Submitted URL: http://ban-dera.com/
Effective URL: https://ban-dera.com/
Submission: On March 24 via manual from US — Scanned from DE

Summary

This website contacted 9 IPs in 3 countries across 16 domains to perform 46 HTTP transactions. The main IP is 2a00:7a60:0:10a6::1, located in Ukraine and belongs to UKRAINE-AS, UA. The main domain is ban-dera.com.
TLS certificate: Issued by R3 on March 2nd 2022. Valid for: 3 months.
This is the only time ban-dera.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
6 ban-dera.com
ban-dera.com
262 KB
4 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 403
159 KB
2 travelask.ru
travelask.ru
2 gstatic.com
fonts.gstatic.com
27 KB
2 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 1810
44 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
336 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 54
64 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
941 B
0 ooo-ubs-bank.com Failed
ooo-ubs-bank.com Failed
0 tagbank.ru Failed
tagbank.ru Failed
0 bankffin.ru Failed
bankffin.ru Failed
0 trud.ru Failed
trud.ru Failed
0 rupoezd.ru Failed
www.rupoezd.ru Failed
rupoezd.ru Failed
0 gov.ru Failed
pfr.gov.ru Failed
0 severstroybank35.ru Failed
severstroybank35.ru Failed
0 stolichki.ru Failed
stolichki.ru Failed
46 16
Domain Requested by
6 ban-dera.com 1 redirects ban-dera.com
4 cdn.jsdelivr.net ban-dera.com
cdn.jsdelivr.net
2 travelask.ru ban-dera.com
2 fonts.gstatic.com fonts.googleapis.com
2 www.paypalobjects.com ban-dera.com
1 www.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com ban-dera.com
1 fonts.googleapis.com ban-dera.com
0 rupoezd.ru Failed ban-dera.com
0 ooo-ubs-bank.com Failed ban-dera.com
0 tagbank.ru Failed ban-dera.com
0 bankffin.ru Failed ban-dera.com
0 trud.ru Failed ban-dera.com
0 www.rupoezd.ru Failed
0 pfr.gov.ru Failed ban-dera.com
0 severstroybank35.ru Failed ban-dera.com
0 stolichki.ru Failed ban-dera.com
46 17
Subject Issuer Validity Valid
www.ban-dera.com
R3
2022-03-02 -
2022-05-31
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-03 -
2022-07-02
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA
2022-02-08 -
2023-01-10
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-03-17 -
2022-06-09
3 months crt.sh
*.travelask.ru
E1
2022-03-12 -
2022-06-10
3 months crt.sh

This page contains 1 frames:

Primary Page: https://ban-dera.com/
Frame ID: B1D2587C7FC31672963815F20F427F5B
Requests: 48 HTTP requests in this frame

Screenshot

Page Title

BAN-dera

Page URL History Show full URLs

  1. http://ban-dera.com/ HTTP 301
    https://ban-dera.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

46
Requests

39 %
HTTPS

88 %
IPv6

16
Domains

17
Subdomains

9
IPs

3
Countries

557 kB
Transfer

2235 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ban-dera.com/ HTTP 301
    https://ban-dera.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20
  • https://rupoezd.ru/?p6cyqti0l4b=977.951661110547 HTTP 0
  • http://www.rupoezd.ru/?p6cyqti0l4b=977.951661110547
Request Chain 30
  • https://rupoezd.ru/?sibhji6dhxj=808.2749549871435 HTTP 0
  • http://www.rupoezd.ru/?sibhji6dhxj=808.2749549871435

46 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
ban-dera.com/
Redirect Chain
  • http://ban-dera.com/
  • https://ban-dera.com/
5 KB
2 KB
Document
General
Full URL
https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:7a60:0:10a6::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
6e57af06575312291456853124bf6a14eee2146ee332b401275d1fc206be2708

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Thu, 24 Mar 2022 19:32:22 GMT
content-type
text/html; charset=UTF-8
cache-control
private, must-revalidate
pragma
no-cache
expires
-1
x-ray
p999:0.080/wn26930:0.090/wa26930:D=82131
content-encoding
br

Redirect headers

Server
nginx
Date
Thu, 24 Mar 2022 19:32:22 GMT
Content-Type
text/html
Content-Length
162
Connection
keep-alive
Location
https://ban-dera.com/
x-ray
p999:0.011/wn26930:0.000/
css2
fonts.googleapis.com/
1 KB
941 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Anonymous+Pro&display=swap
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
dba1a2b91b5ed0e155137d62925ae5f65d3fad10bc13b317add7fa5516b2acd5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ban-dera.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 24 Mar 2022 19:32:23 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 24 Mar 2022 19:32:23 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 24 Mar 2022 19:32:23 GMT
bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/
79 KB
11 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af35cc6aba34e5005de77099dfa72d4c1a7715d28ddcec343f48031dc8cb08bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ban-dera.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 24 Mar 2022 19:32:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
295811
x-jsd-version
1.8.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19154-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"13a7e-T26mnA4DQx/6Ggl6RUU7WzskbYs"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6f11d51bea48cc4a-ZRH
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/
152 KB
24 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ban-dera.com/
Origin
https://ban-dera.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 24 Mar 2022 19:32:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
295832
x-jsd-version
5.0.2
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19136-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6f11d51bec6d01e7-ZRH
js
www.googletagmanager.com/gtag/
172 KB
64 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-E2JP8HENB3
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f6d9c1c6d393401c5a589dcc15e78af52f3c7860eb87a6c4769ab748a2f90354
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ban-dera.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 24 Mar 2022 19:32:23 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64677
x-xss-protection
0
expires
Thu, 24 Mar 2022 19:32:23 GMT
donate-sdk.js
www.paypalobjects.com/donate/sdk/
134 KB
40 KB
Script
General
Full URL
https://www.paypalobjects.com/donate/sdk/donate-sdk.js
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F27) /
Resource Hash
54866fbff058a2812fdec10b71d17d987db3616525a7c915688f18e63a2f0891
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ban-dera.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 24 Mar 2022 19:32:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
cb48492caffae
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
41002
last-modified
Mon, 11 Oct 2021 17:21:16 GMT
server
ECAcc (frc/8F27)
etag
W/"6164728c-21635"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
expires
Thu, 24 Mar 2022 20:32:23 GMT
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/
77 KB
23 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ban-dera.com/
Origin
https://ban-dera.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 24 Mar 2022 19:32:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
295837
x-jsd-version
5.0.2
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19175-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"13397-kBFpUnUH/55mLPZNjjYfNZMIlw0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6f11d51bec6f01e7-ZRH
app.js
ban-dera.com/js/
1 MB
233 KB
Script
General
Full URL
https://ban-dera.com/js/app.js
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:7a60:0:10a6::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
06d64f8ee3a7f62c28feb80adab5517da71de0b99d40054153b0a5838d50aaf9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ban-dera.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray
p999:0.076/wn26930:0.050/wa26930:D=46290
content-encoding
br
date
Thu, 24 Mar 2022 19:32:23 GMT
last-modified
Sat, 19 Mar 2022 16:11:00 GMT
server
nginx
etag
W/"1322a4-5da9482524d00"
content-type
application/javascript
collect
www.google-analytics.com/g/
0
336 B
Ping
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-E2JP8HENB3&gtm=2oe3e0&_p=950952610&sr=1600x1200&ul=en-us&cid=706679301.1648150344&_s=1&dl=https%3A%2F%2Fban-dera.com%2F&dt=BAN-dera&sid=1648150343&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E2JP8HENB3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ban-dera.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 24 Mar 2022 19:32:23 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ban-dera.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ban-dera-logo.svg
ban-dera.com/img/
22 KB
6 KB
Image
General
Full URL
https://ban-dera.com/img/ban-dera-logo.svg
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:7a60:0:10a6::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
a4396fda6d1437cdf8555a5b42ec0c91ecfb81e8056038706afaacd50c7a28a6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ban-dera.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray
p999:0.070/wn26930:0.070/wa26930:D=63381
content-encoding
br
date
Thu, 24 Mar 2022 19:32:23 GMT
last-modified
Wed, 16 Mar 2022 17:15:12 GMT
server
nginx
etag
W/"58af-5da590e650800"
content-type
image/svg+xml
monobank-logo.svg
ban-dera.com/img/
7 KB
3 KB
Image
General
Full URL
https://ban-dera.com/img/monobank-logo.svg
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:7a60:0:10a6::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
af345977ec335526e192f4954e83515bb447f98a56a0e27053774c284d316c5b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ban-dera.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray
p999:0.069/wn26930:0.060/wa26930:D=62280
content-encoding
br
date
Thu, 24 Mar 2022 19:32:23 GMT
last-modified
Wed, 16 Mar 2022 17:15:12 GMT
server
nginx
etag
W/"1a67-5da590e650800"
content-type
image/svg+xml
btn_donateCC_LG.gif
www.paypalobjects.com/en_US/i/btn/
3 KB
3 KB
Image
General
Full URL
https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FA3) /
Resource Hash
33a91bd6d378215fcd413c279aa88d48bda6c8b2ef7695892777c87de37de256
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ban-dera.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 24 Mar 2022 19:32:23 GMT
x-content-type-options
nosniff
last-modified
Thu, 27 May 2021 14:20:07 GMT
server
ECAcc (frc/8FA3)
etag
"60afaa97-c1b"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
content-type
image/gif
paypal-debug-id
2b4c172ba8a6d
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
dc
ccg11-origin-www-1.paypal.com
content-length
3099
expires
Thu, 24 Mar 2022 20:32:23 GMT
targets
ban-dera.com/api/
232 KB
18 KB
XHR
General
Full URL
https://ban-dera.com/api/targets
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/js/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:7a60:0:10a6::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
35e74e4117c642790ce4248a6eeb28b7cad4791c985c37bc1baec648273df979

Request headers

Accept
application/json, text/plain, */*
Referer
https://ban-dera.com/
X-XSRF-TOKEN
eyJpdiI6IjI2anVrWTFPbGtmZnR3UE1DWUlpWlE9PSIsInZhbHVlIjoibXJBUlc5bHlYSnMvSWxrdDR4TmZZSHMvbjdtU1ErRlU5aHhVQ0t4dktPMmxpSTY4cG5QNmVpM1RhUnRSRnVxb012RmhCYjZWTUFPNTBqUkQ0Y3RNREZvZzNXN2lhQUFOaVlLTHA2NllicnBBM1pBTXg5SHRibitwamVnNzdKWVciLCJtYWMiOiJkOWJkN2I1MzI0OTdkMzM1ZWEyOTdkM2I1YzYzN2ZiZTcwNTc1NWMzYzVlMWJiZTlmYzI0ZmExZTQ0OTlkZmE5IiwidGFnIjoiIn0=
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 24 Mar 2022 19:32:27 GMT
content-encoding
br
server
nginx
x-ratelimit-remaining
4
content-type
application/json
access-control-allow-origin
*
x-ray
p999:3.640/wn26930:3.620/wa26930:D=3625842
cache-control
private, must-revalidate
x-ratelimit-limit
5
expires
-1
truncated
/
108 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8f27b2160255b0a3bbe960f0af6a1772a8514e2b3ba0acbeea1e622ebb5f3e4a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
273 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
953c39b93c46656e2d25a28dd13379498f98e991a78f682c4a42c951bc87a0f2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/svg+xml
rP2Bp2a15UIB7Un-bOeISG3pHl829RH9.woff2
fonts.gstatic.com/s/anonymouspro/v19/
9 KB
10 KB
Font
General
Full URL
https://fonts.gstatic.com/s/anonymouspro/v19/rP2Bp2a15UIB7Un-bOeISG3pHl829RH9.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Anonymous+Pro&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
476607c776c9e8cabc7e1489125be12b17477e1ddaf6b874d2af57182e0989b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ban-dera.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 18:55:24 GMT
x-content-type-options
nosniff
age
175019
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9696
x-xss-protection
0
last-modified
Mon, 24 Jan 2022 19:46:34 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 22 Mar 2023 18:55:24 GMT
rP2Bp2a15UIB7Un-bOeISG3pHls29Q.woff2
fonts.gstatic.com/s/anonymouspro/v19/
17 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/anonymouspro/v19/rP2Bp2a15UIB7Un-bOeISG3pHls29Q.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Anonymous+Pro&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
148b358d5c6a32ff44aa901fdd583519210675846edb6ccf8913a402054196a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ban-dera.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 01:28:04 GMT
x-content-type-options
nosniff
age
237859
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17528
x-xss-protection
0
last-modified
Mon, 24 Jan 2022 19:46:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 22 Mar 2023 01:28:04 GMT
bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/fonts/
100 KB
100 KB
Font
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/fonts/bootstrap-icons.woff2?524846017b983fc8ded9325d94ed40f3
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c874e14c63db86c4c5318c77cb557fce7036645edc7d690dcc1d23b389631b13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css
Origin
https://ban-dera.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 24 Mar 2022 19:32:23 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
295844
x-jsd-version
1.8.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
102536
x-served-by
cache-fra19157-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"19088-HKXox9L7jp1grRof6ypG6Ywkij0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
cf-ray
6f11d51ee95b01e7-ZRH
/
stolichki.ru/
0
0

/
severstroybank35.ru/
0
0

/
pfr.gov.ru/
0
0

/
www.rupoezd.ru/
Redirect Chain
  • https://rupoezd.ru/?p6cyqti0l4b=977.951661110547
  • http://www.rupoezd.ru/?p6cyqti0l4b=977.951661110547
0
0

/
trud.ru/
0
0

/
travelask.ru/
0
0
Fetch
General
Full URL
https://travelask.ru/?wnleinuk9w=30.18807404916135
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/js/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9ebd -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

/
bankffin.ru/
0
0

/
tagbank.ru/
0
0

/
ooo-ubs-bank.com/
0
0

/
tagbank.ru/
0
0

/
stolichki.ru/
0
0

/
severstroybank35.ru/
0
0

/
pfr.gov.ru/
0
0

/
www.rupoezd.ru/
Redirect Chain
  • https://rupoezd.ru/?sibhji6dhxj=808.2749549871435
  • http://www.rupoezd.ru/?sibhji6dhxj=808.2749549871435
0
0

/
trud.ru/
0
0

/
travelask.ru/
0
0
Fetch
General
Full URL
https://travelask.ru/?lkch62wm1eh=855.1881995786082
Requested by
Host: ban-dera.com
URL: https://ban-dera.com/js/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9ebd -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

/
bankffin.ru/
0
0

/
tagbank.ru/
0
0

/
ooo-ubs-bank.com/
0
0

/
tagbank.ru/
0
0

/
stolichki.ru/
0
0

/
severstroybank35.ru/
0
0

/
pfr.gov.ru/
0
0

/
rupoezd.ru/
0
0

/
trud.ru/
0
0

/
travelask.ru/
0
0

/
bankffin.ru/
0
0

/
tagbank.ru/
0
0

/
ooo-ubs-bank.com/
0
0

/
tagbank.ru/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
stolichki.ru
URL
https://stolichki.ru/?h5pv5sscs8=18.243716004265444
Domain
severstroybank35.ru
URL
https://severstroybank35.ru/?5dilxs5w9v=519.8657100697408
Domain
pfr.gov.ru
URL
https://pfr.gov.ru/?o7239fqoatr=412.46309902139046
Domain
www.rupoezd.ru
URL
http://www.rupoezd.ru/?p6cyqti0l4b=977.951661110547
Domain
trud.ru
URL
https://trud.ru/?hcydr4tdu7k=19.284429854818264
Domain
bankffin.ru
URL
https://bankffin.ru/?rgzr2ocl3o=266.53748790436384
Domain
tagbank.ru
URL
https://tagbank.ru/?tig4vmibw1k=455.877528209631
Domain
ooo-ubs-bank.com
URL
https://ooo-ubs-bank.com/?rtah39u9ir=812.2888200727903
Domain
tagbank.ru
URL
https://tagbank.ru/?g8vi0uhs81o=525.4324949186066
Domain
stolichki.ru
URL
https://stolichki.ru/?exktpuojhqk=713.4743156288985
Domain
severstroybank35.ru
URL
https://severstroybank35.ru/?xk7gicyltgk=638.3763530217059
Domain
pfr.gov.ru
URL
https://pfr.gov.ru/?qexi709zn4q=768.5231994979902
Domain
www.rupoezd.ru
URL
http://www.rupoezd.ru/?sibhji6dhxj=808.2749549871435
Domain
trud.ru
URL
https://trud.ru/?ivtkjo3wx1l=817.2807035733432
Domain
bankffin.ru
URL
https://bankffin.ru/?slb0vfj4xf=812.1960006253444
Domain
tagbank.ru
URL
https://tagbank.ru/?r8thg0lvie=68.17568798231166
Domain
ooo-ubs-bank.com
URL
https://ooo-ubs-bank.com/?k9by4w0sw1h=466.39787686336655
Domain
tagbank.ru
URL
https://tagbank.ru/?27ix0yc2ln1i=19.364891642131397
Domain
stolichki.ru
URL
https://stolichki.ru/?0jm5vntbh1zu=986.352560887884
Domain
severstroybank35.ru
URL
https://severstroybank35.ru/?lwa74uu1dmi=230.2372892239235
Domain
pfr.gov.ru
URL
https://pfr.gov.ru/?27dtrvwzbl7=524.1880060341953
Domain
rupoezd.ru
URL
https://rupoezd.ru/?diug0obaet4=562.506134672683
Domain
trud.ru
URL
https://trud.ru/?z9arku1hwq8=264.0290452089984
Domain
travelask.ru
URL
https://travelask.ru/?5szp79mem1k=805.2386813706629
Domain
bankffin.ru
URL
https://bankffin.ru/?6i1t2pdo98r=172.36874077816287
Domain
tagbank.ru
URL
https://tagbank.ru/?5tbclg9e94g=534.4045822098903
Domain
ooo-ubs-bank.com
URL
https://ooo-ubs-bank.com/?mnk54ki7n7g=219.4701516868489
Domain
tagbank.ru
URL
https://tagbank.ru/?7n6gz3rk14=279.3871508649548

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| gtag object| dataLayer object| __post_robot_10_0_41__ object| PayPal object| __zoid_9_0_58__ object| Donation number| uidEvent object| bootstrap object| google_tag_manager object| google_tag_data object| gaGlobal object| webpackChunk object| regeneratorRuntime function| _ function| axios function| onYouTubeIframeAPIReady

4 Cookies

Domain/Path Name / Value
ban-dera.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IjI2anVrWTFPbGtmZnR3UE1DWUlpWlE9PSIsInZhbHVlIjoibXJBUlc5bHlYSnMvSWxrdDR4TmZZSHMvbjdtU1ErRlU5aHhVQ0t4dktPMmxpSTY4cG5QNmVpM1RhUnRSRnVxb012RmhCYjZWTUFPNTBqUkQ0Y3RNREZvZzNXN2lhQUFOaVlLTHA2NllicnBBM1pBTXg5SHRibitwamVnNzdKWVciLCJtYWMiOiJkOWJkN2I1MzI0OTdkMzM1ZWEyOTdkM2I1YzYzN2ZiZTcwNTc1NWMzYzVlMWJiZTlmYzI0ZmExZTQ0OTlkZmE5IiwidGFnIjoiIn0%3D
ban-dera.com/ Name: ban_dera_session
Value: eyJpdiI6IjQ4NXlZc0FmRHp5SGxka1dYOHJTK3c9PSIsInZhbHVlIjoiTWhicnlOUFZBQTM3d1lyRUcvZk8zWXJqWWladnJsUTZJODNGMnA5OWpBZmQvQkt3OGptQzl6aGxvdHVraFg0YjdVSGt0TTlrNlJFZGg5QUlnMUF1UGw3cytVYUpQb1BpZG5nR1d3UDJzdFNGSGx3Qk84WlYwZHlPcEVnTjhXdTIiLCJtYWMiOiJiODJkMjcwMzk4NzQ2MmQwYjM3NGY5NWNlNzVjMGMzMTA4YmQwOTdmN2RlNjYxMjM2YjMyOWQwZTZmMzg1NTdhIiwidGFnIjoiIn0%3D
.ban-dera.com/ Name: _ga
Value: GA1.1.706679301.1648150344
.ban-dera.com/ Name: _ga_E2JP8HENB3
Value: GS1.1.1648150343.1.0.1648150344.0

6 Console Messages

Source Level URL
Text
network error URL: https://travelask.ru/?wnleinuk9w=30.18807404916135
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://travelask.ru/?lkch62wm1eh=855.1881995786082
Message:
Failed to load resource: the server responded with a status of 503 ()
security error URL: https://ban-dera.com/
Message:
Mixed Content: The page at 'https://ban-dera.com/' was loaded over HTTPS, but requested an insecure resource 'http://www.rupoezd.ru/?p6cyqti0l4b=977.951661110547'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://ban-dera.com/
Message:
Mixed Content: The page at 'https://ban-dera.com/' was loaded over HTTPS, but requested an insecure resource 'http://www.rupoezd.ru/?sibhji6dhxj=808.2749549871435'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://ban-dera.com/
Message:
Mixed Content: The page at 'https://ban-dera.com/' was loaded over HTTPS, but requested an insecure resource 'http://www.rupoezd.ru/?diug0obaet4=562.506134672683'. This request has been blocked; the content must be served over HTTPS.
network error URL: https://travelask.ru/?5szp79mem1k=805.2386813706629
Message:
Failed to load resource: the server responded with a status of 503 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ban-dera.com
bankffin.ru
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
ooo-ubs-bank.com
pfr.gov.ru
rupoezd.ru
severstroybank35.ru
stolichki.ru
tagbank.ru
travelask.ru
trud.ru
www.google-analytics.com
www.googletagmanager.com
www.paypalobjects.com
www.rupoezd.ru
bankffin.ru
ooo-ubs-bank.com
pfr.gov.ru
rupoezd.ru
severstroybank35.ru
stolichki.ru
tagbank.ru
travelask.ru
trud.ru
www.rupoezd.ru
192.229.221.25
2606:4700:3036::ac43:9ebd
2606:4700::6810:5614
2a00:1450:4001:808::200e
2a00:1450:4001:813::2008
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2003
2a00:7a60:0:10a6::1
06d64f8ee3a7f62c28feb80adab5517da71de0b99d40054153b0a5838d50aaf9
148b358d5c6a32ff44aa901fdd583519210675846edb6ccf8913a402054196a0
33a91bd6d378215fcd413c279aa88d48bda6c8b2ef7695892777c87de37de256
35e74e4117c642790ce4248a6eeb28b7cad4791c985c37bc1baec648273df979
476607c776c9e8cabc7e1489125be12b17477e1ddaf6b874d2af57182e0989b8
54866fbff058a2812fdec10b71d17d987db3616525a7c915688f18e63a2f0891
6e57af06575312291456853124bf6a14eee2146ee332b401275d1fc206be2708
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe
8f27b2160255b0a3bbe960f0af6a1772a8514e2b3ba0acbeea1e622ebb5f3e4a
953c39b93c46656e2d25a28dd13379498f98e991a78f682c4a42c951bc87a0f2
a4396fda6d1437cdf8555a5b42ec0c91ecfb81e8056038706afaacd50c7a28a6
af345977ec335526e192f4954e83515bb447f98a56a0e27053774c284d316c5b
af35cc6aba34e5005de77099dfa72d4c1a7715d28ddcec343f48031dc8cb08bc
c874e14c63db86c4c5318c77cb557fce7036645edc7d690dcc1d23b389631b13
dba1a2b91b5ed0e155137d62925ae5f65d3fad10bc13b317add7fa5516b2acd5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6d9c1c6d393401c5a589dcc15e78af52f3c7860eb87a6c4769ab748a2f90354