www.google.com - urlscan.io

Summary

This website contacted 3 IPs in 4 countries across 6 domains to perform 4 HTTP transactions. The main IP is 172.217.18.4, located in and belongs to . The main domain is www.google.com.
TLS certificate: Issued by GTS CA 1C3 on March 4th 2024. Valid for: 3 months.

This is the only time www.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	185.91.118.232 185.91.118.232	200918 (ORELSOFT) (ORELSOFT)
1 1	34.76.189.27 34.76.189.27	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	34.76.98.215 34.76.98.215	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	203.161.62.54 203.161.62.54	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1 2	172.217.18.4 172.217.18.4	() ()
4	3

2 185.91.118.232 (Czech Republic)

ASN200918 (ORELSOFT, CZ)
PTR: mzfhzgzjzdi2.tatunaboa.com.br

fantoomes.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.76.189.27 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 27.189.76.34.bc.googleusercontent.com

directfwd-2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.76.98.215 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 215.98.76.34.bc.googleusercontent.com

breakingtrackss1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.trackitlivenow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 203.161.62.54 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: phacocyst-olives.vpsrdns.web-hosting.com

www.lptrackerstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.4 (None, ) 1 redirects

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	google.com 1 redirects www.google.com	25 B
2	fantoomes.click fantoomes.click	1 KB
1	lptrackerstar.com 1 redirects www.lptrackerstar.com	560 B
1	trackitlivenow.com 1 redirects www.trackitlivenow.com	747 B
1	breakingtrackss1.com 1 redirects breakingtrackss1.com	753 B
1	directfwd-2.com 1 redirects directfwd-2.com	293 B
4	6

	Domain	Requested by
2	www.google.com	1 redirects fantoomes.click www.google.com
2	fantoomes.click	fantoomes.click
1	www.lptrackerstar.com	1 redirects
1	www.trackitlivenow.com	1 redirects
1	breakingtrackss1.com	1 redirects
1	directfwd-2.com	1 redirects
4	6

This site contains no links.

Subject Issuer	Validity	Valid
*.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgSVZu1YGM2h6bAGIjBOx2QStgEPT3eAovgW3PI8VmYFFonMqDDW6_IxACcgKZbdfoWNT8v6mdQkOzxsrAcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
Frame ID: 4AB304130E68C4EECDB78304B23B1A19
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 HTTP 307
https://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 HTTP 307
http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 Page URL
http://fantoomes.click/t/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 Page URL
https://directfwd-2.com/?a=1908&oc=19722&c=53376&p=r&m=3&s1=9&s2=2-2346&s3=38-67547-117 HTTP 302
https://breakingtrackss1.com/?a=1908&oc=19722&c=53376&p=r&m=3&s1=9&s2=2-2346&s3=38-67547-117&ckmguid=7004... HTTP 302
https://www.trackitlivenow.com/C1X4KG/TM1W4J6/?sub2=362130213&source_id=1908 HTTP 302
https://www.lptrackerstar.com/cmp/6H42TQ/R1T86S/?__rpt=0&__po=13913&__ptid=0e3ba09ac05a45b6bc8b6cf30b8a942... HTTP 302
https://www.google.com/ HTTP 302
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgSVZu1YGM2h6bAGIjBOx2QStgEPT... Page URL

Page Statistics

4
Requests

25 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

3
IPs

4
Countries

1 kB
Transfer

4 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 HTTP 307
https://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 HTTP 307
http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 Page URL
http://fantoomes.click/t/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 Page URL
https://directfwd-2.com/?a=1908&oc=19722&c=53376&p=r&m=3&s1=9&s2=2-2346&s3=38-67547-117 HTTP 302
https://breakingtrackss1.com/?a=1908&oc=19722&c=53376&p=r&m=3&s1=9&s2=2-2346&s3=38-67547-117&ckmguid=70041f2c-ca66-4010-8838-f855d34744c5 HTTP 302
https://www.trackitlivenow.com/C1X4KG/TM1W4J6/?sub2=362130213&source_id=1908 HTTP 302
https://www.lptrackerstar.com/cmp/6H42TQ/R1T86S/?__rpt=0&__po=13913&__ptid=0e3ba09ac05a45b6bc8b6cf30b8a9422&__rpa=0&__rc=1&sub1=&sub2=362130213&sub3=&sub4=&sub5=&source_id=1908&__pcd=9 HTTP 302
https://www.google.com/ HTTP 302
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgSVZu1YGM2h6bAGIjBOx2QStgEPT3eAovgW3PI8VmYFFonMqDDW6_IxACcgKZbdfoWNT8v6mdQkOzxsrAcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 HTTP 307
https://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 HTTP 307
http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 Show response
fantoomes.click/
Redirect Chain

http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9
https://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9
http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9

458 B
712 B

40ms
39ms

Document
text/html

185.91.118.232
ORELSOFT

General

Check archive.org

Show headers Download Go to

Full URL: http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9
Protocol: HTTP/1.1
Server: 185.91.118.232 , Czech Republic, ASN200918 (ORELSOFT, CZ),
Reverse DNS: mzfhzgzjzdi2.tatunaboa.com.br
Software: /
Resource Hash: 0f3a07f36d6bddee418f7d7548bc165b09817e10764a359d2773388cdec9ff8a

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Length: 458
Content-Type: text/html; charset=utf-8
Date: Sat, 13 Apr 2024 09:30:49 GMT
X-Address: gin_throttle_mw_7200000000_149.102.237.88
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 496
X-Ratelimit-Reset: 1713004195

Redirect headers

Location: http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK 4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9 Show response
fantoomes.click/t/ 300 B
554 B 109ms
108ms Document
text/html 185.91.118.232
ORELSOFT

General

Check archive.org

Show headers Download Go to

Full URL: http://fantoomes.click/t/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9
Requested by: Host: fantoomes.click
URL: http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9
Protocol: HTTP/1.1
Server: 185.91.118.232 , Czech Republic, ASN200918 (ORELSOFT, CZ),
Reverse DNS: mzfhzgzjzdi2.tatunaboa.com.br
Software: /
Resource Hash: 7b6991b0310a0043d5ab605752532c90cc345db903b5acdf0b4142a2e1d0cdd9

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: http://fantoomes.click/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Length: 300
Content-Type: text/html; charset=utf-8
Date: Sat, 13 Apr 2024 09:30:51 GMT
X-Address: gin_throttle_mw_7200000000_149.102.237.88
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 495
X-Ratelimit-Reset: 1713004195

GET
H3

429

Primary Request index
www.google.com/sorry/
Redirect Chain

https://directfwd-2.com/?a=1908&oc=19722&c=53376&p=r&m=3&s1=9&s2=2-2346&s3=38-67547-117
https://breakingtrackss1.com/?a=1908&oc=19722&c=53376&p=r&m=3&s1=9&s2=2-2346&s3=38-67547-117&ckmguid=70041f2c-ca66-4010-8838-f855d34744c5
https://www.trackitlivenow.com/C1X4KG/TM1W4J6/?sub2=362130213&source_id=1908
https://www.lptrackerstar.com/cmp/6H42TQ/R1T86S/?__rpt=0&__po=13913&__ptid=0e3ba09ac05a45b6bc8b6cf30b8a9422&__rpa=0&__rc=1&sub1=&sub2=362130213&sub3=&sub4=&sub5=&source_id=1908&__pcd=9
https://www.google.com/
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgSVZu1YGM2h6bAGIjBOx2QStgEPT3eAovgW3PI8VmYFFonMqDDW6_IxACcgKZbdfoWNT8v6mdQkOzxsrAcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

3 KB
0

34ms
33ms

Document
text/html

172.217.18.4

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgSVZu1YGM2h6bAGIjBOx2QStgEPT3eAovgW3PI8VmYFFonMqDDW6_IxACcgKZbdfoWNT8v6mdQkOzxsrAcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

Requested by

Host: fantoomes.click
URL: http://fantoomes.click/t/4CAnjc2346XpQO2ttrpbhlirk38COGYNLKQXGLRBHD67547RGLF117z9

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

172.217.18.4 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: http://fantoomes.click/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store, no-cache, must-revalidate
content-length: 3246
content-type: text/html
date: Sat, 13 Apr 2024 09:30:54 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-aVQd7khMgG2OOMOuim85Jg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
content-type: text/html; charset=UTF-8
date: Sat, 13 Apr 2024 09:30:54 GMT
location: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgSVZu1YGM2h6bAGIjBOx2QStgEPT3eAovgW3PI8VmYFFonMqDDW6_IxACcgKZbdfoWNT8v6mdQkOzxsrAcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
server: gws
x-frame-options: SAMEORIGIN
x-hallmonitor-challenge: CgsIzqHpsAYQu_GSThIElWbtWA
x-xss-protection: 0

GET api.js
www.google.com/recaptcha/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.com
URL: https://www.google.com/recaptcha/api.js

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.breakingtrackss1.com/	1969-12-31 23:59:59	Name: sq Value: T+mO553piXbxRapSxFwK0ylbO4HJiyrHarF3CyqkhCQZNvEYHROgFw==
.breakingtrackss1.com/	1970-01-21 05:26:00	Name: tm Value: 78XKJThha9TnUfVflrGRwSlbO4HJiyrHarF3CyqkhCQZNvEYHROgFw==
.breakingtrackss1.com/	1970-01-20 20:33:12	Name: c19670 Value: T+mO553piXYnoZoysp3M9yp5k5BzjgHgoT3V3lhfN0O0qp+UMRxa8A==
www.trackitlivenow.com/	1970-01-20 20:04:24	Name: uniqueClick_TM1W4J6 Value: 486d5292-8619-47b9-bf6e-03c507d2fb98:1713000652

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgSVZu1YGM2h6bAGIjBOx2QStgEPT3eAovgW3PI8VmYFFonMqDDW6_IxACcgKZbdfoWNT8v6mdQkOzxsrAcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM Message: Failed to load resource: the server responded with a status of 429 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

breakingtrackss1.com
directfwd-2.com
fantoomes.click
www.google.com
www.lptrackerstar.com
www.trackitlivenow.com
www.google.com
172.217.18.4
185.91.118.232
188.114.97.3
203.161.62.54
34.76.189.27
34.76.98.215
0f3a07f36d6bddee418f7d7548bc165b09817e10764a359d2773388cdec9ff8a
7b6991b0310a0043d5ab605752532c90cc345db903b5acdf0b4142a2e1d0cdd9

www.google.com Open in urlscan Pro 172.217.18.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

4 Requests

25 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

3 IPs

4 Countries

1 kBTransfer

4 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

4 Cookies

1 Console Messages

Indicators

www.google.com Open in urlscan Pro
172.217.18.4 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

25 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

3
IPs

4
Countries

1 kB
Transfer

4 kB
Size

4
Cookies

4 HTTP transactions
0 data transactions