rtbbnr.com
Open in
urlscan Pro
2a01:4f8:252:564d::2
Public Scan
Submitted URL: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjo0MDEsInNpdGVfaWQiOjQ3MjAwMzQxLCJ0eXBlI...
Effective URL: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjo0MDEsInNpdGVfaWQiOjQ3MjAwMzQxLCJ0eXBlI...
Submission: On February 14 via manual from BG — Scanned from DE
Effective URL: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjo0MDEsInNpdGVfaWQiOjQ3MjAwMzQxLCJ0eXBlI...
Submission: On February 14 via manual from BG — Scanned from DE
Summary
This website contacted 4 IPs
in 2 countries
across 3 domains to perform 4 HTTP transactions.
The main IP is 2a01:4f8:252:564d::2, located in
Germany and
belongs to HETZNER-AS, DE.
The main domain is rtbbnr.com.
The Cisco Umbrella rank of the primary domain is 35918.
TLS certificate: Issued by R3 on February 8th 2022. Valid for: 3 months.
This is the only time rtbbnr.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on February 8th 2022. Valid for: 3 months.
This is the only time rtbbnr.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 2a01:4f8:252:... 2a01:4f8:252:564d::2 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 | 2a06:98c1:312... 2a06:98c1:3120::7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 136.243.75.209 136.243.75.209 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 | 67.27.158.121 67.27.158.121 | 3356 (LEVEL3) (LEVEL3) | |
| 4 | 4 |
1
136.243.75.209
(Germany)
ASN24940 (HETZNER-AS, DE)
PTR: static.209.75.243.136.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.209.75.243.136.clients.your-server.de
| pxl.tsyndicate.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
tsyndicate.com
pxl.tsyndicate.com — Cisco Umbrella Rank: 18990 lcdn.tsyndicate.com — Cisco Umbrella Rank: 15631 |
23 KB |
| 2 |
rtbbnr.com
1 redirects
rtbbnr.com — Cisco Umbrella Rank: 35918 |
3 KB |
| 1 |
hostave3.net
preroll.hostave3.net — Cisco Umbrella Rank: 123357 |
678 B |
| 4 | 3 |
| Domain | Requested by | |
|---|---|---|
| 2 | rtbbnr.com | 1 redirects |
| 1 | lcdn.tsyndicate.com |
rtbbnr.com
|
| 1 | pxl.tsyndicate.com |
rtbbnr.com
|
| 1 | preroll.hostave3.net |
rtbbnr.com
|
| 4 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| rtbbnr.com R3 |
2022-02-08 - 2022-05-09 |
3 months | crt.sh |
| tsyndicate.com R3 |
2022-02-12 - 2022-05-13 |
3 months | crt.sh |
| lcdn.tsyndicate.com Sectigo RSA Domain Validation Secure Server CA |
2021-02-26 - 2022-03-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjo0MDEsInNpdGVfaWQiOjQ3MjAwMzQxLCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6NDAxLCJpZHpvbmUiOjI4NzQzOTAsInpvbmUiOiJwcV9ob21lcGFkZV9jdWJlX2hlYWRfZGVza3RvcCIsImFkX3RhZ3MiOiJoYW5kam9iIiwidGl0bGUiOiJFbmpveWVkJTIwRnJlZSUyMFBvcm4lMjBIYW5kam9iJTIwQ2xpcHMiLCJzdWJpZCI6IjAiLCJtbyI6IiIsInZlIjoiIiwibGFiZWxzIjoiIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG0zIjoiIiwidXRtNCI6IiJ9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9fV0sInNpdGUiOnsiaWQiOiI0NzIwMDM0MSIsInBhZ2UiOiJodHRwcyUzQS8vcG9ybnEuY29tL2VuL2hhbmRqb2IvIn0sImRldmljZSI6eyJ3IjoxNjgwLCJoIjoxMDUwfSwidXNlciI6eyJpZCI6IjUzMjRhMzgzMDAyMTIxOTEyNjY1YzUyNWEzNjgzYjBkIn0sImV4dCI6eyJkdCI6MTY0NDg1NDYwMTg4Mn19
Frame ID: 828AD55A09F353BE3640C72312124CF2
Requests: 4 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://rtbbnr.com/banner/in/show/?mid=446024223&pid=0&site=47200341&sc=DE&usage_type=DCH&subid=0&sid=0&cid=10272&price=0&is_cpm=1&cpm=0.010472&ecpm=0.010472&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=pornq.com&hostname=auc-banner-hz-10&site_id=0&spot_id=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&burl=&pop_winurl=&ip=2001:1b60:1010:2:1011:8d9d:119f:c7f1&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&min_cpm=0.00725564&ttl=&space_id=401&banner_width=300&banner_height=250&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0 HTTP 302
- https://preroll.hostave3.net/notifications/zeropixel.png
4 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
rtbbnr.com/get/ |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
zeropixel.png
preroll.hostave3.net/notifications/ Redirect Chain
|
42 B 678 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
p.gif
pxl.tsyndicate.com/api/v1/p/ |
35 B 133 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
260fcad3e86383bc08e8902f1c1dbd6fa231ad.jpg
lcdn.tsyndicate.com/images/7/7/ |
23 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lcdn.tsyndicate.com
preroll.hostave3.net
pxl.tsyndicate.com
rtbbnr.com
136.243.75.209
2a01:4f8:252:564d::2
2a06:98c1:3120::7
67.27.158.121
26ef57798847764c77b12ca595804cec0a605e10659c2cb4cefa45d078f67f0a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
ba2454e600b3bf585c5b65317a487d8bce9928fddbf1503102735d069db285ba
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629