urlscan.io logo urlscan.io
SecurityTrails logo

dereferer.me Open in urlscan Pro
2a05:91c0:1506:146::  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://panel.trackingbearus.us/go.php?id=1061&u=rk
Effective URL: https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
Submission: On January 05 via manual from GB — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 4 HTTP transactions. The main IP is 2a05:91c0:1506:146::, located in Romania and belongs to CHROOT Bucharest ROMANIA, EU, RO. The main domain is dereferer.me.
TLS certificate: Issued by R3 on December 26th 2022. Valid for: 3 months.
This is the only time dereferer.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 192.0.78.26 2635 (AUTOMATTIC)
2 2a05:91c0:150... 56430 (CHROOT Bu...)
4 3
Apex Domain
Subdomains		 Transfer
2 dereferer.me
dereferer.me
227 KB
1 href.li
href.li — Cisco Umbrella Rank: 98592
408 B
1 trackingbearus.us
panel.trackingbearus.us
969 B
0 latinbeautydate.com Failed
www.latinbeautydate.com Failed
4 4
Domain Requested by
2 dereferer.me href.li
dereferer.me
1 href.li
1 panel.trackingbearus.us 1 redirects
0 www.latinbeautydate.com Failed
4 4

This site contains links to these domains. Also see Links.

Domain
tracking.romancelove4u.online
Subject Issuer Validity Valid
tls.automattic.com
R3		 2022-12-27 -
2023-03-27		 3 months crt.sh
dereferer.me
R3		 2022-12-26 -
2023-03-26		 3 months crt.sh

This page contains 1 frames:

Frame: https://www.latinbeautydate.com/qa/register08.php?aid=1566&oid=CP284988&qpid_offer_id=LBD_836603TEXIE&qpid_subid=5&qpid_clickid=63b6d9b37280390001ff3ee7
Frame ID: 6385088B94797D21E96EF2C53AE8ED4F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Hide referrer - you are being redirected

Page URL History Show full URLs

  1. http://panel.trackingbearus.us/go.php?id=1061&u=rk HTTP 302
    https://href.li/?https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&o... Page URL
  2. https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=72604... Page URL

Page Statistics

4
Requests

75 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

227 kB
Transfer

229 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://panel.trackingbearus.us/go.php?id=1061&u=rk HTTP 302
    https://href.li/?https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767 Page URL
  2. https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://panel.trackingbearus.us/go.php?id=1061&u=rk HTTP 302
  • https://href.li/?https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
Request Chain 2
  • https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767 HTTP 302
  • https://adsmartmobi.g2afse.com/click?pid=5&offer_id=22 HTTP 302
  • https://www.latinbeautydate.com/index.php/promote/click?aid=1566&oid=CP284988&qpid_offer_id=LBD_836603TEXIE&qpid_subid=5&qpid_clickid=63b6d9b37280390001ff3ee7 HTTP 302
  • https://www.latinbeautydate.com/qa/register08.php?aid=1566&oid=CP284988&qpid_offer_id=LBD_836603TEXIE&qpid_subid=5&qpid_clickid=63b6d9b37280390001ff3ee7

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
href.li/
Redirect Chain
  • http://panel.trackingbearus.us/go.php?id=1061&u=rk
  • https://href.li/?https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
824 B
408 B 		Document
General
Check archive.org
Download Go to
Full URL
https://href.li/?https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.26 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 05 Jan 2023 14:07:40 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-ac
3.mia _dca MISS

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
784cc8157e5d0a2a-MIA
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Thu, 05 Jan 2023 14:07:40 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Location
https://href.li/?https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma
no-cache
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W2F5%2BK6zR4yMddlCIQwIqautckg56JS3zFK%2BFuYvmHzir4k6X5e99aOCEmZQT1LvVkxrOMuzV6pS%2FmazqN2JSY%2B15Ke2KcdebQ30mqt5sIcZ1IebgAnwHYBshCBxPy3K49f1ZGVCxAQAi5OYQWKVsbJdnQMD8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Primary Request /
dereferer.me/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
Requested by
Host: href.li
URL: https://href.li/?https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a05:91c0:1506:146:: , Romania, ASN56430 (CHROOT Bucharest ROMANIA, EU, RO),
Reverse DNS
Software
Dereferer.me / Layer7 Cache
Resource Hash
b8d29757ccce1a545bb2e76d143824bd85925ce82e019bf5c61070e57fc6cf94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 05 Jan 2023 14:07:41 GMT
server
Dereferer.me
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-location
https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
x-powered-by
Layer7 Cache
x-xss-protection
1; mode=block
bg5.jpg
dereferer.me/static/images/backgrounds/ 		225 KB
225 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dereferer.me/static/images/backgrounds/bg5.jpg
Requested by
Host: dereferer.me
URL: https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a05:91c0:1506:146:: , Romania, ASN56430 (CHROOT Bucharest ROMANIA, EU, RO),
Reverse DNS
Software
Dereferer.me / Layer7 Cache
Resource Hash
65c4f41e007d197103792999c9b67384ac04ee1a6a83b918f2ed6bbfc502da2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dereferer.me/?https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 05 Jan 2023 14:07:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
last-modified
Thu, 06 May 2021 22:16:10 GMT
server
Dereferer.me
x-powered-by
Layer7 Cache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
230161
x-xss-protection
1; mode=block
expires
Thu, 31 Dec 2037 23:55:55 GMT
register08.php
www.latinbeautydate.com/qa/
Redirect Chain
  • https://tracking.romancelove4u.online/click?pid=562&offer_id=262&sub1=726047&l=1671775767
  • https://adsmartmobi.g2afse.com/click?pid=5&offer_id=22
  • https://www.latinbeautydate.com/index.php/promote/click?aid=1566&oid=CP284988&qpid_offer_id=LBD_836603TEXIE&qpid_subid=5&qpid_clickid=63b6d9b37280390001ff3ee7
  • https://www.latinbeautydate.com/qa/register08.php?aid=1566&oid=CP284988&qpid_offer_id=LBD_836603TEXIE&qpid_subid=5&qpid_clickid=63b6d9b37280390001ff3ee7
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.latinbeautydate.com
URL
https://www.latinbeautydate.com/qa/register08.php?aid=1566&oid=CP284988&qpid_offer_id=LBD_836603TEXIE&qpid_subid=5&qpid_clickid=63b6d9b37280390001ff3ee7

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

1 Cookies

Domain/Path Name / Value
panel.trackingbearus.us/ Name: PHPSESSID
Value: 3gjg3ee17r4r2026gdji131cql

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dereferer.me
href.li
panel.trackingbearus.us
www.latinbeautydate.com
www.latinbeautydate.com
192.0.78.26
2606:4700:3036::6815:4b30
2a05:91c0:1506:146::
65c4f41e007d197103792999c9b67384ac04ee1a6a83b918f2ed6bbfc502da2d
b8d29757ccce1a545bb2e76d143824bd85925ce82e019bf5c61070e57fc6cf94