urlscan.io logo urlscan.io
SecurityTrails logo

pvtuhj.cfd Open in urlscan Pro
2606:4700:3033::ac43:b553  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://rohon.org/cjyrl4k.php?key=rpb9t5ajiokb9yv9fa02&e=82146-anYkPV4x2lGT6Ag_YCF6xoxO72HsAh&t1=ALL&t2=me&t3=77&t...
Effective URL: https://pvtuhj.cfd/_b8h1L700Iy/index.php?lpkey=16d6982b097e874d40&trkd=rohon.org&lpkey1=b4af12tc88p1mvr3c8&language...
Submission: On October 23 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 1 HTTP transactions. The main IP is 2606:4700:3033::ac43:b553, located in United States and belongs to CLOUDFLARENET, US. The main domain is pvtuhj.cfd.
TLS certificate: Issued by GTS CA 1P5 on October 4th 2023. Valid for: 3 months.
This is the only time pvtuhj.cfd was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 162.55.244.120 24940 (HETZNER-AS)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1
Apex Domain
Subdomains		 Transfer
1 pvtuhj.cfd
pvtuhj.cfd
577 B
1 rohon.org
rohon.org
830 B
1 2
Domain Requested by
1 pvtuhj.cfd
1 rohon.org 1 redirects
1 2

This site contains no links.

Subject Issuer Validity Valid
pvtuhj.cfd
GTS CA 1P5		 2023-10-04 -
2024-01-02		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pvtuhj.cfd/_b8h1L700Iy/index.php?lpkey=16d6982b097e874d40&trkd=rohon.org&lpkey1=b4af12tc88p1mvr3c8&language=de-DE&scanid=b4af12tc88p1mvr3c8&ip=80.255.10.203&t1=8&t2=ALL&t3=me&t4=1484&t5=77&dm=1&pbid=4160&uid=anYkPV4x2lGT6Ag_YCF6xoxO72HsAh&uclick=2tc88p1mvr&uclickhash=2tc88p1mvr-2tc88p1mvr-6o-qq-lpfe-2tb4-2tnt-1c5daa
Frame ID: 23497286298E0E98D9097CEC2AC652F6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://rohon.org/cjyrl4k.php?key=rpb9t5ajiokb9yv9fa02&e=82146-anYkPV4x2lGT6Ag_YCF6xoxO72HsAh&... HTTP 302
    https://pvtuhj.cfd/_b8h1L700Iy/index.php?lpkey=16d6982b097e874d40&trkd=rohon.org&lpkey1=b4af12t... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

1
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

1 kB
Transfer

0 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://rohon.org/cjyrl4k.php?key=rpb9t5ajiokb9yv9fa02&e=82146-anYkPV4x2lGT6Ag_YCF6xoxO72HsAh&t1=ALL&t2=me&t3=77&t4=ochre-gorilla&t5=papa-lis-krjwjl8ej2&t6=7664&t7=82146&t8=2&t9=anYkPV4x2lGT6Ag_YCF6xoxO72HsAh&t10=4160 HTTP 302
    https://pvtuhj.cfd/_b8h1L700Iy/index.php?lpkey=16d6982b097e874d40&trkd=rohon.org&lpkey1=b4af12tc88p1mvr3c8&language=de-DE&scanid=b4af12tc88p1mvr3c8&ip=80.255.10.203&t1=8&t2=ALL&t3=me&t4=1484&t5=77&dm=1&pbid=4160&uid=anYkPV4x2lGT6Ag_YCF6xoxO72HsAh&uclick=2tc88p1mvr&uclickhash=2tc88p1mvr-2tc88p1mvr-6o-qq-lpfe-2tb4-2tnt-1c5daa Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
pvtuhj.cfd/_b8h1L700Iy/
Redirect Chain
  • https://rohon.org/cjyrl4k.php?key=rpb9t5ajiokb9yv9fa02&e=82146-anYkPV4x2lGT6Ag_YCF6xoxO72HsAh&t1=ALL&t2=me&t3=77&t4=ochre-gorilla&t5=papa-lis-krjwjl8ej2&t6=7664&t7=82146&t8=2&t9=anYkPV4x2lGT6Ag_YCF...
  • https://pvtuhj.cfd/_b8h1L700Iy/index.php?lpkey=16d6982b097e874d40&trkd=rohon.org&lpkey1=b4af12tc88p1mvr3c8&language=de-DE&scanid=b4af12tc88p1mvr3c8&ip=80.255.10.203&t1=8&t2=ALL&t3=me&t4=1484&t5=77&...
149 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pvtuhj.cfd/_b8h1L700Iy/index.php?lpkey=16d6982b097e874d40&trkd=rohon.org&lpkey1=b4af12tc88p1mvr3c8&language=de-DE&scanid=b4af12tc88p1mvr3c8&ip=80.255.10.203&t1=8&t2=ALL&t3=me&t4=1484&t5=77&dm=1&pbid=4160&uid=anYkPV4x2lGT6Ag_YCF6xoxO72HsAh&uclick=2tc88p1mvr&uclickhash=2tc88p1mvr-2tc88p1mvr-6o-qq-lpfe-2tb4-2tnt-1c5daa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:b553 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
153c451633a57df91ea28057b5ba9bc2d57de5f9dd8eae18c3166baa2b90999a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
81ad41166fbc3802-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 23 Oct 2023 22:00:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aphUP8XxbpLgneQ2cqvwHQ6K6cLe3W8V%2FNNlwTYJzHJO57UMsu8HfQfNqy9n1Bb%2Bx%2FVj2ZrJ0RL4U0GmId0jr%2Bgyu8Kk6QqzsNqjYt2QejSoj0RmfAHoP79%2BeHKr5hpZXNvVNSGL%2B03o"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 23 Oct 2023 22:00:40 GMT
Location
https://pvtuhj.cfd/_b8h1L700Iy/index.php?lpkey=16d6982b097e874d40&trkd=rohon.org&lpkey1=b4af12tc88p1mvr3c8&language=de-DE&scanid=b4af12tc88p1mvr3c8&ip=80.255.10.203&t1=8&t2=ALL&t3=me&t4=1484&t5=77&dm=1&pbid=4160&uid=anYkPV4x2lGT6Ag_YCF6xoxO72HsAh&uclick=2tc88p1mvr&uclickhash=2tc88p1mvr-2tc88p1mvr-6o-qq-lpfe-2tb4-2tnt-1c5daa
Server
nginx/1.22.0
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Domain/Path Name / Value
rohon.org/ Name: uclick
Value: 2tc88p1mvr
rohon.org/ Name: uclickhash
Value: 2tc88p1mvr-2tc88p1mvr-6o-qq-lpfe-2tb4-2tnt-1c5daa

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pvtuhj.cfd
rohon.org
162.55.244.120
2606:4700:3033::ac43:b553
153c451633a57df91ea28057b5ba9bc2d57de5f9dd8eae18c3166baa2b90999a