fr2.readytocheckline.com Open in urlscan Pro
172.67.192.6 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://excelnews.com/
Effective URL:
https://fr2.readytocheckline.com/t2kf4F?ds=https://excelnews.com
Submission: On November 14 via api (November 14th 2024, 7:07:06 pm UTC) from BE — Scanned from AU

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 172.67.192.6, located in United States and belongs to . The main domain is fr2.readytocheckline.com. The Cisco Umbrella rank of the primary domain is 848550.
TLS certificate: Issued by WE1 on October 16th 2024. Valid for: 3 months.

This is the only time fr2.readytocheckline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	203.28.49.193 203.28.49.193	() ()
1	172.67.144.219 172.67.144.219	() ()
2	172.67.187.125 172.67.187.125	() ()
1	172.67.192.6 172.67.192.6	() ()
8	5

1 203.28.49.193 (Australia)

ASN- ()
PTR: ipcb1c31c1.ipv4.syd02.ds.network

excelnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.144.219 (United States)

ASN- ()

records.perfectlinestarter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.187.125 (United States)

ASN- ()

rain.recordsbluemountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ports.recordsbluemountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.192.6 (United States)

ASN- ()

fr2.readytocheckline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	recordsbluemountain.com rain.recordsbluemountain.com ports.recordsbluemountain.com — Cisco Umbrella Rank: 753812	13 KB
1	readytocheckline.com fr2.readytocheckline.com — Cisco Umbrella Rank: 848550 Failed fr1.readytocheckline.com Failed	1 KB
1	perfectlinestarter.com records.perfectlinestarter.com	7 KB
1	excelnews.com excelnews.com	2 KB
8	4

	Domain	Requested by
1	fr2.readytocheckline.com	ports.recordsbluemountain.com
1	ports.recordsbluemountain.com	rain.recordsbluemountain.com
1	rain.recordsbluemountain.com	records.perfectlinestarter.com
1	records.perfectlinestarter.com	excelnews.com
1	excelnews.com
0	fr1.readytocheckline.com Failed	fr2.readytocheckline.com
8	6

This site contains no links.

Subject Issuer	Validity	Valid
cpcontacts.excelnews.com R11	`2024-11-13` - `2025-02-11`	3 months	crt.sh
perfectlinestarter.com WE1	`2024-11-09` - `2025-02-07`	3 months	crt.sh
recordsbluemountain.com WE1	`2024-11-12` - `2025-02-10`	3 months	crt.sh
readytocheckline.com WE1	`2024-10-16` - `2025-01-14`	3 months	crt.sh

This page contains 1 frames:

Frame: https://fr1.readytocheckline.com/ykDZbM
Frame ID: 88F05E8E975A898BD59243643C93B531
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://excelnews.com/ Page URL
https://fr2.readytocheckline.com/t2kf4F?ds=https://excelnews.com Page URL

Page Statistics

8
Requests

50 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

23 kB
Transfer

45 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://excelnews.com/ Page URL
https://fr2.readytocheckline.com/t2kf4F?ds=https://excelnews.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response excelnews.com/	4 KB 2 KB	1233ms 923ms	Document text/html	203.28.49.193
General Check archive.org Show headers Download Go to Full URL https://excelnews.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 203.28.49.193 , Australia, ASN (), Reverse DNS ipcb1c31c1.ipv4.syd02.ds.network Software Apache / PHP/7.4.33 Resource Hash `33ffb92569903dc2cc918661e1998cfd5a99d2a0ecdc7d22de0bf78f8531e42a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers content-encoding gzip content-length 2161 content-type text/html; charset=UTF-8 date Thu, 14 Nov 2024 19:06:50 GMT server Apache vary Accept-Encoding x-powered-by PHP/7.4.33
GET H3	200	run.js Show response records.perfectlinestarter.com/scripts/	14 KB 7 KB	178ms 13ms	Script application/javascript	172.67.144.219
General Check archive.org Show headers Download Go to Full URL https://records.perfectlinestarter.com/scripts/run.js Requested by Host: excelnews.com URL: https://excelnews.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.144.219 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash `9a40685fce981cd8015dd2003074cd5e93735de49a7126ebdad11d48644c9891` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://excelnews.com/ Response headers content-encoding gzip cf-cache-status HIT etag W/"66f11c2e-379d" age 195444 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ShckTBQDG%2FM8Ape77BGFlMvarU408uWh0xvNa0K9o%2FusdJZL0fkluFhFCLFbIb2KbMuXswR%2BpITeUNihebbImM1cOe4prNIAf0Y%2FLnEfEhFptCbqOhwkMfh6v%2B9U7KyWHH26ZfplsGQ2S7db9CtlJI%3D"}],"group":"cf-nel","max_age":604800} expires Thu, 31 Dec 2037 23:55:55 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=1891&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4197&recv_bytes=5581&delivery_rate=355367&cwnd=12000&unsent_bytes=0&cid=42df645953d2794b&ts=19&x=1", cfHdrFlush;dur=0 date Thu, 14 Nov 2024 19:06:52 GMT content-type application/javascript; charset=utf-8 last-modified Mon, 23 Sep 2024 07:43:42 GMT vary Accept-Encoding cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8e2947fb6a5eaae7-SYD server cloudflare
GET H3	200	8YkzBStf Show response rain.recordsbluemountain.com/	17 KB 8 KB	858ms 663ms	Script application/javascript	172.67.187.125
General Check archive.org Show headers Download Go to Full URL https://rain.recordsbluemountain.com/8YkzBStf?q=excelnews.com Requested by Host: records.perfectlinestarter.com URL: https://records.perfectlinestarter.com/scripts/run.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.187.125 , United States, ASN (), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash `b29b08cb9488b83bd0a39b97a45c4d1f2006f95064381cbf2f9c7be463027f75` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://excelnews.com/ Response headers cache-control no-cache, no-store, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4jve%2BiUJqx%2Bm20pmTzcwcbzxt2P%2FWZKAknERKHTI4VII3YvhkY0iv3jboIo0sADIr8nwSFglHU8RdkcJ2vfN%2B4k%2BqQ5RPAHb9v%2BFa5LtEEQPMgDOYQ5vzXshIGNBmbZNEpUkqa7fHQ%2FMRWnrOUY0"}],"group":"cf-nel","max_age":604800} cf-ray 8e2947fccad15d31-SYD expires Thu, 14 Nov 2024 19:06:52 GMT access-control-allow-origin * alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=1484&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4201&recv_bytes=5634&delivery_rate=1046&cwnd=12000&unsent_bytes=0&cid=41152a8cff31c5da&ts=667&x=1", cfHdrFlush;dur=0 date Thu, 14 Nov 2024 19:06:52 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding x-powered-by PHP/7.4.33 server cloudflare
GET H3	200	fZwMtj Show response ports.recordsbluemountain.com/	9 KB 5 KB	1537ms 1531ms	Script application/javascript	172.67.187.125
General Check archive.org Show headers Download Go to Full URL https://ports.recordsbluemountain.com/fZwMtj?dw=https://excelnews.com Requested by Host: rain.recordsbluemountain.com URL: https://rain.recordsbluemountain.com/8YkzBStf?q=excelnews.com Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.187.125 , United States, ASN (), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash `20397a889e6c0d5c7aeeed54e58079326bde7b083f88e0c0d9e7c31cc128e68e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://excelnews.com/ Response headers cache-control no-cache, no-store, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vNmCneI2KyCKNWidpGUctVOu2Q9HBYiX5X%2FEG5IGgFfyXdY5Vb3S8vfpkIj3svpBnipxMPC%2Brpn4Sphfx66IO06kz%2BRbcILVJ7mq6mXp27Obe1vLNew2km7qkTOzNdZtjrsGiNZBFBggr828QfLiCg%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8e2948011dab5d31-SYD expires Thu, 14 Nov 2024 19:06:54 GMT access-control-allow-origin * alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=1670&sent=22&recv=17&lost=0&retrans=0&sent_bytes=12877&recv_bytes=6136&delivery_rate=5295846&cwnd=12000&unsent_bytes=0&cid=41152a8cff31c5da&ts=2223&x=1", cfHdrFlush;dur=0 date Thu, 14 Nov 2024 19:06:54 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding x-powered-by PHP/7.4.33 server cloudflare
GET		t2kf4F fr2.readytocheckline.com/	0 0

GET		t2kf4F fr2.readytocheckline.com/	0 0

GET H2	200	Primary Request t2kf4F Show response fr2.readytocheckline.com/	644 B 1 KB	716ms 700ms	Document text/html	172.67.192.6
General Check archive.org Show headers Download Go to Full URL https://fr2.readytocheckline.com/t2kf4F?ds=https://excelnews.com Requested by Host: ports.recordsbluemountain.com URL: https://ports.recordsbluemountain.com/fZwMtj?dw=https://excelnews.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.192.6 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash `a0dc7360f2c75cb36e8eb34189ac84d3f4ee3104a323c0874c43a9cd50d35a3c` Request headers Referer https://excelnews.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 8e29480adb0c5d26-SYD content-encoding zstd content-type text/html; charset=utf-8 date Thu, 14 Nov 2024 19:06:55 GMT expires Thu, 14 Nov 2024 19:06:55 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JyQR8KJYoi0OGCjb82sMYxxvGv1JeyxsqHts86FsBaaOxNZQFHNnn8ehKq9lacDIwQ%2B3JxFf8PPJyIWHRpvEzs5a8QicBKjVZecH%2FSL8K6lDqnGmRWAfGjizHRu3Wx9Xr1XeR61Yj51v3XY%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=1139&sent=8&recv=12&lost=0&retrans=0&sent_bytes=4012&recv_bytes=2396&delivery_rate=3784482&cwnd=254&unsent_bytes=0&cid=c9dfb76114d5c9e8&ts=705&x=0" vary Accept-Encoding
GET		ykDZbM fr1.readytocheckline.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fr2.readytocheckline.com
URL: https://fr2.readytocheckline.com/t2kf4F?ds=https://excelnews.com

Domain: fr2.readytocheckline.com
URL: https://fr2.readytocheckline.com/t2kf4F?ds=https://excelnews.com

Domain: fr1.readytocheckline.com
URL: https://fr1.readytocheckline.com/ykDZbM

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| process

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			fr2.readytocheckline.com/	1970-01-21 01:44:49	Name: _subid Value: 1fd9mc41j3aoi
			fr2.readytocheckline.com/	1970-01-21 01:01:37	Name: 7b22a Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM0XCI6MTczMTYxMTIxNX0sXCJjYW1wYWlnbnNcIjp7XCI0XCI6MTczMTYxMTIxNX0sXCJ0aW1lXCI6MTczMTYxMTIxNX0ifQ.KPE_uncX-iAvFeyKh-ppZdNhYWpV6M__XMOgcN_g6Rk

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

excelnews.com
fr1.readytocheckline.com
fr2.readytocheckline.com
ports.recordsbluemountain.com
rain.recordsbluemountain.com
records.perfectlinestarter.com
fr1.readytocheckline.com
fr2.readytocheckline.com
172.67.144.219
172.67.187.125
172.67.192.6
203.28.49.193
20397a889e6c0d5c7aeeed54e58079326bde7b083f88e0c0d9e7c31cc128e68e
33ffb92569903dc2cc918661e1998cfd5a99d2a0ecdc7d22de0bf78f8531e42a
9a40685fce981cd8015dd2003074cd5e93735de49a7126ebdad11d48644c9891
a0dc7360f2c75cb36e8eb34189ac84d3f4ee3104a323c0874c43a9cd50d35a3c
b29b08cb9488b83bd0a39b97a45c4d1f2006f95064381cbf2f9c7be463027f75

fr2.readytocheckline.com Open in urlscan Pro 172.67.192.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

8 Requests

50 %HTTPS

0 %IPv6

4 Domains

6 Subdomains

5 IPs

2 Countries

23 kBTransfer

45 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

2 Cookies

Indicators

fr2.readytocheckline.com Open in urlscan Pro
172.67.192.6 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

50 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

23 kB
Transfer

45 kB
Size

2
Cookies

8 HTTP transactions
0 data transactions