urlscan.io logo urlscan.io
SecurityTrails logo

smart448.hstn.me Open in urlscan Pro
185.27.134.103  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://risu.io/ZJiG3
Effective URL: http://smart448.hstn.me/index1.html
Submission: On February 15 via manual from UY — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 5 countries across 10 domains to perform 39 HTTP transactions. The main IP is 185.27.134.103, located in United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is smart448.hstn.me.
This is the only time smart448.hstn.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco de la República Oriental del Uruguay (Banking)

Domain & IP information

IP Address AS Autonomous System
2 9 2606:4700:310... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.98.102.251 396982 (GOOGLE-CL...)
3 2a00:1450:400... 15169 (GOOGLE)
1 23.95.119.115 36352 (AS-COLOCR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 10 185.27.134.103 34119 (WILDCARD-...)
1 2 2a06:98c1:312... 13335 (CLOUDFLAR...)
39 13
9    2606:4700:3108::ac42:2afe (United States)

ASN13335 (CLOUDFLARENET, US)
risu.io
1    2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
1    34.98.102.251 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 251.102.98.34.bc.googleusercontent.com
assets.risu.io
3    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    23.95.119.115 (Canada)

ASN36352 (AS-COLOCROSSING, CA)
PTR: server.usadomainhosting.com
searsports.com
2    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
region1.analytics.google.com
2    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
10    185.27.134.103 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
smart448.hstn.me
2    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
aeonfree.com
Apex Domain
Subdomains		 Transfer
10 hstn.me
smart448.hstn.me
757 KB
10 risu.io
risu.io
assets.risu.io
16 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 45
region1.google-analytics.com — Cisco Umbrella Rank: 2000
21 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 52
245 KB
2 aeonfree.com
aeonfree.com
534 B
2 google.de
www.google.de — Cisco Umbrella Rank: 5654
515 B
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2400
www.google.com — Cisco Umbrella Rank: 2
462 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 113
390 B
1 searsports.com
searsports.com
294 B
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 996
7 KB
39 10
Domain Requested by
10 smart448.hstn.me 2 redirects smart448.hstn.me
9 risu.io 2 redirects risu.io
static.cloudflareinsights.com
3 www.googletagmanager.com risu.io
www.googletagmanager.com
www.google-analytics.com
2 aeonfree.com 1 redirects smart448.hstn.me
2 www.google.de
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 www.google.com
1 region1.analytics.google.com www.googletagmanager.com
1 region1.google-analytics.com www.googletagmanager.com
1 searsports.com assets.risu.io
1 assets.risu.io risu.io
1 static.cloudflareinsights.com risu.io
39 13

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-03-26 -
2024-03-24		 a year crt.sh
assets.risu.io
GTS CA 1D4		 2024-01-29 -
2024-04-28		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.searsports.com
R3		 2024-01-17 -
2024-04-16		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh
www.google.de
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
www.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://smart448.hstn.me/index1.html
Frame ID: 0391A33DA64D4977800AA7E0C15C1877
Requests: 35 HTTP requests in this frame

Frame: https://risu.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
Frame ID: 847D77C9ACCDD801D702152DAC4C5A8A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Inicio

Page URL History Show full URLs

  1. https://risu.io/ZJiG3 Page URL
  2. https://searsports.com/custome/Simple-jQuery-Plugin-For-Highlighting-Image-Map-Maphilight/stats/yu/ Page URL
  3. http://smart448.hstn.me/ Page URL
  4. http://smart448.hstn.me/?i=1 HTTP 302
    http://smart448.hstn.me/index1.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+ionicons(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

39
Requests

51 %
HTTPS

75 %
IPv6

10
Domains

13
Subdomains

13
IPs

5
Countries

1047 kB
Transfer

1554 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://risu.io/ZJiG3 Page URL
  2. https://searsports.com/custome/Simple-jQuery-Plugin-For-Highlighting-Image-Map-Maphilight/stats/yu/ Page URL
  3. http://smart448.hstn.me/ Page URL
  4. http://smart448.hstn.me/?i=1 HTTP 302
    http://smart448.hstn.me/index1.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://risu.io/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://risu.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
Request Chain 8
  • https://risu.io/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://risu.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
Request Chain 31
  • http://smart448.hstn.me/frontend/static/media/selectArrowDown.b3a49a7d.svg HTTP 302
  • https://aeonfree.com/error/404/ HTTP 301
  • https://aeonfree.com/error/404
Request Chain 32
  • http://smart448.hstn.me/flfs/gotham/GothamBook.woff2 HTTP 302
  • https://aeonfree.com/error/404/
Request Chain 33
  • http://smart448.hstn.me/flfs/gotham/Gotham-Medium.woff2 HTTP 302
  • https://aeonfree.com/error/404/
Request Chain 34
  • http://smart448.hstn.me/flfs/gotham/GothamBook.woff HTTP 302
  • https://aeonfree.com/error/404/
Request Chain 35
  • http://smart448.hstn.me/flfs/gotham/Gotham-Medium.woff HTTP 302
  • https://aeonfree.com/error/404/
Request Chain 36
  • http://smart448.hstn.me/flfs/gotham/GothamBook.ttf HTTP 302
  • https://aeonfree.com/error/404/
Request Chain 37
  • http://smart448.hstn.me/flfs/gotham/Gotham-Medium.ttf HTTP 302
  • https://aeonfree.com/error/404/

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ZJiG3
risu.io/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://risu.io/ZJiG3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
006531b18a87c59a65e87b179656822e51822252ae32ac9b787f9bf32c0f3774
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=0, private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
855f495108937185-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 15 Feb 2024 17:31:47 GMT
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
8987b8e3-ec03-4228-970b-b12800a2a2f5
x-runtime
0.024278
x-xss-protection
1; mode=block
rocket-loader.min.js
risu.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risu.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: risu.io
URL: https://risu.io/ZJiG3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/ZJiG3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Feb 2024 17:53:09 GMT
server
cloudflare
etag
W/"65c66685-302c"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
855f495918477185-FRA
expires
Sat, 17 Feb 2024 17:31:48 GMT
v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by
Host: risu.io
URL: https://risu.io/ZJiG3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer
https://risu.io/
Origin
https://risu.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
content-encoding
gzip
last-modified
Tue, 10 Oct 2023 21:38:13 GMT
server
cloudflare
etag
W/"2023.10.0"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
855f495968315d60-FRA
url_redirect-783f9e05338a4e26293395677999bbd16ece44428d5985ca2fc9986dd01694b8.js
assets.risu.io/assets/ 		95 B
298 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.risu.io/assets/url_redirect-783f9e05338a4e26293395677999bbd16ece44428d5985ca2fc9986dd01694b8.js
Requested by
Host: risu.io
URL: https://risu.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.102.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.102.98.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:16:07 GMT
content-encoding
gzip
via
1.1 google
last-modified
Sun, 26 Nov 2023 15:03:03 GMT
server
nginx
age
4541
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://risu.io
cache-control
public,max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94
main.js
risu.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/ Frame 847D
Redirect Chain
  • https://risu.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://risu.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risu.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
Protocol
H3
Server
2606:4700:3108::ac42:2afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab1b58e4d17e0779a098ed15979ef27e29f53f2391839498d8c11df1b2e3dfcf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
content-encoding
br
x-content-type-options
nosniff
server
cloudflare
vary
accept-encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
855f495add5119ad-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Thu, 15 Feb 2024 17:31:48 GMT
server
cloudflare
vary
accept-encoding
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
855f495a5c4319ad-FRA
alt-svc
h3=":443"; ma=86400
gtm.js
www.googletagmanager.com/ 		203 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MR8WJDJ
Requested by
Host: risu.io
URL: https://risu.io/ZJiG3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74659
x-xss-protection
0
last-modified
Thu, 15 Feb 2024 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 15 Feb 2024 17:31:48 GMT
855f495108937185
risu.io/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 847D 		0
308 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://risu.io/cdn-cgi/challenge-platform/h/g/jsd/r/855f495108937185
Requested by
Host: risu.io
URL: https://risu.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:2afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
content-encoding
br
server
cloudflare
cf-ray
855f495baf1519ad-FRA
alt-svc
h3=":443"; ma=86400
content-type
text/plain; charset=UTF-8
/
searsports.com/custome/Simple-jQuery-Plugin-For-Highlighting-Image-Map-Maphilight/stats/yu/ 		68 B
294 B 		Document
General
Check archive.org
Download Go to
Full URL
https://searsports.com/custome/Simple-jQuery-Plugin-For-Highlighting-Image-Map-Maphilight/stats/yu/
Requested by
Host: assets.risu.io
URL: https://assets.risu.io/assets/url_redirect-783f9e05338a4e26293395677999bbd16ece44428d5985ca2fc9986dd01694b8.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.95.119.115 , Canada, ASN36352 (AS-COLOCROSSING, CA),
Reverse DNS
server.usadomainhosting.com
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risu.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
68
content-type
text/html
date
Thu, 15 Feb 2024 17:31:49 GMT
last-modified
Wed, 14 Feb 2024 21:26:54 GMT
server
nginx
x-content-type-options
nosniff
x-nginx-upstream-cache-status
EXPIRED
x-server-powered-by
Engintron
x-xss-protection
1; mode=block
main.js
risu.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/ Frame 847D
Redirect Chain
  • https://risu.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://risu.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risu.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
Protocol
H3
Server
2606:4700:3108::ac42:2afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
content-encoding
br
x-content-type-options
nosniff
server
cloudflare
vary
accept-encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
855f495bef8319ad-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Thu, 15 Feb 2024 17:31:48 GMT
server
cloudflare
vary
accept-encoding
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
cache-control
max-age=300, public
cf-ray
855f495bbf2319ad-FRA
alt-svc
h3=":443"; ma=86400
rum
risu.io/cdn-cgi/ 		0
135 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://risu.io/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:2afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://risu.io/ZJiG3
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type
application/json

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://risu.io
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
855f495bbf2919ad-FRA
js
www.googletagmanager.com/gtag/ 		254 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-H814P3QJ03&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MR8WJDJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
90039
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Feb 2024 17:31:48 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MR8WJDJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 15 Feb 2024 15:48:09 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6219
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 15 Feb 2024 17:48:09 GMT
855f495108937185
risu.io/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 847D 		0
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://risu.io/cdn-cgi/challenge-platform/h/g/jsd/r/855f495108937185
Requested by
Host: risu.io
URL: https://risu.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:2afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
content-encoding
br
server
cloudflare
cf-ray
855f495cc94b19ad-FRA
alt-svc
h3=":443"; ma=86400
content-type
text/plain; charset=UTF-8
collect
region1.google-analytics.com/g/ 		0
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-H814P3QJ03&gtm=45je42c0v883701885z8812733088za200&_p=1708018308211&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=939611722.1708018309&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708018308&sct=1&seg=0&dl=https%3A%2F%2Frisu.io%2FZJiG3&dt=%E7%9F%AD%E7%B6%B2%E5%9D%80%E3%80%82%E8%A1%8C%E9%8A%B7%E3%80%82%E5%88%86%E6%9E%90%20-%20Risu.io&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&tfd=2041
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H814P3QJ03&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 17:31:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://risu.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		16 B
216 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=85087219&t=pageview&_s=1&dl=https%3A%2F%2Frisu.io%2FZJiG3&ul=en-us&de=UTF-8&dt=%E7%9F%AD%E7%B6%B2%E5%9D%80%E3%80%82%E8%A1%8C%E9%8A%B7%E3%80%82%E5%88%86%E6%9E%90%20-%20Risu.io&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1793439574&gjid=1761692429&cid=939611722.1708018309&tid=UA-146086888-1&_gid=1148013162.1708018309&_r=1&_slc=1&gtm=45He42c0n81MR8WJDJv812733088za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=1228130506
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://risu.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 17:31:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://risu.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-146086888-1&cid=939611722.1708018309&jid=1793439574&gjid=1761692429&_gid=1148013162.1708018309&_u=YADAAEAAAAAAACAAI~&z=803828824
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://risu.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 15 Feb 2024 17:31:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://risu.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		237 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZH634PL121&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 17:31:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85681
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Feb 2024 17:31:48 GMT
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-ZH634PL121&gtm=45je42c0v9134562597za200&_p=1708018308211&_gaz=1&gcd=13l3l3l3l2&npa=0&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=939611722.1708018309&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Frisu.io%2FZJiG3&dt=%E7%9F%AD%E7%B6%B2%E5%9D%80%E3%80%82%E8%A1%8C%E9%8A%B7%E3%80%82%E5%88%86%E6%9E%90%20-%20Risu.io&sid=1708018308&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2146
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZH634PL121&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 17:31:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://risu.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
47 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZH634PL121&cid=939611722.1708018309&gtm=45je42c0v9134562597za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l2&npa=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZH634PL121&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 17:31:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://risu.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZH634PL121&cid=939611722.1708018309&gtm=45je42c0v9134562597za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l2&npa=0&z=845594157
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 17:31:48 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-146086888-1&cid=939611722.1708018309&jid=1793439574&_u=YADAAEAAAAAAACAAI~&z=119695748
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 17:31:48 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-146086888-1&cid=939611722.1708018309&jid=1793439574&_u=YADAAEAAAAAAACAAI~&z=119695748
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://risu.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 17:31:48 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
0
rum
risu.io/cdn-cgi/ 		0
0
/
smart448.hstn.me/ 		827 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://smart448.hstn.me/
Protocol
HTTP/1.1
Server
185.27.134.103 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
f2c20bc8ba04ee962cd14e5693e85550df3eb8dd07e7a91defac5618f9265eee

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache
Connection
keep-alive
Content-Length
827
Content-Type
text/html
Date
Thu, 15 Feb 2024 17:31:47 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Server
nginx
aes.js
smart448.hstn.me/ 		13 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://smart448.hstn.me/aes.js
Requested by
Host: smart448.hstn.me
URL: http://smart448.hstn.me/
Protocol
HTTP/1.1
Server
185.27.134.103 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://smart448.hstn.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Thu, 15 Feb 2024 17:31:47 GMT
Last-Modified
Sun, 15 Oct 2023 17:48:36 GMT
Server
nginx
ETag
"652c25f4-35a5"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13733
Primary Request index1.html
smart448.hstn.me/
Redirect Chain
  • http://smart448.hstn.me/?i=1
  • http://smart448.hstn.me/index1.html
25 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://smart448.hstn.me/index1.html
Requested by
Host: smart448.hstn.me
URL: http://smart448.hstn.me/
Protocol
HTTP/1.1
Server
185.27.134.103 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
737561a1d3d526849da8d88c4d1fbd3b3f9bf6e68a74aa30f51214918f786db3

Request headers

Referer
http://smart448.hstn.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=2592000, public, proxy-revalidate
Connection
keep-alive
Content-Length
25308
Content-Type
text/html; charset=UTF-8
Date
Thu, 15 Feb 2024 17:31:48 GMT
ETag
"62dc-61149e2834350"
Expires
Sat, 16 Mar 2024 17:31:47 GMT
Last-Modified
Tue, 13 Feb 2024 21:14:50 GMT
Server
nginx

Redirect headers

Cache-Control
max-age=0
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Thu, 15 Feb 2024 17:31:47 GMT
Expires
Thu, 15 Feb 2024 17:31:47 GMT
Location
index1.html
Server
nginx
fonts.css
smart448.hstn.me/flfs/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://smart448.hstn.me/flfs/fonts.css
Requested by
Host: smart448.hstn.me
URL: http://smart448.hstn.me/index1.html
Protocol
HTTP/1.1
Server
185.27.134.103 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
367cba5c66dcb77e9efdefae321a5fa51b4ed0773b15ebbd7a8ee35b913e75fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://smart448.hstn.me/index1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Thu, 15 Feb 2024 17:31:48 GMT
Last-Modified
Tue, 13 Feb 2024 21:14:55 GMT
Server
nginx
ETag
"600-61149e2cc4e88"
Content-Type
text/css
Cache-Control
max-age=2592000, public, proxy-revalidate, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1536
Expires
Sat, 16 Mar 2024 17:31:48 GMT
ionicons.css
smart448.hstn.me/flfs/ 		59 KB
59 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://smart448.hstn.me/flfs/ionicons.css
Requested by
Host: smart448.hstn.me
URL: http://smart448.hstn.me/index1.html
Protocol
HTTP/1.1
Server
185.27.134.103 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
d4d41483cf38b6182b0a495196cfc55821cfd2e3d310861f32bcd2240806f187

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://smart448.hstn.me/index1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Thu, 15 Feb 2024 17:31:48 GMT
Last-Modified
Tue, 13 Feb 2024 21:14:56 GMT
Server
nginx
ETag
"eb2d-61149e2da0258"
Content-Type
text/css
Cache-Control
max-age=2592000, public, proxy-revalidate, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
60205
Expires
Sat, 16 Mar 2024 17:31:48 GMT
2.d18bb301.chunk.css
smart448.hstn.me/flfs/ 		34 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://smart448.hstn.me/flfs/2.d18bb301.chunk.css
Requested by
Host: smart448.hstn.me
URL: http://smart448.hstn.me/index1.html
Protocol
HTTP/1.1
Server
185.27.134.103 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
3ffb95edd9704443da9b764aa5085b5985554b2d6b611487080911f7c1da7ff2

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://smart448.hstn.me/index1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Thu, 15 Feb 2024 17:31:48 GMT
Last-Modified
Tue, 13 Feb 2024 21:14:53 GMT
Server
nginx
ETag
"8879-61149e2b21b80"
Content-Type
text/css
Cache-Control
max-age=2592000, public, proxy-revalidate, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
34937
Expires
Sat, 16 Mar 2024 17:31:48 GMT
main.8d29879f.chunk.css
smart448.hstn.me/flfs/ 		528 KB
528 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://smart448.hstn.me/flfs/main.8d29879f.chunk.css
Requested by
Host: smart448.hstn.me
URL: http://smart448.hstn.me/index1.html
Protocol
HTTP/1.1
Server
185.27.134.103 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
970a245e193b5fcb6fb9e0fa1ecc9a8ee55f3775aa766fcea860ea2d9af9741f

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://smart448.hstn.me/index1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Thu, 15 Feb 2024 17:31:48 GMT
Last-Modified
Tue, 13 Feb 2024 21:15:00 GMT
Server
nginx
ETag
"83e67-61149e31cfae0"
Content-Type
text/css
Cache-Control
max-age=2592000, public, proxy-revalidate, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
540263
Expires
Sat, 16 Mar 2024 17:31:48 GMT
slider-01.jpg
smart448.hstn.me/flfs/ 		94 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://smart448.hstn.me/flfs/slider-01.jpg
Requested by
Host: smart448.hstn.me
URL: http://smart448.hstn.me/index1.html
Protocol
HTTP/1.1
Server
185.27.134.103 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
bab230fdf88b4e8eaef7937cee7ade3ae5d1556b242944c86d3bfcbc3004103d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://smart448.hstn.me/index1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Thu, 15 Feb 2024 17:31:48 GMT
Last-Modified
Tue, 13 Feb 2024 21:15:00 GMT
Server
nginx
ETag
"1762a-61149e313bbb0"
Content-Type
image/jpeg
Cache-Control
max-age=2592000, public, proxy-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
95786
Expires
Sat, 16 Mar 2024 17:31:48 GMT
404
aeonfree.com/error/
Redirect Chain
  • http://smart448.hstn.me/frontend/static/media/selectArrowDown.b3a49a7d.svg
  • https://aeonfree.com/error/404/
  • https://aeonfree.com/error/404
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aeonfree.com/error/404
Requested by
Host: smart448.hstn.me
URL: http://smart448.hstn.me/flfs/main.8d29879f.chunk.css
Protocol
H2
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://smart448.hstn.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Redirect headers

x-nf-request-id
01HPPX67AR447WZVGEFSKD484Y
date
Thu, 15 Feb 2024 17:31:50 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
18238
cache-status
"Netlify Edge"; hit
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dJOb%2BgEBFFM8d0JNqFPA8LaROIpHaAGgYF%2Fuu6bej8T88JUN2n6ILxAy8QLeUnF80riqcJPrkyKYij64ek%2B%2BMAVz%2F4yzISOfESxlqva%2FGBIUmPqJrYh%2Fw760m1AuOdbU1qG83blUtMa496s%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
location
/error/404
cache-control
public,max-age=0,must-revalidate
accept-ranges
bytes
cf-ray
855f49659e161a6d-FRA
alt-svc
h3=":443"; ma=86400
/
aeonfree.com/error/404/
Redirect Chain
  • http://smart448.hstn.me/flfs/gotham/GothamBook.woff2
  • https://aeonfree.com/error/404/
0
0
/
aeonfree.com/error/404/
Redirect Chain
  • http://smart448.hstn.me/flfs/gotham/Gotham-Medium.woff2
  • https://aeonfree.com/error/404/
0
0
/
aeonfree.com/error/404/
Redirect Chain
  • http://smart448.hstn.me/flfs/gotham/GothamBook.woff
  • https://aeonfree.com/error/404/
0
0
/
aeonfree.com/error/404/
Redirect Chain
  • http://smart448.hstn.me/flfs/gotham/Gotham-Medium.woff
  • https://aeonfree.com/error/404/
0
0
/
aeonfree.com/error/404/
Redirect Chain
  • http://smart448.hstn.me/flfs/gotham/GothamBook.ttf
  • https://aeonfree.com/error/404/
0
0
/
aeonfree.com/error/404/
Redirect Chain
  • http://smart448.hstn.me/flfs/gotham/Gotham-Medium.ttf
  • https://aeonfree.com/error/404/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-H814P3QJ03&gtm=45je42c0v883701885za200&_p=1708018308211&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=939611722.1708018309&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1708018308&sct=1&seg=0&dl=https%3A%2F%2Frisu.io%2FZJiG3&dt=%E7%9F%AD%E7%B6%B2%E5%9D%80%E3%80%82%E8%A1%8C%E9%8A%B7%E3%80%82%E5%88%86%E6%9E%90%20-%20Risu.io&en=scroll&epn.percent_scrolled=90&_et=5&tfd=2504
Domain
risu.io
URL
https://risu.io/cdn-cgi/rum?
Domain
aeonfree.com
URL
https://aeonfree.com/error/404/
Domain
aeonfree.com
URL
https://aeonfree.com/error/404/
Domain
aeonfree.com
URL
https://aeonfree.com/error/404/
Domain
aeonfree.com
URL
https://aeonfree.com/error/404/
Domain
aeonfree.com
URL
https://aeonfree.com/error/404/
Domain
aeonfree.com
URL
https://aeonfree.com/error/404/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco de la República Oriental del Uruguay (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Domain/Path Name / Value
risu.io/ Name: ahoy_visitor
Value: 99594b01-b6ce-4d10-b7bf-c0c9392c4862
risu.io/ Name: ahoy_visit
Value: a12dfd14-8aaa-4cf2-a3f5-60256fa1809c
risu.io/ Name: _risu_session
Value: 2w%2Ff849MCJ5nuoPof3j8hF0d6h5vIoPRHiMpVddd8gBX8aZiT6OcR8m8P5h2shoXevTLihEwiLSnI4GQ3zarfrhw16RrJnoYzyPH--ALwTH2DthZDAs9h3--wPsvTEyVLq6EMSo%2BK96x8A%3D%3D
.risu.io/ Name: __cf_bm
Value: _eOZONvRrzj1g8xu_bqKNctUbXQr_mpopcM7eNKKiKs-1708018307-1.0-AeZP0z+5TtqgrobZiwEEXduyySEwD3Lw15bCfi4Y4JKvhaxw1UxPeNewUmwB7da8PYHEYsS7FLHRUGJzsC4wcIk=
.risu.io/ Name: _ga_H814P3QJ03
Value: GS1.1.1708018308.1.0.1708018308.0.0.0
.risu.io/ Name: cf_clearance
Value: Lmo.EJrmcZQ67grjRi3HryQMlbgdsGeMHH2wkCcr0uY-1708018308-1.0-AVoALgEBQ9LAkzj/hpRhw/O8fJGr0kF4gpCY94KLvtCF0Yw3b7h/5+iCz21nhhlcIZanVKMPz2zSIu1BgNffp6s=
.risu.io/ Name: _ga
Value: GA1.2.939611722.1708018309
.risu.io/ Name: _gid
Value: GA1.2.1148013162.1708018309
.risu.io/ Name: _gat_UA-146086888-1
Value: 1
.risu.io/ Name: _ga_ZH634PL121
Value: GS1.2.1708018308.1.0.1708018308.60.0.0
smart448.hstn.me/ Name: __test
Value: 400a2c9c691d686dfd8ffd5bae363dd1

12 Console Messages

Source Level URL
Text
javascript error URL: http://smart448.hstn.me/index1.html
Message:
Access to font at 'https://aeonfree.com/error/404/' (redirected from 'http://smart448.hstn.me/flfs/gotham/GothamBook.woff2') from origin 'http://smart448.hstn.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://aeonfree.com/error/404/
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://smart448.hstn.me/index1.html
Message:
Access to font at 'https://aeonfree.com/error/404/' (redirected from 'http://smart448.hstn.me/flfs/gotham/Gotham-Medium.woff2') from origin 'http://smart448.hstn.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://aeonfree.com/error/404/
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://smart448.hstn.me/index1.html
Message:
Access to font at 'https://aeonfree.com/error/404/' (redirected from 'http://smart448.hstn.me/flfs/gotham/GothamBook.woff') from origin 'http://smart448.hstn.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://aeonfree.com/error/404/
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://smart448.hstn.me/index1.html
Message:
Access to font at 'https://aeonfree.com/error/404/' (redirected from 'http://smart448.hstn.me/flfs/gotham/Gotham-Medium.woff') from origin 'http://smart448.hstn.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://aeonfree.com/error/404/
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://smart448.hstn.me/index1.html
Message:
Access to font at 'https://aeonfree.com/error/404/' (redirected from 'http://smart448.hstn.me/flfs/gotham/GothamBook.ttf') from origin 'http://smart448.hstn.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://aeonfree.com/error/404/
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://smart448.hstn.me/index1.html
Message:
Access to font at 'https://aeonfree.com/error/404/' (redirected from 'http://smart448.hstn.me/flfs/gotham/Gotham-Medium.ttf') from origin 'http://smart448.hstn.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://aeonfree.com/error/404/
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aeonfree.com
assets.risu.io
region1.analytics.google.com
region1.google-analytics.com
risu.io
searsports.com
smart448.hstn.me
static.cloudflareinsights.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
aeonfree.com
region1.google-analytics.com
risu.io
185.27.134.103
2001:4860:4802:32::36
23.95.119.115
2606:4700:3108::ac42:2afe
2606:4700::6810:3865
2a00:1450:4001:80f::2008
2a00:1450:4001:827::2004
2a00:1450:4001:829::200e
2a00:1450:4001:831::2003
2a00:1450:400c:c00::9c
2a06:98c1:3121::3
34.98.102.251
006531b18a87c59a65e87b179656822e51822252ae32ac9b787f9bf32c0f3774
367cba5c66dcb77e9efdefae321a5fa51b4ed0773b15ebbd7a8ee35b913e75fe
3ffb95edd9704443da9b764aa5085b5985554b2d6b611487080911f7c1da7ff2
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
737561a1d3d526849da8d88c4d1fbd3b3f9bf6e68a74aa30f51214918f786db3
970a245e193b5fcb6fb9e0fa1ecc9a8ee55f3775aa766fcea860ea2d9af9741f
ab1b58e4d17e0779a098ed15979ef27e29f53f2391839498d8c11df1b2e3dfcf
bab230fdf88b4e8eaef7937cee7ade3ae5d1556b242944c86d3bfcbc3004103d
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d4d41483cf38b6182b0a495196cfc55821cfd2e3d310861f32bcd2240806f187
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2c20bc8ba04ee962cd14e5693e85550df3eb8dd07e7a91defac5618f9265eee