTPS

67 %
IPv6

9
Domains

9
Subdomains

9
IPs

5
Countries

901 kB
Transfer

1037 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://counter.yadro.ru/hit;counter___yadro___ru?r;s1600*1200*24;uhttps%3A//citilepho.gq/;hDownload%20driver%20Lenovo%20ThinkPad%20W500%204062%20RF1%20Aggiornamento%20software%20Lenovo%20Lenovo%20ThinkPad%20W500%20Drivers%20Download%20Driver;0.6970775189531795 HTTP 302
https://counter.yadro.ru/hit;counter___yadro___ru?q;r;s1600*1200*24;uhttps%3A//citilepho.gq/;hDownload%20driver%20Lenovo%20ThinkPad%20W500%204062%20RF1%20Aggiornamento%20software%20Lenovo%20Lenovo%20ThinkPad%20W500%20Drivers%20Download%20Driver;0.6970775189531795

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
citilepho.gq/ 11 KB
4 KB 80ms
17ms Document
text/html 2606:4700:3036::681b:bfdf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citilepho.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681b:bfdf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba7df30c0ce008a8bc3321028595641e26a58d5e1aca925875a09707fbedc383

Request headers

:method: GET
:authority: citilepho.gq
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
date: Mon, 02 Mar 2020 00:24:07 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dfb2861432c1e6aeaf057a4e71f9e66111583108647; expires=Wed, 01-Apr-20 00:24:07 GMT; path=/; domain=.citilepho.gq; HttpOnly; SameSite=Lax
expires: Mon, 09 Mar 2020 00:24:07 GMT
cache-control: max-age=691200
cf-cache-status: HIT
age: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 56d6f9171803e013-FRA
content-encoding: br

GET
H2 200 style.css
citilepho.gq/ 139 KB
14 KB 68ms
67ms Stylesheet
text/css 2606:4700:3036::681b:bfdf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citilepho.gq/style.css
Requested by: Host: citilepho.gq
URL: https://citilepho.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681b:bfdf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9cffa6d23a2be312483fe93957a79c273ff9b1679a0250b9465ead9a52bc0ef5

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Mon, 02 Mar 2020 00:24:07 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
status: 200
cache-control: max-age=691200
cf-ray: 56d6f9174845e013-FRA
expires: Mon, 09 Mar 2020 00:24:07 GMT

GET
H/1.1 404
Not Found jquery-1.12.4
code.jquery.com/ 0
0 23ms
9ms Script
text/html 2001:4de0:ac19::1:b:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.12.4
Requested by: Host: citilepho.gq
URL: https://citilepho.gq/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

GET
H2 200 jquery.min.js Show response
citilepho.gq/js/ 9 KB
3 KB 68ms
67ms Script
text/html 2606:4700:3036::681b:bfdf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citilepho.gq/js/jquery.min.js
Requested by: Host: citilepho.gq
URL: https://citilepho.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::681b:bfdf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a419130d5d340c6a9a5c5bf91e9219ea6462161cf58f2c12048fbd4a51a73f10

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Mon, 02 Mar 2020 00:24:07 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 02 Mar 2020 00:24:07GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=604800
cf-ray: 56d6f9174847e013-FRA
expires: Mon, 09 Mar 2020 00:24:07 GMT

GET
H2 200 Lenovo-Thinkpad-X301-280x280.jpg
www.notebook-driver.com/wp-content/uploads/2008/10/ 11 KB
11 KB 1156ms
264ms Image
image/jpeg 172.105.235.147
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.notebook-driver.com/wp-content/uploads/2008/10/Lenovo-Thinkpad-X301-280x280.jpg
Requested by: Host: citilepho.gq
URL: https://citilepho.gq/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.105.235.147 , Japan, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1889-147.members.linode.com
Software: nginx /
Resource Hash: d64d4b813330f51e2454d11218ac51a648b13581004dc147cffe4d7b360a1eb6

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 02 Mar 2020 00:24:08 GMT
last-modified: Fri, 20 Mar 2015 06:20:03 GMT
server: nginx
etag: "550bbc13-2b9e"
content-type: image/jpeg
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 11166
expires: Wed, 01 Apr 2020 00:24:08 GMT

GET
H/1.1 200
OK Lenovo-Ultrabay-Adapter-S.jpg
www.newmodeus.com/shop/images/ 165 KB
165 KB 708ms
120ms Image
image/jpeg 207.55.248.20
AS17054

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newmodeus.com/shop/images/Lenovo-Ultrabay-Adapter-S.jpg
Requested by: Host: citilepho.gq
URL: https://citilepho.gq/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 207.55.248.20 St. Petersburg, United States, ASN17054 (AS17054, US),
Reverse DNS: cp31.deluxehosting.com
Software: Apache /
Resource Hash: fd373a0f97963d371acc952a672f303f5d05bf9874d8797f6a9a0dc27541d08e

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Mon, 02 Mar 2020 00:23:59 GMT
Last-Modified: Sun, 02 Oct 2016 16:24:10 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 168453

GET
H2 200 csm_thinkpad_w500_type_07_887e478f27.jpg
www.notebookcheck.info/fileadmin/_processed_/ 623 KB
624 KB 189ms
148ms Image
image/jpeg 2606:4700:20::681a:c7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.notebookcheck.info/fileadmin/_processed_/csm_thinkpad_w500_type_07_887e478f27.jpg
Requested by: Host: citilepho.gq
URL: https://citilepho.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90456f0bb479f421a1782451dabb37aa19c3fc22c47a998364fe3aa9f707377b

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-varnish-cache: MISS
date: Mon, 02 Mar 2020 00:24:07 GMT
via: 1.1 varnish-v4
cf-cache-status: MISS
x-location: typo3-stuff
status: 200
content-length: 637541
x-varnish: 214966645
last-modified: Sun, 14 Jun 2015 06:29:38 GMT
server: cloudflare
etag: "557d1f52-9ba65"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 56d6f91808c3c29a-FRA

GET
H2 200 notebook_0.jpg
1.bp.blogspot.com/-HKQgC5V46o4/VANdW6UEyEI/AAAAAAAAArY/cWnlD8wCFfU/s1600/ 17 KB
17 KB 35ms
34ms Image
image/jpeg 2a00:1450:4001:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-HKQgC5V46o4/VANdW6UEyEI/AAAAAAAAArY/cWnlD8wCFfU/s1600/notebook_0.jpg

Requested by

Host: citilepho.gq
URL: https://citilepho.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3b7839f279a3dbfae11ccec6eb7d2bd8ee53de1055781e423829e009e7fe16a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 02 Mar 2020 00:24:07 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="notebook_0.jpg"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17196
x-xss-protection: 0
server: fife
etag: "v2b6"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 03 Mar 2020 00:24:07 GMT

GET
H2 200 833659114_tp.jpg
img.auctiva.com/imgdata/6/8/9/7/7/2/webimg/ 15 KB
15 KB 163ms
129ms Image
image/jpeg 2600:9000:20eb:5200:14:9994:7ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.auctiva.com/imgdata/6/8/9/7/7/2/webimg/833659114_tp.jpg
Requested by: Host: citilepho.gq
URL: https://citilepho.gq/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:5200:14:9994:7ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 40f2f21c9589cb63a6dd20b656e3e8ba2bf46ed3a214cc442d19f22dff76fd20

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 02 Mar 2020 00:24:08 GMT
via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
last-modified: Wed, 13 May 2015 04:05:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "059c9293ada176817879d5c834c8fcb2"
x-cache: Miss from cloudfront
content-type: image/jpeg
status: 200
x-amz-meta-content-type: image/jpeg
accept-ranges: bytes
content-length: 15373
x-amz-cf-id: S6drRHnGjAFvi3qQnofjAc1C_VxPqERQTYdP1G3aCzW15tOHhC-BSQ==

GET
H2 200 email-decode.min.js Show response
citilepho.gq/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
833 B 10ms
9ms Script
application/javascript 2606:4700:3036::681b:bfdf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://citilepho.gq/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: citilepho.gq
URL: https://citilepho.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::681b:bfdf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 02 Mar 2020 00:24:07 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 26 Feb 2020 11:08:35 GMT
server: cloudflare
etag: W/"5e5651b3-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
cf-ray: 56d6f917c90fe013-FRA
expires: Wed, 04 Mar 2020 00:24:07 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v6/ 8 KB
8 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v6/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: citilepho.gq
URL: https://citilepho.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07d2b7c2df967b7820b8ce99be3f7db1a1db5a82797826cd9a06e6489e89f71a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citilepho.gq/style.css
Origin: https://citilepho.gq
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 24 Feb 2020 20:34:53 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 22:28:13 GMT
server: sffe
age: 532154
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 7836
x-xss-protection: 0
expires: Tue, 23 Feb 2021 20:34:53 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v19/ 15 KB
16 KB 5ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: citilepho.gq
URL: https://citilepho.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29f6da0a8c21c5681511bb9b08663d3fd2c5d09c9bd8054ec354c563b8c8b7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citilepho.gq/style.css
Origin: https://citilepho.gq
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 19:10:06 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:11:50 GMT
server: sffe
age: 3302041
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 15784
x-xss-protection: 0
expires: Fri, 22 Jan 2021 19:10:06 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v19/ 15 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: citilepho.gq
URL: https://citilepho.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citilepho.gq/style.css
Origin: https://citilepho.gq
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 18 Jan 2020 01:28:19 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:46 GMT
server: sffe
age: 3797748
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 15816
x-xss-protection: 0
expires: Sun, 17 Jan 2021 01:28:19 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v6/ 8 KB
8 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v6/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: citilepho.gq
URL: https://citilepho.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fe2aa289162af5650c4a5ad04948ed0872b83982060632f75b9dbd8520d2c8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citilepho.gq/style.css
Origin: https://citilepho.gq
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 18 Jan 2020 01:25:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 22:27:58 GMT
server: sffe
age: 3797911
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 7988
x-xss-protection: 0
expires: Sun, 17 Jan 2021 01:25:36 GMT

GET
H/1.1

200
OK

hit;counter___yadro___ru
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;counter___yadro___ru?r;s1600*1200*24;uhttps%3A//citilepho.gq/;hDownload%20driver%20Lenovo%20ThinkPad%20W500%204062%20RF1%20Aggiornamento%20software%20Lenovo%20Lenovo%20...
https://counter.yadro.ru/hit;counter___yadro___ru?q;r;s1600*1200*24;uhttps%3A//citilepho.gq/;hDownload%20driver%20Lenovo%20ThinkPad%20W500%204062%20RF1%20Aggiornamento%20software%20Lenovo%20Lenovo%...

43 B
421 B

57ms
57ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://counter.yadro.ru/hit;counter___yadro___ru?q;r;s1600*1200*24;uhttps%3A//citilepho.gq/;hDownload%20driver%20Lenovo%20ThinkPad%20W500%204062%20RF1%20Aggiornamento%20software%20Lenovo%20Lenovo%20ThinkPad%20W500%20Drivers%20Download%20Driver;0.6970775189531795
Requested by: Host: citilepho.gq
URL: https://citilepho.gq/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS: host198.rax.ru
Software: nginx/1.11.1 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://citilepho.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 02 Mar 2020 00:24:07 GMT
Server: nginx/1.11.1
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 02 Mar 2019 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 02 Mar 2020 00:24:07 GMT
Server: nginx/1.11.1
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;counter___yadro___ru?q;r;s1600*1200*24;uhttps%3A//citilepho.gq/;hDownload%20driver%20Lenovo%20ThinkPad%20W500%204062%20RF1%20Aggiornamento%20software%20Lenovo%20Lenovo%20ThinkPad%20W500%20Drivers%20Download%20Driver;0.6970775189531795
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sat, 02 Mar 2019 21:00:00 GMT

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.citilepho.gq/	1970-01-19 08:28:20	Name: __cfduid Value: dfb2861432c1e6aeaf057a4e71f9e66111583108647

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
citilepho.gq
code.jquery.com
counter.yadro.ru
fonts.gstatic.com
img.auctiva.com
www.newmodeus.com
www.notebook-driver.com
www.notebookcheck.info
172.105.235.147
2001:4de0:ac19::1:b:2b
207.55.248.20
2600:9000:20eb:5200:14:9994:7ac0:93a1
2606:4700:20::681a:c7f
2606:4700:3036::681b:bfdf
2a00:1450:4001:800::2003
2a00:1450:4001:824::2001
88.212.201.198
07d2b7c2df967b7820b8ce99be3f7db1a1db5a82797826cd9a06e6489e89f71a
0fe2aa289162af5650c4a5ad04948ed0872b83982060632f75b9dbd8520d2c8b
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
29f6da0a8c21c5681511bb9b08663d3fd2c5d09c9bd8054ec354c563b8c8b7c1
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3b7839f279a3dbfae11ccec6eb7d2bd8ee53de1055781e423829e009e7fe16a0
40f2f21c9589cb63a6dd20b656e3e8ba2bf46ed3a214cc442d19f22dff76fd20
90456f0bb479f421a1782451dabb37aa19c3fc22c47a998364fe3aa9f707377b
9cffa6d23a2be312483fe93957a79c273ff9b1679a0250b9465ead9a52bc0ef5
a419130d5d340c6a9a5c5bf91e9219ea6462161cf58f2c12048fbd4a51a73f10
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
ba7df30c0ce008a8bc3321028595641e26a58d5e1aca925875a09707fbedc383
d64d4b813330f51e2454d11218ac51a648b13581004dc147cffe4d7b360a1eb6
fd373a0f97963d371acc952a672f303f5d05bf9874d8797f6a9a0dc27541d08e

citilepho.gq Open in urlscan Pro 2606:4700:3036::681b:bfdf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

67 %IPv6

9 Domains

9 Subdomains

9 IPs

5 Countries

901 kBTransfer

1037 kBSize

1 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

1 Cookies

Indicators

citilepho.gq Open in urlscan Pro
2606:4700:3036::681b:bfdf Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

67 %
IPv6

9
Domains

9
Subdomains

9
IPs

5
Countries

901 kB
Transfer

1037 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions