promo.elontr.com
Open in
urlscan Pro
2606:4700:3037::6815:26f1
Public Scan
Effective URL: https://promo.elontr.com/casino-wheel?lang=tr&countryId=792¤cy=TRY&utm_source=198&utm_medium=&sub_id4=&sub_id5=&cli...
Submission Tags: phishingrod
Submission: On September 29 via api from DE — Scanned from NL
Summary
TLS certificate: Issued by WE1 on August 9th 2024. Valid for: 3 months.
This is the only time promo.elontr.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 37.252.15.57 37.252.15.57 | 58061 (SCALAXY-AS) (SCALAXY-AS) | |
1 | 2602:816:5001... 2602:816:5001::39 | 54113 (FASTLY) (FASTLY) | |
1 1 | 78.141.210.193 78.141.210.193 | 20473 (AS-VULTR) (AS-VULTR) | |
14 | 2606:4700:303... 2606:4700:3037::6815:26f1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:831::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.185.131 142.250.185.131 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
25 | 9 |
ASN20473 (AS-VULTR, US)
PTR: 78.141.210.193.vultrusercontent.com
click.eloncas.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
elontr.com
promo.elontr.com |
1 MB |
2 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3391 |
|
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46 |
2 KB |
1 |
gstatic.com
fonts.gstatic.com |
32 KB |
1 |
googlemetrics.com
googlemetrics.com |
|
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 57 |
102 KB |
1 |
eloncas.com
1 redirects
click.eloncas.com |
590 B |
1 |
newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 749 |
32 KB |
1 |
wicksisters.com
wicksisters.com |
25 KB |
0 |
nr-data.net
Failed
bam.nr-data.net Failed |
|
25 | 10 |
Domain | Requested by | |
---|---|---|
14 | promo.elontr.com |
wicksisters.com
promo.elontr.com |
2 | region1.google-analytics.com |
www.googletagmanager.com
|
2 | fonts.googleapis.com |
promo.elontr.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | googlemetrics.com |
promo.elontr.com
|
1 | www.googletagmanager.com |
promo.elontr.com
|
1 | click.eloncas.com | 1 redirects |
1 | js-agent.newrelic.com |
wicksisters.com
|
1 | wicksisters.com | |
0 | bam.nr-data.net Failed |
wicksisters.com
|
25 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
wicksisters.com E5 |
2024-09-28 - 2024-12-27 |
3 months | crt.sh |
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1 |
2024-03-21 - 2025-04-22 |
a year | crt.sh |
elontr.com WE1 |
2024-08-09 - 2024-11-07 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-08-26 - 2024-11-18 |
3 months | crt.sh |
*.google-analytics.com WR2 |
2024-08-26 - 2024-11-18 |
3 months | crt.sh |
googlemetrics.com WE1 |
2024-09-03 - 2024-12-02 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-08-26 - 2024-11-18 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://promo.elontr.com/casino-wheel?lang=tr&countryId=792¤cy=TRY&utm_source=198&utm_medium=&sub_id4=&sub_id5=&clickid=01923bb5-1174-7067-b191-afa7b316e802
Frame ID: A6CA2D7E84BC16080C6C11D04E002929
Requests: 24 HTTP requests in this frame
Frame:
https://googlemetrics.com/eljk3jd8j3kl98kl37jsnk3k/
Frame ID: 76885A518A6F935BEB7DF900A655F283
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
ELONPage URL History Show full URLs
- https://wicksisters.com/ Page URL
-
https://click.eloncas.com/FAcIOsAt?landing=89
HTTP 302
https://promo.elontr.com/casino-wheel?lang=tr&countryId=792¤cy=TRY&utm_source=198&utm_medium=&s... Page URL
Detected technologies
Google Analytics (Analytics) ExpandDetected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://wicksisters.com/ Page URL
-
https://click.eloncas.com/FAcIOsAt?landing=89
HTTP 302
https://promo.elontr.com/casino-wheel?lang=tr&countryId=792¤cy=TRY&utm_source=198&utm_medium=&sub_id4=&sub_id5=&clickid=01923bb5-1174-7067-b191-afa7b316e802 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
wicksisters.com/ |
62 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nr-spa-1.265.1.min.js
js-agent.newrelic.com/ |
109 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
casino-wheel
promo.elontr.com/ Redirect Chain
|
548 B 818 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
wicksisters.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
NRJS-70d296500a1ce2f6999
bam.nr-data.net/1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
speculation
promo.elontr.com/cdn-cgi/ |
128 B 469 B |
Other
application/speculationrules+json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.64e2ac6d.js
promo.elontr.com/static/js/ |
1 MB 348 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.dabe7e33.css
promo.elontr.com/static/css/ |
45 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
7 KB 783 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
3 KB 989 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
305 KB 102 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googlemetrics.com/eljk3jd8j3kl98kl37jsnk3k/ Frame 7688 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ |
32 KB 32 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr.json
promo.elontr.com/languages/ |
3 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
elon.theme.json
promo.elontr.com/promo-themes/ |
3 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
elon.svg
promo.elontr.com/images/logo/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sparks.png
promo.elontr.com/images/wheel/ |
625 KB 626 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wheelBorder.png
promo.elontr.com/images/wheel/ |
135 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
disk.png
promo.elontr.com/images/wheel/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
button.png
promo.elontr.com/images/wheel/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
coins.png
promo.elontr.com/images/wheel/ |
102 KB 102 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chips.png
promo.elontr.com/images/wheel/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
elon.ico
promo.elontr.com/ |
548 B 497 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- wicksisters.com
- URL
- https://wicksisters.com/favicon.ico
- Domain
- bam.nr-data.net
- URL
- https://bam.nr-data.net/1/NRJS-70d296500a1ce2f6999?a=1527573371&v=1.265.1&to=YgFTNhADC0BUARZYX1tLcAEWCwpdGiMSQWx9EEUSPiEKXUEQDV1cUBZCPjAHAVpHBwFFc1oKRRANDglWRyIQVFRcFlQBFg%3D%3D&rst=210&ck=0&s=cbbc0a78e41c4560&ref=https://wicksisters.com/&ptid=1ce37d755b9d1592&af=err,spa,xhr,stn,ins&ap=13&be=108&fe=33&dc=31&at=TkZQQFgZGE4%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1727578574980,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:20,%22c%22:20,%22s%22:37,%22ce%22:58,%22rq%22:58,%22rp%22:108,%22rpe%22:129,%22di%22:139,%22ds%22:139,%22de%22:139,%22dc%22:139,%22l%22:139,%22le%22:141%7D,%22navigation%22:%7B%7D%7D
Verdicts & Comments Add Verdict or Comment
10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| webpackChunkmy_app number| 2f1acc6c3a606b082e5eef5e54414ffb object| dataLayer function| gtag function| getState object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal14 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
promo.elontr.com/ | Name: languages Value: tr |
|
.elontr.com/ | Name: languages Value: tr |
|
promo.elontr.com/ | Name: lang Value: tr |
|
.elontr.com/ | Name: lang Value: tr |
|
promo.elontr.com/ | Name: countryId Value: 792 |
|
.elontr.com/ | Name: countryId Value: 792 |
|
promo.elontr.com/ | Name: currency Value: TRY |
|
.elontr.com/ | Name: currency Value: TRY |
|
promo.elontr.com/ | Name: utm_source Value: 198 |
|
.elontr.com/ | Name: utm_source Value: 198 |
|
promo.elontr.com/ | Name: clickid Value: 01923bb5-1174-7067-b191-afa7b316e802 |
|
.elontr.com/ | Name: clickid Value: 01923bb5-1174-7067-b191-afa7b316e802 |
|
.elontr.com/ | Name: _ga Value: GA1.1.1915717081.1727578576 |
|
.elontr.com/ | Name: _ga_05RT5DLDZN Value: GS1.1.1727578576.1.1.1727578576.0.0.0 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bam.nr-data.net
click.eloncas.com
fonts.googleapis.com
fonts.gstatic.com
googlemetrics.com
js-agent.newrelic.com
promo.elontr.com
region1.google-analytics.com
wicksisters.com
www.googletagmanager.com
bam.nr-data.net
wicksisters.com
142.250.185.131
2001:4860:4802:32::36
2602:816:5001::39
2606:4700:3037::6815:26f1
2a00:1450:4001:806::200a
2a00:1450:4001:831::2008
2a06:98c1:3120::3
37.252.15.57
78.141.210.193
018f7df426108cc6b8e2ec892c78d7c845fcbb8a27f3712d5f0e213093d43f91
03aaf77a942f8b02303e8795cf2c6e137ce077206a73c14f7f4395b3f81857d5
09962bfecadb73adaf9f77d1e0b1afa6d0fffd9b77714de4affae10ba16de3ee
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
175fd6e6af282e0c5f7f0d0565b1eddf633e903cac1a97c87d73d1a978e6f48a
2c3bdfd6e264ec2cecebfc590fa736165a98f92be8ed035e411c26c336cb41a1
7e598e91e0bfce4227e1acb5e3a1d48dae46b2067e74397cc47a2d47d661cc34
88561ffdd394b8b57c6ce060da3628a6183aeec5c7c797be6994261b69e299b1
9a6aa59bafb9bfec94bdf996ecb596c0a42e632525f6a15e1c2132b1813e7122
b363e744cf514a875e5ddf8d6e140c4ad40fc0ba0866d43d5b726b6f906c3bac
b539d815ec173b90f3a2f06e09774f37a33555f56ac590c90c9610aa91fa210f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c8010d3a757c3f42ead7516beab00bc4d23f74b75513c9f5a2d8bffaed58a19e
c82ea9208632cdc17987bf9c05f19bc545d92bfcb37fd28637672e2473c347f1
d24adbd0b50585fc986072c7a5fe8eb9707efb258e0ab94c05dce8ffae8f9357
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
e3aeb2072b5da16570c0e93d0454bbdf527c9d3b5c5c57388d0b7656a4fad085
f503653c2094b508edab66bab103c495ae2af1456aea6c71f8dbcfb9a17e44d7
f7e6765a40d376f8e5cf8f5be4ad2225aa8845b858268fc02d9b50b7d855f4d8