arynews.tv Open in urlscan Pro
141.193.213.20 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://googleads.g.doubleclick.net/pcs/click?xai=AKAOjsvfG-7ngPewlrotzy0L9jgkGeVDIo7OeZz3kOZNLpTjofqspgzkcyCDAO_JxomC_GGys_gMT9iiA1...
Effective URL:
https://arynews.tv/
Submission Tags: phishing
Submission: On June 13 via api (June 13th 2024, 6:02:25 pm UTC) from US — Scanned from DE

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 4 domains to perform 2 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is arynews.tv. The Cisco Umbrella rank of the primary domain is 608165.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 14th 2024. Valid for: 8 months.

This is the only time arynews.tv was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1 1	13.33.187.51 13.33.187.51	16509 (AMAZON-02) (AMAZON-02)
1 1	162.240.173.166 162.240.173.166	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
2	1

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.187.51 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-51.fra60.r.cloudfront.net

qrco.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.240.173.166 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-240-173-166.unifiedlayer.com

hisdfisy-sofuwioe7t8.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

arynews.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	arynews.tv arynews.tv — Cisco Umbrella Rank: 608165	480 B
1	duckdns.org 1 redirects hisdfisy-sofuwioe7t8.duckdns.org	492 B
1	qrco.de 1 redirects qrco.de — Cisco Umbrella Rank: 94850	346 B
1	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 63	28 B
2	4

	Domain	Requested by
2	arynews.tv
1	hisdfisy-sofuwioe7t8.duckdns.org	1 redirects
1	qrco.de	1 redirects
1	googleads.g.doubleclick.net	1 redirects
2	4

This site contains no links.

Subject Issuer	Validity	Valid
arynews.tv Cloudflare Inc ECC CA-3	`2024-05-14` - `2024-12-31`	8 months	crt.sh

This page contains 1 frames:

Primary Page: https://arynews.tv/
Frame ID: CBB84AE66107C66838C64DE52FF34B09
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

https://googleads.g.doubleclick.net/pcs/click?xai=AKAOjsvfG-7ngPewlrotzy0L9jgkGeVDIo7OeZz3kOZNLpTjofqspgzkcyCDAO... HTTP 302
https://qrco.de/bf8iND?trackingid=ehAPiaX7Bv HTTP 302
https://hisdfisy-sofuwioe7t8.duckdns.org/?verify HTTP 307
https://arynews.tv/ Page URL

Page Statistics

2
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

1
IPs

2
Countries

0 kB
Transfer

0 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://googleads.g.doubleclick.net/pcs/click?xai=AKAOjsvfG-7ngPewlrotzy0L9jgkGeVDIo7OeZz3kOZNLpTjofqspgzkcyCDAO_JxomC_GGys_gMT9iiA1eximZsnGm9CP75sJnJ3WojVKhB7o1VXCHcE9GRJaWV40iJbfvMPNyM1oaxsdxMKubGRKrEgcKqqnixFGlG71btt8NM4V8sFickRvREKIIw0qELAc_zYk-91XCqP3rShcKz9rEyirghOgkK3RZ1rJSNwNhrpOOc9PDgX3K4XEl1lDTmNboZxfWVexcU_9-faVqKM62gYoTRkV8Dg065scjFXQIaD-McSohqr6NG8D68jxGl4O0DtP0zMpDn6LQRFwBYfWRgC5HdP-h9y72PTwpHzRYilIngJKka4l7kOnC5n4s89OOMhEWbZ7GlitL3MvtCDf92Y0mk1PuhjIlOqwBP&sai=AMfl-YS17WS1tsmufrMuzWrssk0Fm1aOY4Ovw3sOv2XCTQHRfzftY10i58pdp8aQaF0UNV57umFXAOIViRV93vP6_3wJw5VOmZoERgitf2IfRNb3xaY&sig=Cg0ArKJSzEFGB1vdX2he&fbs_aeid=%5Bgw_fbsaeid%5D&adurl=https%3A%2F%2Fqrco.de%2Fbf8iND?trackingid=ehAPiaX7Bv&signature=newsletter HTTP 302
https://qrco.de/bf8iND?trackingid=ehAPiaX7Bv HTTP 302
https://hisdfisy-sofuwioe7t8.duckdns.org/?verify HTTP 307
https://arynews.tv/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	403	Primary Request / Show response arynews.tv/ Redirect Chain https://googleads.g.doubleclick.net/pcs/click?xai=AKAOjsvfG-7ngPewlrotzy0L9jgkGeVDIo7OeZz3kOZNLpTjofqspgzkcyCDAO_JxomC_GGys_gMT9iiA1eximZsnGm9CP75sJnJ3WojVKhB7o1VXCHcE9GRJaWV40iJbfvMPNyM1oaxsdxMKub... https://qrco.de/bf8iND?trackingid=ehAPiaX7Bv https://hisdfisy-sofuwioe7t8.duckdns.org/?verify https://arynews.tv/	146 B 262 B	191ms 160ms	Document text/html	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://arynews.tv/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8933fdbc6fa94d82-FRA content-encoding br content-type text/html date Thu, 13 Jun 2024 18:02:21 GMT server cloudflare vary Accept-Encoding Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Thu, 13 Jun 2024 18:02:21 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Location https://arynews.tv Pragma no-cache Server Apache Transfer-Encoding chunked Vary Accept-Encoding X-FRAME-OPTIONS SAMEORIGIN
GET H3	200	favicon.ico arynews.tv/	0 218 B	30ms 30ms	Other image/x-icon	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://arynews.tv/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://arynews.tv/ User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers pragma public date Thu, 13 Jun 2024 18:02:21 GMT cf-cache-status HIT last-modified Sat, 08 Jun 2024 23:52:41 GMT server cloudflare age 126047 etag "6664eec9-0" vary Accept-Encoding content-type image/x-icon cache-control max-age=2592000, public accept-ranges bytes cf-ray 8933fdbd89054d82-FRA alt-svc h3=":443"; ma=86400 content-length 0 expires Fri, 12 Jul 2024 07:01:34 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-21 06:39:57	Name: IDE Value: AHWqTUlqpjHXtqqZ5bMN4lmfW1DjwOiwO4Zu8c4C0l7frOYfLduFN_VAud_D9U-w
			hisdfisy-sofuwioe7t8.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 575b909a96acbaa3262dddd11579e10e

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://arynews.tv/ Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

arynews.tv
googleads.g.doubleclick.net
hisdfisy-sofuwioe7t8.duckdns.org
qrco.de
13.33.187.51
141.193.213.20
162.240.173.166
2a00:1450:4001:82b::2002
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

arynews.tv Open in urlscan Pro 141.193.213.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

1 IPs

2 Countries

0 kBTransfer

0 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

arynews.tv Open in urlscan Pro
141.193.213.20 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

1
IPs

2
Countries

0 kB
Transfer

0 kB
Size

2
Cookies

2 HTTP transactions
0 data transactions