Submitted URL: https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
Effective URL: https://itredir1.me/go/my4wcntdmi5dgmjsgi?sub1=goopodsk
Submission: On July 19 via manual from IN

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 104.248.199.158, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is itredir1.me.
TLS certificate: Issued by R3 on July 18th 2021. Valid for: 3 months.
This is the only time itredir1.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2606:4700:303... 13335 (CLOUDFLAR...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 104.248.199.158 14061 (DIGITALOC...)
12 4
Apex Domain
Subdomains
Transfer
7 aeroview780g.pw
btk.aeroview780g.pw
aeroview780g.pw
94 KB
1 itredir1.me
itredir1.me
53 KB
0 gravatar.com Failed
1.gravatar.com Failed
12 3
Domain Requested by
5 aeroview780g.pw btk.aeroview780g.pw
2 btk.aeroview780g.pw btk.aeroview780g.pw
1 itredir1.me btk.aeroview780g.pw
0 1.gravatar.com Failed btk.aeroview780g.pw
12 4

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-02-02 -
2022-02-01
a year crt.sh
brop1.com
R3
2021-07-18 -
2021-10-16
3 months crt.sh

This page contains 1 frames:

Primary Page: https://itredir1.me/go/my4wcntdmi5dgmjsgi?sub1=goopodsk
Frame ID: 491833CBCBCAF6A4C699DD10F500D1CE
Requests: 13 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://btk.aeroview780g.pw/faysal-bank-installment-plan.html Page URL
  2. https://itredir1.me/go/my4wcntdmi5dgmjsgi?sub1=goopodsk Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

12
Requests

67 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

146 kB
Transfer

267 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://btk.aeroview780g.pw/faysal-bank-installment-plan.html Page URL
  2. https://itredir1.me/go/my4wcntdmi5dgmjsgi?sub1=goopodsk Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
faysal-bank-installment-plan.html
btk.aeroview780g.pw/
27 KB
9 KB
Document
General
Full URL
https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:2174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash
0509206da76473900f74f44904d075ea07084868512183594ef97eaf06fa950b

Request headers

:method
GET
:authority
btk.aeroview780g.pw
:scheme
https
:path
/faysal-bank-installment-plan.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Jul 2021 09:33:08 GMT
content-type
text/html
x-powered-by
PHP/5.4.16
set-cookie
qwerty=0; expires=Mon, 19-Jul-2021 10:33:08 GMT; path=/
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2Bs1qIvrTJr6wQI8JmTV47nssJxckCNUn9GCRm7tyYD0l6SIi4nko7dSF8KIRj7gqPqAcOEUO33SP9arFvMleQOdHCvqV2qXnhdyuN3YZkWG01HcoxZr%2B9VXk9J%2FlOeWXkiLAX4wqDGrR0w3Ji3wp%2BYb"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6712f24dddbe061c-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
style.min.css
aeroview780g.pw/wp-includes/css/dist/block-library/
40 KB
6 KB
Stylesheet
General
Full URL
https://aeroview780g.pw/wp-includes/css/dist/block-library/style.min.css?ver=5.3
Requested by
Host: btk.aeroview780g.pw
URL: https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:2174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://btk.aeroview780g.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Jul 2021 09:33:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
173856
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Wed, 03 Feb 2021 07:27:36 GMT
server
cloudflare
etag
W/"601a5068-a1fb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gs3XohiqIxLOibw84t4VDUV1Y0HXRq8LXMS0CmEoO7IDfs7izkG4Twir6hw4w9QG9yWJNuRDu2f0CdK8fWR83N4JlP1tt5PmeILqJVBsylu0TSA463RAhX2Gm6LZjXDh259hbifk7JQMFN70NK4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
6712f24e6f11061c-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
main.css
aeroview780g.pw/wp-content/themes/arkhe/dist/css/
52 KB
12 KB
Stylesheet
General
Full URL
https://aeroview780g.pw/wp-content/themes/arkhe/dist/css/main.css?ver=0.8.0
Requested by
Host: btk.aeroview780g.pw
URL: https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:2174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://btk.aeroview780g.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Jul 2021 09:33:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4564199
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Wed, 03 Feb 2021 07:27:36 GMT
server
cloudflare
etag
W/"601a5068-cf65"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aJojCqrUe006HWj31Nc1kvjTiGB%2ByoORqdNv%2B2lozTtJNMKwTjy%2BoRPoYFFo3zBvVxfapSOY%2B1ymU%2F8nC52XsGI8ONVti0tvqaazihASYXf0ymoP8Fvx%2FplvlMzUp0KsLwy%2FgWGM3x6tw2FEeaM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
6712f24e6f14061c-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
faysal-bank-installment-plan-3.jpg
btk.aeroview780g.pw/img/
0
0

faysal-bank-installment-plan-2.jpg
btk.aeroview780g.pw/img/
50 KB
50 KB
Image
General
Full URL
https://btk.aeroview780g.pw/img/faysal-bank-installment-plan-2.jpg
Requested by
Host: btk.aeroview780g.pw
URL: https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:a254 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash

Request headers

:path
/img/faysal-bank-installment-plan-2.jpg
pragma
no-cache
cookie
qwerty=0
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
btk.aeroview780g.pw
referer
https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Jul 2021 09:33:08 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2644
x-powered-by
PHP/5.4.16
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dWf9A3GPiLlstrK7ijUisASys6MLAvkVXzoSn4Ps%2F%2Bk1jjqv23pRzEHEfhXteG0DBMbu93Z8AEtEYYB6KeRBLAk8zgRJpChIGiMWUibKKNVjxEpx3cYPsgzdhWpGmkv0Nhl6HSap3M2jaRQGffMg3ZHh"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
6712f24ed9e4dfc7-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
wp-emoji-release.min.js
aeroview780g.pw/wp-includes/js/
0
0

faysal-bank-installment-plan.jpg
btk.aeroview780g.pw/img/
0
0

1cb1c39857f5eef49897f849251861a9
1.gravatar.com/avatar/
0
0

lazysizes.js
aeroview780g.pw/wp-content/themes/arkhe/dist/js/plugin/
12 KB
6 KB
Script
General
Full URL
https://aeroview780g.pw/wp-content/themes/arkhe/dist/js/plugin/lazysizes.js?ver=0.8.0
Requested by
Host: btk.aeroview780g.pw
URL: https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:a254 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://btk.aeroview780g.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Jul 2021 09:33:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 03 Feb 2021 07:27:36 GMT
server
cloudflare
age
3904
etag
W/"601a5068-3089"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsnak%2BdQE6JXRnR3lDlTuaOCH1M0pWhfGWU8jcnLxsI6AX48r7Id4Kqe3wnLHeiNn1a6lSA9rE%2BEtJcao%2FO%2FrSIUj5%2FTJKbfp4Oczdfd8ChnC6kr4vtKxKlLOo%2F%2FyJksNb0NmKOPNHUz2V%2FVFDE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6712f24e997fdfc7-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
main.js
aeroview780g.pw/wp-content/themes/arkhe/dist/js/
24 KB
9 KB
Script
General
Full URL
https://aeroview780g.pw/wp-content/themes/arkhe/dist/js/main.js?ver=0.8.0
Requested by
Host: btk.aeroview780g.pw
URL: https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:a254 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://btk.aeroview780g.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Jul 2021 09:33:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 03 Feb 2021 07:27:36 GMT
server
cloudflare
age
3904
etag
W/"601a5068-6151"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vtGj1bBg9P2%2Bnxe08VQsL1wCnqyhPLBAgeneQHV6Efxw6uBuOmwF3FyInJ%2Fw0%2Fp7%2B4Q2sDHId3psFbRSJhvU3gWnCa17Mmui%2FKiQMvnW4Ux0SF2tFEE10C4V1q79PIjXct%2F1DLfcK18Eh94eGLM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6712f24e997ddfc7-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
wp-embed.min.js
aeroview780g.pw/wp-includes/js/
1 KB
1 KB
Script
General
Full URL
https://aeroview780g.pw/wp-includes/js/wp-embed.min.js?ver=5.3
Requested by
Host: btk.aeroview780g.pw
URL: https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:a254 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://btk.aeroview780g.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Jul 2021 09:33:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 03 Feb 2021 07:27:38 GMT
server
cloudflare
age
3904
etag
W/"601a506a-577"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FnW%2BBNmdj7Hw9Dqkgff5q2ZYiXrjsCHIudqFoMMhZv69%2FRT1SZ3l8Xp%2FeKW7MBy5deQT2VHMIpNI5ReU20WeGROtg9RgP85r%2BfcE5r4mX5%2BXErVf%2BPkHuaHF668b%2B7TU4U5sPruApBQAfvMYLsE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6712f24eb9b0dfc7-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Primary Request my4wcntdmi5dgmjsgi
itredir1.me/go/
52 KB
53 KB
Document
General
Full URL
https://itredir1.me/go/my4wcntdmi5dgmjsgi?sub1=goopodsk
Requested by
Host: btk.aeroview780g.pw
URL: https://btk.aeroview780g.pw/faysal-bank-installment-plan.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.248.199.158 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
c2f8ee8dd9cb88ae446d07816a02f774a294889f7331aff38cf011ab58a0bb4a
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
itredir1.me
:scheme
https
:path
/go/my4wcntdmi5dgmjsgi?sub1=goopodsk
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://btk.aeroview780g.pw/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://btk.aeroview780g.pw/

Response headers

server
nginx
date
Mon, 19 Jul 2021 09:33:08 GMT
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
set-cookie
uuid=cc5a37f4-0adb-458b-bce9-5cd7d6e84f5e; expires=Wed, 18-Aug-2021 09:33:08 GMT; Max-Age=2592000; path=/; domain=itredir1.me
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
truncated
/
7 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
btk.aeroview780g.pw
URL
https://btk.aeroview780g.pw/img/faysal-bank-installment-plan-3.jpg
Domain
aeroview780g.pw
URL
http://aeroview780g.pw/wp-includes/js/wp-emoji-release.min.js?ver=5.3
Domain
btk.aeroview780g.pw
URL
https://btk.aeroview780g.pw/img/faysal-bank-installment-plan.jpg
Domain
1.gravatar.com
URL
https://1.gravatar.com/avatar/1cb1c39857f5eef49897f849251861a9?s=100&d=mm&r=g

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| languages function| text string| relevanteLang string| lang boolean| guardEnabled boolean| isChrome function| compareVersion function| getLanguage object| rootElement boolean| canStart function| textr function| disableHistory function| disableIncognito function| denied function| getWorkerRegistration function| SubS function| CheckS function| urlB64ToUint8Array function| j4ee function| L0zz boolean| j string| title string| holder function| before_redirect_block

1 Cookies

Domain/Path Name / Value
.itredir1.me/ Name: uuid
Value: cc5a37f4-0adb-458b-bce9-5cd7d6e84f5e