urlscan.io logo urlscan.io
SecurityTrails logo

sadkush34.xyz Open in urlscan Pro
143.244.200.181  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/Lc61XoCGLD
Effective URL: http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
Submission: On September 11 via manual from ZA — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 7 domains to perform 6 HTTP transactions. The main IP is 143.244.200.181, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is sadkush34.xyz. The Cisco Umbrella rank of the primary domain is 633326.
This is the only time sadkush34.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.197 13414 (TWITTER)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 67.199.248.11 396982 (GOOGLE-CL...)
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 1 134.209.129.56 14061 (DIGITALOC...)
3 143.244.200.181 14061 (DIGITALOC...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
6 4
1    104.244.42.197 (United States)

ASN13414 (TWITTER, US)
t.co
1    2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
doan9load.blogspot.com
1    67.199.248.11 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly
bit.ly
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
downlo-adsdow.store
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
downlo-adsdow.store
1    134.209.129.56 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
traffic-metacpa.com
3    143.244.200.181 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sadkush34.xyz
1    2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
Apex Domain
Subdomains		 Transfer
3 sadkush34.xyz
sadkush34.xyz — Cisco Umbrella Rank: 633326
319 KB
2 downlo-adsdow.store
downlo-adsdow.store
2 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 820
30 KB
1 traffic-metacpa.com
traffic-metacpa.com — Cisco Umbrella Rank: 508665
224 B
1 bit.ly
bit.ly — Cisco Umbrella Rank: 6598
322 B
1 blogspot.com
doan9load.blogspot.com
16 KB
1 t.co
t.co — Cisco Umbrella Rank: 580
550 B
6 7
Domain Requested by
3 sadkush34.xyz doan9load.blogspot.com
sadkush34.xyz
2 downlo-adsdow.store 2 redirects
1 code.jquery.com sadkush34.xyz
1 traffic-metacpa.com 1 redirects
1 bit.ly 1 redirects
1 doan9load.blogspot.com t.co
1 t.co
6 7

This site contains no links.

Subject Issuer Validity Valid
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
misc-sni.blogspot.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh

This page contains 1 frames:

Primary Page: http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
Frame ID: 8FBD0BA4A4DEF72AEC94CE50666A4611
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Win iphone Prize | sadkush34

Page URL History Show full URLs

  1. https://t.co/Lc61XoCGLD Page URL
  2. https://doan9load.blogspot.com/ Page URL
  3. https://bit.ly/3EmfgAV HTTP 301
    http://downlo-adsdow.store/cl/f962f42ce47c4b54?p1=&p2=&source=twitter&site=1234 HTTP 301
    https://downlo-adsdow.store/cl/f962f42ce47c4b54?p1=&p2=&source=twitter&site=1234 HTTP 302
    https://traffic-metacpa.com/trclck?hash=753&pid=1034&aid=40622&keyword=4961409180&keyword3=372328 HTTP 302
    http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

50 %
HTTPS

50 %
IPv6

7
Domains

7
Subdomains

4
IPs

3
Countries

366 kB
Transfer

483 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/Lc61XoCGLD Page URL
  2. https://doan9load.blogspot.com/ Page URL
  3. https://bit.ly/3EmfgAV HTTP 301
    http://downlo-adsdow.store/cl/f962f42ce47c4b54?p1=&p2=&source=twitter&site=1234 HTTP 301
    https://downlo-adsdow.store/cl/f962f42ce47c4b54?p1=&p2=&source=twitter&site=1234 HTTP 302
    https://traffic-metacpa.com/trclck?hash=753&pid=1034&aid=40622&keyword=4961409180&keyword3=372328 HTTP 302
    http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Lc61XoCGLD
t.co/ 		248 B
550 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/Lc61XoCGLD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
177
content-type
text/html; charset=utf-8
date
Mon, 11 Sep 2023 14:26:43 GMT
expires
Mon, 11 Sep 2023 14:31:44 GMT
perf
7626143928
server
tsa_o
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
820ddda764f627e7eb50e236aa04e3eaf5c3bbb8c17ff1679fd7e9b267d593c0
x-response-time
120
x-transaction-id
ed80533941c9ef3d
x-xss-protection
0
/
doan9load.blogspot.com/ 		72 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://doan9load.blogspot.com/
Requested by
Host: t.co
URL: https://t.co/Lc61XoCGLD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://t.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
gzip
content-length
15605
content-security-policy
upgrade-insecure-requests
content-security-policy-report-only
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://www.blogger.com/cspreport
content-type
text/html; charset=UTF-8
date
Mon, 11 Sep 2023 14:26:44 GMT
etag
W/"e9d83de64577c6315a2190c9365029b0c457e5381ba719a6e6a7526b573d9a90"
expires
Mon, 11 Sep 2023 14:26:44 GMT
last-modified
Fri, 01 Sep 2023 19:44:34 GMT
report-to
{"group":"blogspot","max_age":2592000,"endpoints":[{"url":"https://www.blogger.com/cspreport"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
Primary Request 1030
sadkush34.xyz/
Redirect Chain
  • https://bit.ly/3EmfgAV
  • http://downlo-adsdow.store/cl/f962f42ce47c4b54?p1=&p2=&source=twitter&site=1234
  • https://downlo-adsdow.store/cl/f962f42ce47c4b54?p1=&p2=&source=twitter&site=1234
  • https://traffic-metacpa.com/trclck?hash=753&pid=1034&aid=40622&keyword=4961409180&keyword3=372328
  • http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
Requested by
Host: doan9load.blogspot.com
URL: https://doan9load.blogspot.com/
Protocol
HTTP/1.1
Server
143.244.200.181 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/ Express
Resource Hash
5c915a72dc6cf285aa6d3b4673054d25935295fc94c0c7c889902247c67248d9

Request headers

Referer
https://doan9load.blogspot.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 11 Sep 2023 14:26:45 GMT
etag
W/"2714-iEF2+Vp5PNVfaLkqR11wuktyALs"
transfer-encoding
chunked
vary
Accept-Encoding
x-powered-by
Express

Redirect headers

date
Mon, 11 Sep 2023 14:26:45 GMT
location
http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
server
nginx/1.18.0 (Ubuntu)
transfer-encoding
chunked
x-powered-by
Express
iphone-14.png
sadkush34.xyz/images/ 		288 KB
289 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sadkush34.xyz/images/iphone-14.png
Requested by
Host: sadkush34.xyz
URL: http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
Protocol
HTTP/1.1
Server
143.244.200.181 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/ Express
Resource Hash
28ecb3d98a60d719cd208d83074d6c62f0755549c526a03d334c06b23c0d0f8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 14:26:45 GMT
last-modified
Mon, 17 Apr 2023 14:24:29 GMT
x-powered-by
Express
etag
W/"4818a-1878f9a5697"
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
content-length
295306
winner-gift.png
sadkush34.xyz/images/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sadkush34.xyz/images/winner-gift.png
Requested by
Host: sadkush34.xyz
URL: http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
Protocol
HTTP/1.1
Server
143.244.200.181 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/ Express
Resource Hash
62c5aaf2c5588c5831b139ebd318d3f4cff8c9694aa2d989b388d3f7f9315275

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 14:26:45 GMT
last-modified
Sun, 18 Sep 2022 18:43:14 GMT
x-powered-by
Express
etag
W/"6ab0-18351e96801"
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
content-length
27312
jquery-3.4.1.min.js
code.jquery.com/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: sadkush34.xyz
URL: http://sadkush34.xyz/1030?id=61b191e9-984a-46ff-8937-fb22b729c132&h=753
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Referer
http://sadkush34.xyz/
Origin
http://sadkush34.xyz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 11 Sep 2023 14:26:45 GMT
content-encoding
gzip
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
etag
W/"28feccc0-15851"
vary
Accept-Encoding
x-hw
1694442405.dop209.am5.t,1694442405.cds015.am5.hn,1694442405.cds296.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30638

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| ajax_call function| hitthelist string| pm_pid function| generateUkid function| sendmessage function| redirecting function| becreative

4 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: 41a10416-68b6-4b4e-80f6-01e89ad9e37a
.bit.ly/ Name: _bit
Value: n8beqI-9698b15a0fb5b58665-00X
downlo-adsdow.store/ Name: sbcf962f42ce47c4b54
Value: eyJpdiI6IklBNGh4MTNXd3pWZlc0dWhKUlhueUE9PSIsInZhbHVlIjoiZWVFWFZLSTdPamFEdXprKy83K1VMZz09IiwibWFjIjoiM2E4N2E3M2RmODFkYTU2Yzc0M2M3MDhlZjZhMWNmZGIwOWYxMzhmYjQ0M2RkM2FjNGY0ZDdlMjRlNmIwYmUxOSIsInRhZyI6IiJ9
downlo-adsdow.store/ Name: vis
Value: eyJpdiI6ImlHZUFXekhBU3V0d0lYS3VwRlhuREE9PSIsInZhbHVlIjoiWEFUekF1SGhUZndWblFSeVp4REhUdz09IiwibWFjIjoiMDA3ZTU4NjM4MDQxYjZhZDdmN2YwMDc1ZTA2YTA4NDY4YjhlYjM1MzA4OTBmYmZlMjVlNTRmOTY1NWMwYTNkOCIsInRhZyI6IiJ9

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0