urlscan.io logo urlscan.io
SecurityTrails logo

promeditation.ru Open in urlscan Pro
188.114.97.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://go-site.fun/?invite=vPDn9ng
Effective URL: https://promeditation.ru/payment?invite=vPDn9ng
Submission Tags: @phish_report
Submission: On August 14 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 8 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is promeditation.ru.
TLS certificate: Issued by WE1 on August 11th 2024. Valid for: 3 months.
This is the only time promeditation.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 172.67.162.2 13335 (CLOUDFLAR...)
4 188.114.97.3 13335 (CLOUDFLAR...)
1 104.20.91.134 13335 (CLOUDFLAR...)
1 142.250.185.106 15169 (GOOGLE)
2 172.67.213.233 13335 (CLOUDFLAR...)
8 4
1    172.67.162.2 (United States)

ASN13335 (CLOUDFLARENET, US)
go-site.fun
4    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
promeditation.ru
1    104.20.91.134 (None, )

ASN13335 (CLOUDFLARENET, US)
widget.cloudpayments.ru
1    142.250.185.106 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f10.1e100.net
fonts.googleapis.com
2    172.67.213.233 (United States)

ASN13335 (CLOUDFLARENET, US)
salfetka-partners.ru
Apex Domain
Subdomains		 Transfer
4 promeditation.ru
promeditation.ru
110 KB
2 salfetka-partners.ru
salfetka-partners.ru
583 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
913 B
1 cloudpayments.ru
widget.cloudpayments.ru — Cisco Umbrella Rank: 214601
49 KB
1 go-site.fun
go-site.fun
629 B
8 5
Domain Requested by
4 promeditation.ru promeditation.ru
2 salfetka-partners.ru promeditation.ru
1 fonts.googleapis.com promeditation.ru
1 widget.cloudpayments.ru promeditation.ru
1 go-site.fun 1 redirects
8 5

This site contains no links.

Subject Issuer Validity Valid
promeditation.ru
WE1		 2024-08-11 -
2024-11-09		 3 months crt.sh
*.cloudpayments.ru
GlobalSign RSA OV SSL CA 2018		 2024-06-24 -
2025-07-26		 a year crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
salfetka-partners.ru
WE1		 2024-06-29 -
2024-09-27		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://promeditation.ru/payment?invite=vPDn9ng
Frame ID: B651427FD73C0C58D71657B9F8373C98
Requests: 7 HTTP requests in this frame

Frame: https://salfetka-partners.ru/landings/vPDn9ng
Frame ID: 90CFBB4B5E7D263A4FDA616C76482201
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Promeditation

Page URL History Show full URLs

  1. https://go-site.fun/?invite=vPDn9ng HTTP 301
    https://promeditation.ru/payment?invite=vPDn9ng Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

161 kB
Transfer

449 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://go-site.fun/?invite=vPDn9ng HTTP 301
    https://promeditation.ru/payment?invite=vPDn9ng Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request payment
promeditation.ru/
Redirect Chain
  • https://go-site.fun/?invite=vPDn9ng
  • https://promeditation.ru/payment?invite=vPDn9ng
548 B
709 B 		Document
General
Check archive.org
Download Go to
Full URL
https://promeditation.ru/payment?invite=vPDn9ng
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9e394a0ea33719a5e755ab468b475ddb072129892bec70cdd63b5328c726bb0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8b33a8791c6d56c5-OSL
content-encoding
br
content-type
text/html
date
Wed, 14 Aug 2024 20:22:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O90NQlcRh11X%2FC72UuXBSHaRYfMi9%2FREOu%2B47CQYL5JEXQRO7FVZa1si0KIgW3koM5MPwpzcGh3A9vl1WRyVtCP65aFbZPQRn%2B1I95PSBlFhDBO6O4LWmNOE%2BJaeljBJ8%2FCK"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

cache-control
max-age=3600
cf-ray
8b33a873cc3f712b-OSL
content-length
167
content-type
text/html
date
Wed, 14 Aug 2024 20:22:37 GMT
expires
Wed, 14 Aug 2024 21:22:37 GMT
location
https://promeditation.ru/payment?invite=vPDn9ng
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JxsPdb88CpKvm%2BtxSijeko928dt%2Fnoz2Ugwzy36Y4lYBf5%2BrYuqfKzdfVQtQpC8S7j9hovTe7jceh6OL5k52B5X4ibyyFdffjb%2Fp0fhHtJBYymFB0gQI%2BuvAr2avpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
index-SH6LadzY.js
promeditation.ru/assets/ 		304 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promeditation.ru/assets/index-SH6LadzY.js
Requested by
Host: promeditation.ru
URL: https://promeditation.ru/payment?invite=vPDn9ng
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79e57f4f10b680393a68be23f23b6b8aa08507090ead52c44f2f6067db86398a

Request headers

Referer
https://promeditation.ru/payment?invite=vPDn9ng
Origin
https://promeditation.ru
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 14 Aug 2024 20:22:38 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 02 Aug 2024 05:49:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2778
etag
W/"311481-1722577762000"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TV3iwBfIB4M3Q%2BHEoFTZ2ZZKi91CD7OPoCrxUj1EmCpizTZH6nP0ad7BofTCpKI67bkgdb94RlbFSJhSf4wBHf87QNI42JKjZJMoxofkgvAmTsEPFwHmIBXydPcuc6k6hxYv"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
8b33a87b9f7c56c5-OSL
alt-svc
h3=":443"; ma=86400
index-CK5wKU7a.css
promeditation.ru/assets/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://promeditation.ru/assets/index-CK5wKU7a.css
Requested by
Host: promeditation.ru
URL: https://promeditation.ru/payment?invite=vPDn9ng
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
660c5b5a0c4a0da58f53b5c073598be593b47e1cf49a7568daa0bb117908245a

Request headers

Referer
https://promeditation.ru/payment?invite=vPDn9ng
Origin
https://promeditation.ru
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 14 Aug 2024 20:22:38 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 02 Aug 2024 05:49:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2778
etag
W/"6984-1722577762000"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iR0zMzUDwOT2YRr9h1Mqf7fjGybwwqz0XZ1t8wuZaQv%2B4BR1ZVmBWmFEpaYglPJWraMOqVk1H8kEK%2BW2KceQlmWKK0MJgE6yuyvIgBUu6FWXQVnap89zr0E1RmwOz2Z1kG9A"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
8b33a87b9f7b56c5-OSL
alt-svc
h3=":443"; ma=86400
cloudpayments.js
widget.cloudpayments.ru/bundles/ 		130 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.cloudpayments.ru/bundles/cloudpayments.js
Requested by
Host: promeditation.ru
URL: https://promeditation.ru/payment?invite=vPDn9ng
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.91.134 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe6cea12bea64b63123cf215454c3232eca79ac3396567d8673d0977a7a9c8a2

Request headers

Referer
https://promeditation.ru/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 14 Aug 2024 20:22:39 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Wed, 14 Aug 2024 13:22:14 GMT
server
cloudflare
etag
W/"66bcaf86-a5ba"
vary
Accept-Encoding
report-to
{"group": "csp-endpoint", "max_age": 10886400, "endpoints": [{ "url": "https://widget.cloudpayments.ru/monitoring-api/csp" }] }
content-type
application/javascript
content-security-policy-report-only
default-src https://widget.cloudpayments.ru; connect-src https://widget.cloudpayments.ru https://api.cloudpayments.ru https://api2.amplitude.com/ https://static.cloudpayments.ru https://static-stage.cloudpayments.ru https://pay.google.com https://google.com https://www.google.com https://pay.yandex.ru https://api-statist.dev-tcsgroup.io https://api-statist.tinkoff.ru https://forma.tinkoff.ru; font-src https://widget.cloudpayments.ru data:; frame-src *; frame-ancestors 'self' https:; img-src https://widget.cloudpayments.ru https://static.cloudpayments.ru https://static-stage.cloudpayments.ru https://pay.yandex.ru https://cp.ru https://qr.nspk.ru https://www.gstatic.com data:; media-src https://widget.cloudpayments.ru https://static.cloudpayments.ru https://static-stage.cloudpayments.ru; object-src https://widget.cloudpayments.ru; script-src https://widget.cloudpayments.ru https://forma.tinkoff.ru https://pay.google.com https://pay.yandex.ru 'sha256-X7hlFWwNeiesyjdfNFJj7/3OwFYiJ7PdoDlKAkyjTWA=';style-src 'unsafe-inline' https:; report-to csp-endpoint; report-uri https://widget.cloudpayments.ru/monitoring-api/csp
cf-ray
8b33a8804a748d54-HEL
css2
fonts.googleapis.com/ 		5 KB
913 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Unbounded:wght@400;500;700&display=swap
Requested by
Host: promeditation.ru
URL: https://promeditation.ru/assets/index-CK5wKU7a.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f10.1e100.net
Software
ESF /
Resource Hash
dbab85c331d11bbd3f35da9ebbc797132f515bd3828524c4a2ab4ae77c851d53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://promeditation.ru/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000
date
Wed, 14 Aug 2024 20:22:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
expires
Wed, 14 Aug 2024 20:22:39 GMT
vPDn9ng
salfetka-partners.ru/api/landing/v1/invite-links/ 		139 B
583 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://salfetka-partners.ru/api/landing/v1/invite-links/vPDn9ng
Requested by
Host: promeditation.ru
URL: https://promeditation.ru/assets/index-SH6LadzY.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.213.233 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2352be549d3a9162b9b74157614a286432b5812b3209e800483d821f141e6c20

Request headers

Accept
application/json, text/plain, */*
Referer
https://promeditation.ru/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 14 Aug 2024 20:22:40 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drZg4Bj2Ch0BPuFtx73DMpZLKq0LKqkQuYyFofxPdN9ogcsnCmjGXtBYIpPuLu23QG%2FuLsCbtj4P2U9sgZcGcFeD1lYuv8FKOEVrZJKPt9rfwrltXqvZakwNUcNvy84y%2F64OlvoDyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
8b33a8888b30b51e-OSL
alt-svc
h3=":443"; ma=86400
favicon.svg
promeditation.ru/ 		2 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://promeditation.ru/favicon.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
955416751b845edb094898d12b6e422f8c0464a06dd33c8f2220c9a349c25b20

Request headers

Referer
https://promeditation.ru/payment?invite=vPDn9ng
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 14 Aug 2024 20:22:39 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 02 Aug 2024 05:49:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5186
etag
W/"1617-1722577761000"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7QcVotDuvi2LoZCs50wwpjBOQrSCkzQyjx570oDuHN4zD7FGml9l7DyZJRvj7L34AM7I%2FAvfGKSa7jyGUF%2FAI%2B18Tw9MyZw9RkgXesg9mKWOlgAwSUoDKgYBZJIRAxeTNjMs"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
8b33a88348ce56c5-OSL
alt-svc
h3=":443"; ma=86400
vPDn9ng
salfetka-partners.ru/landings/ Frame 90CF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://salfetka-partners.ru/landings/vPDn9ng
Requested by
Host: promeditation.ru
URL: https://promeditation.ru/assets/index-SH6LadzY.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.213.233 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://promeditation.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8b33a88f2f4f56c6-OSL
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 14 Aug 2024 20:22:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vW5cPyP9MjJca1X1j2CM5%2FDwpl0VoeFJKvzgV6GttLKT6iOa4D0TVVjgOWcVFU%2FKIKrHMfDm8ZK4mifD%2B29kepdqKoelCXv2hMjBwpZYs7vfs4sQ%2FU1i3dJ45qg3G8ZOSU5HRFHFUg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| cp string| __reactRouterVersion

0 Cookies