wordcounter.icu Open in urlscan Pro
2a06:98c1:3120::c Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sasco3.site/
Effective URL:
https://wordcounter.icu/bPedfN5d
Submission: On September 27 via manual (September 27th 2022, 5:45:26 pm UTC) from IN — Scanned from FR

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 6 domains to perform 12 HTTP transactions. The main IP is 2a06:98c1:3120::c, located in and belongs to . The main domain is wordcounter.icu.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 12th 2022. Valid for: a year.

This is the only time wordcounter.icu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	212.83.130.206 212.83.130.206	12876 (Online SAS) (Online SAS)
1	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY)
1 1	2606:4700:303... 2606:4700:3036::ac43:af0d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a06:98c1:312... 2a06:98c1:3120::c	() ()
12	4

3 212.83.130.206 (France)

ASN12876 (Online SAS, FR)
PTR: 212-83-130-206.rev.poneytelecom.eu

sasco3.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::ac43:af0d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

uii.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::c (None, )

ASN- ()

wordcounter.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	sasco3.site sasco3.site	1 KB
2	wordcounter.icu wordcounter.icu	7 KB
1	uii.io 1 redirects uii.io — Cisco Umbrella Rank: 703687	847 B
1	imgur.com i.imgur.com — Cisco Umbrella Rank: 5839	8 KB
0	stickervillain.com Failed stickervillain.com Failed
0	fuseplatform.net Failed cdn.fuseplatform.net Failed
12	6

	Domain	Requested by
3	sasco3.site	sasco3.site
2	wordcounter.icu	sasco3.site wordcounter.icu
1	uii.io	1 redirects
1	i.imgur.com	sasco3.site
0	stickervillain.com Failed	wordcounter.icu
0	cdn.fuseplatform.net Failed	wordcounter.icu
12	6

This site contains no links.

Subject Issuer	Validity	Valid
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-03-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-12` - `2023-05-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://wordcounter.icu/bPedfN5d
Frame ID: 6EBE3FB7265AB0AF7274532B603AAE71
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sasco3.site/ Page URL
http://sasco3.site/re.php Page URL
http://sasco3.site/fc.php Page URL
https://uii.io/bPedfN5d HTTP 301
https://wordcounter.icu/bPedfN5d Page URL

Page Statistics

12
Requests

25 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

4
IPs

3
Countries

16 kB
Transfer

231 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sasco3.site/ Page URL
http://sasco3.site/re.php Page URL
http://sasco3.site/fc.php Page URL
https://uii.io/bPedfN5d HTTP 301
https://wordcounter.icu/bPedfN5d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
sasco3.site/ 494 B
593 B 111ms
24ms Document
text/html 212.83.130.206
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: http://sasco3.site/
Protocol: HTTP/1.1
Server: 212.83.130.206 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 212-83-130-206.rev.poneytelecom.eu
Software: / PHP/7.4.30
Resource Hash: 1cb5619939e0f4081c705f24b98a26ecd8fbcff72addd2a8581cdcfe8ea64238

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-encoding: gzip
content-length: 347
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 17:45:21 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.30

GET
H2 200 QBMlVwr.gif
i.imgur.com/ 8 KB
8 KB 170ms
43ms Image
image/gif 151.101.112.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/QBMlVwr.gif

Requested by

Host: sasco3.site
URL: http://sasco3.site/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

7acbbb5195aef1fa4f44723f0eee5094c3781e7c1def290cc05a87beed3f96da

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://sasco3.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 17:45:22 GMT
x-content-type-options: nosniff
age: 3585035
x-cache: HIT, HIT
content-length: 7985
x-served-by: cache-iad-kjyo7100167-IAD, cache-hhn4023-HHN
last-modified: Sat, 14 Aug 2021 03:20:11 GMT
server: cat factory 1.0
x-timer: S1664300722.157524,VS0,VE19
etag: "a070531e871ead721162f9f26b5c2aec"
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

POST
H/1.1 200
OK re.php Show response
sasco3.site/ 126 B
366 B 27ms
26ms Document
text/html 212.83.130.206
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: http://sasco3.site/re.php
Protocol: HTTP/1.1
Server: 212.83.130.206 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 212-83-130-206.rev.poneytelecom.eu
Software: / PHP/7.4.30
Resource Hash: 241fa34f8dea62e6b7e7142b31395cad9227d290d040c1c985c92ccacc9c77d5

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: http://sasco3.site
Referer: http://sasco3.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-encoding: gzip
content-length: 120
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 17:45:24 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.30

GET
H/1.1 200
OK fc.php Show response
sasco3.site/ 124 B
370 B 24ms
24ms Document
text/html 212.83.130.206
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: http://sasco3.site/fc.php
Requested by: Host: sasco3.site
URL: http://sasco3.site/
Protocol: HTTP/1.1
Server: 212.83.130.206 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 212-83-130-206.rev.poneytelecom.eu
Software: / PHP/7.4.30
Resource Hash: c1226ceaac5f277b367d6b99b41f14e4c5cc1bba6a4d0b22df7a73a31c962443

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-encoding: gzip
content-length: 124
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 17:45:24 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.30

GET
H2

200

Primary Request bPedfN5d Show response
wordcounter.icu/
Redirect Chain

https://uii.io/bPedfN5d
https://wordcounter.icu/bPedfN5d

17 KB
7 KB

709ms
603ms

Document
text/html

2a06:98c1:3120::c

General

Check archive.org

Show headers Download Go to

Full URL

https://wordcounter.icu/bPedfN5d

Requested by

Host: sasco3.site
URL: http://sasco3.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::c -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

e72ce70e26a1a189b8223cee69d1b7404d4fa3a54c310689c78b8b2fafed230f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://sasco3.site/fc.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 75160d8d7992cb9c-VIE
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 17:45:25 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlRLIhNpBthFVvrR%2B46fKux7NrlPqWFmM3Nn%2FthLVtviQV%2BGLkG0n6bS2W1SttgLWSkXt%2BjbErm1wIgTE2zDoXoF20wfaNG4%2FSVbNdz3zXNlPxaU1Vgp%2BfdMwj20fo5uKHjHv3XyHF33KyPACUk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 75160d898e4fd55c-CDG
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 17:45:25 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://wordcounter.icu/bPedfN5d
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8UxKfeae4P35w%2F3%2FL8WZtrLRgMtqr%2FZ30dGFEttPfS8gkHiRtwF129KiTfD2553FMveVbZ4rQh3jdK%2B%2BipMq8neGI5Kkf%2FGMsWvN9iarSFovigavV7qw8uZPoEspdhYT4DvgtSQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
vary: User-Agent,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block

GET fontawesome-webfont.woff2
wordcounter.icu/new_theme/build/fonts/ 0
0

GET link.css
wordcounter.icu/new_theme/build/css/ 0
0

GET fuse.js
cdn.fuseplatform.net/publift/tags/2/2361/ 0
0

GET ads.js
wordcounter.icu/js/ 0
0

GET
H2 200 script.min.js
wordcounter.icu/new_theme/build/js/ 206 KB
0 48ms
47ms Script
application/javascript 2a06:98c1:3120::c

General

Check archive.org

Show headers Download Go to

Full URL

https://wordcounter.icu/new_theme/build/js/script.min.js?ver=6.5.3

Requested by

Host: wordcounter.icu
URL: https://wordcounter.icu/bPedfN5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::c -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://wordcounter.icu/bPedfN5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 17:45:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 567047
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 63923
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Mar 2022 15:45:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN,SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U5oiA40%2FsXEaKggIqiDaaPQ1XLXKulv8WDmGs6tkB8HI%2B%2B%2By5lRUkE6X7WrNPtOiHt0aYHnna3TZ1S4LC6LRyAcP2128bNRvNYCdXo9DDl0rRIZmrn0jQETrWhZbTWV9DgVw1H9VaWPr3liRLcc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
vary: Accept-Encoding,User-Agent
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 75160d913dbfcb9c-VIE
expires: Tue, 11 Oct 2022 16:43:20 GMT

GET ga.js
wordcounter.icu/js/ 0
0

GET invoke.js
stickervillain.com/f4b1ca9d58a479bcfd46c3e000d1beb0/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: wordcounter.icu
URL: https://wordcounter.icu/new_theme/build/fonts/fontawesome-webfont.woff2

Domain: wordcounter.icu
URL: https://wordcounter.icu/new_theme/build/css/link.css?ver=6.5.3

Domain: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2361/fuse.js

Domain: wordcounter.icu
URL: https://wordcounter.icu/js/ads.js?ver=6.5.3

Domain: wordcounter.icu
URL: https://wordcounter.icu/js/ga.js

Domain: stickervillain.com
URL: https://stickervillain.com/f4b1ca9d58a479bcfd46c3e000d1beb0/invoke.js

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			uii.io/	1969-12-31 23:59:59	Name: AppSession Value: 826c345c3f290cadaf8a013838bac6f4
			uii.io/	1969-12-31 23:59:59	Name: csrfToken Value: ebcaeffb5a78cc247afb29e528738bef7264d9693b3a8c2053685690a138d17991edd0b4d1f0ec329a7cba8e222d44bb23e1a0620e5f3f8592f1522cd0276e82

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.fuseplatform.net
i.imgur.com
sasco3.site
stickervillain.com
uii.io
wordcounter.icu
cdn.fuseplatform.net
stickervillain.com
wordcounter.icu
151.101.112.193
212.83.130.206
2606:4700:3036::ac43:af0d
2a06:98c1:3120::c
1cb5619939e0f4081c705f24b98a26ecd8fbcff72addd2a8581cdcfe8ea64238
241fa34f8dea62e6b7e7142b31395cad9227d290d040c1c985c92ccacc9c77d5
7acbbb5195aef1fa4f44723f0eee5094c3781e7c1def290cc05a87beed3f96da
c1226ceaac5f277b367d6b99b41f14e4c5cc1bba6a4d0b22df7a73a31c962443
e72ce70e26a1a189b8223cee69d1b7404d4fa3a54c310689c78b8b2fafed230f

wordcounter.icu Open in urlscan Pro 2a06:98c1:3120::c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

12 Requests

25 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

4 IPs

3 Countries

16 kBTransfer

231 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

2 Cookies

Indicators

wordcounter.icu Open in urlscan Pro
2a06:98c1:3120::c Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

25 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

4
IPs

3
Countries

16 kB
Transfer

231 kB
Size

2
Cookies

12 HTTP transactions
0 data transactions