rduto.tempestforge.top Open in urlscan Pro
172.64.131.19 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tiktok_51d0.of4n.com/07e2e
Effective URL:
https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1re...
Submission: On September 20 via api (September 20th 2023, 7:37:00 pm UTC) from US — Scanned from US

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 1 countries across 9 domains to perform 11 HTTP transactions. The main IP is 172.64.131.19, located in and belongs to . The main domain is rduto.tempestforge.top.
TLS certificate: Issued by GTS CA 1P5 on September 19th 2023. Valid for: 3 months.

This is the only time rduto.tempestforge.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3032::6815:393f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:303... 2606:4700:3031::6815:14db	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	64.227.23.114 64.227.23.114	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	99.198.108.194 99.198.108.194	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2	2606:4700:10:... 2606:4700:10::ac43:88d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3037::6815:3fa6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3037::ac43:c764	() ()
1 1	172.67.130.128 172.67.130.128	() ()
4	172.64.131.19 172.64.131.19	() ()
11	6

1 2606:4700:3032::6815:393f (United States)

ASN13335 (CLOUDFLARENET, US)

tiktok_51d0.of4n.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3031::6815:14db (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

alienfb.trade	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.227.23.114 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

country.contentrightnow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.198.108.194 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

monkey.redirectmaster.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:88d (United States)

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:3fa6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.iwinprize.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:c764 (None, ) 1 redirects

ASN- ()

www.llucky.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.130.128 (None, ) 1 redirects

ASN- ()

rduto.vegalyrae.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.131.19 (None, )

ASN- ()

rduto.tempestforge.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	tempestforge.top rduto.tempestforge.top cdnstatic.tempestforge.top Failed	10 KB
2	amung.us whos.amung.us — Cisco Umbrella Rank: 10525	62 B
2	redirectmaster.com monkey.redirectmaster.com	4 KB
2	alienfb.trade 1 redirects alienfb.trade	1 KB
1	vegalyrae.top 1 redirects rduto.vegalyrae.top	700 B
1	llucky.xyz 1 redirects www.llucky.xyz	899 B
1	iwinprize.xyz 1 redirects www.iwinprize.xyz	807 B
1	contentrightnow.com 1 redirects country.contentrightnow.com	295 B
1	of4n.com tiktok_51d0.of4n.com	669 B
11	9

	Domain	Requested by
4	rduto.tempestforge.top	monkey.redirectmaster.com rduto.tempestforge.top
2	whos.amung.us
2	monkey.redirectmaster.com	alienfb.trade monkey.redirectmaster.com
2	alienfb.trade	1 redirects tiktok_51d0.of4n.com
1	rduto.vegalyrae.top	1 redirects
1	www.llucky.xyz	1 redirects
1	www.iwinprize.xyz	1 redirects
1	country.contentrightnow.com	1 redirects
1	tiktok_51d0.of4n.com
0	cdnstatic.tempestforge.top Failed	rduto.tempestforge.top
11	10

This site contains no links.

Subject Issuer	Validity	Valid
of4n.com GTS CA 1P5	`2023-07-25` - `2023-10-23`	3 months	crt.sh
alienfb.trade E1	`2023-08-06` - `2023-11-04`	3 months	crt.sh
monkey.redirectmaster.com R3	`2023-08-15` - `2023-11-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-06-11` - `2024-06-09`	a year	crt.sh
tempestforge.top GTS CA 1P5	`2023-09-19` - `2023-12-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919
Frame ID: 08CD916B1FB61C6686AA3592A93B343A
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://tiktok_51d0.of4n.com/07e2e Page URL
https://alienfb.trade/Geo/index.php HTTP 302
https://country.contentrightnow.com/?k=07c26007ab94bc677c4d0102a4c46279&type=mainstream&subtype=global HTTP 302
https://monkey.redirectmaster.com/?utm_medium=9edef15e72214e8a973d0e5b01f40580976cda9b&utm_campaign=optimizedb Page URL
https://monkey.redirectmaster.com/proc.php?69760ebe49af457525e0930f35501be99133f2a1 Page URL
https://www.iwinprize.xyz/BsqKYyD5?cost=0&external_id=M7280994414653079692&ad_campaign_id=3ac78f&partn... HTTP 302
https://www.llucky.xyz/MBFjvX?{type}=Type&{geo}=Geo HTTP 302
https://rduto.vegalyrae.top/?pl=2o78qvevO0uWxPcuCAny6Q&click_id=2olrq72122tc9 HTTP 302
https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&h... Page URL

Page Statistics

11
Requests

91 %
HTTPS

56 %
IPv6

9
Domains

10
Subdomains

6
IPs

1
Countries

16 kB
Transfer

41 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tiktok_51d0.of4n.com/07e2e Page URL
https://alienfb.trade/Geo/index.php HTTP 302
https://country.contentrightnow.com/?k=07c26007ab94bc677c4d0102a4c46279&type=mainstream&subtype=global HTTP 302
https://monkey.redirectmaster.com/?utm_medium=9edef15e72214e8a973d0e5b01f40580976cda9b&utm_campaign=optimizedb Page URL
https://monkey.redirectmaster.com/proc.php?69760ebe49af457525e0930f35501be99133f2a1 Page URL
https://www.iwinprize.xyz/BsqKYyD5?cost=0&external_id=M7280994414653079692&ad_campaign_id=3ac78f&partner_id=4400&pid=4400-bd34abaz&app_name=unknown HTTP 302
https://www.llucky.xyz/MBFjvX?{type}=Type&{geo}=Geo HTTP 302
https://rduto.vegalyrae.top/?pl=2o78qvevO0uWxPcuCAny6Q&click_id=2olrq72122tc9 HTTP 302
https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://alienfb.trade/Geo/index.php HTTP 302
https://country.contentrightnow.com/?k=07c26007ab94bc677c4d0102a4c46279&type=mainstream&subtype=global HTTP 302
https://monkey.redirectmaster.com/?utm_medium=9edef15e72214e8a973d0e5b01f40580976cda9b&utm_campaign=optimizedb

11 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	07e2e Show response tiktok_51d0.of4n.com/	386 B 669 B	445ms 277ms	Document text/html	2606:4700:3032::6815:393f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tiktok_51d0.of4n.com/07e2e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:393f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `fda29adefc5a6d21683341e8d10a8eb488358d1533ac7963a74588afe7e70293` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 809c8520986f4bc1-BUF content-encoding br content-type text/html; charset=UTF-8 date Wed, 20 Sep 2023 19:36:55 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ywW4smVMH04Do8oQdSqUHM%2FegJrvO%2F0AekRdY7%2FgTkXdRxmdzmpJejFL2bp9q3Wy4smbJmf9WTIr3AiJvjb7VwL44i5pY72igMYZ2O13rcWP2VSQvcq%2BWrONq1iZS7gC1tK90tAxOqPUa7BprQQ3viXWsg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by ASP.NET x-powered-by-plesk PleskWin
GET H2	200	index.php alienfb.trade/h/	807 B 932 B	240ms 145ms	Script application/javascript	2606:4700:3031::6815:14db CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://alienfb.trade/h/index.php?username=rosalbafb Requested by Host: tiktok_51d0.of4n.com URL: https://tiktok_51d0.of4n.com/07e2e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:14db , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers x-powered-by-plesk PleskWin pragma no-cache date Wed, 20 Sep 2023 19:36:55 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s2o5oeDskxsnA5QL5nglFnfD91w%2FtOzVQf6x9Z%2FOgl%2FE%2FgiONmrguQV1xGiG1qNqHWLVuxh27JewqjouQ3zuWL%2BlcC4Rr8qxcx1EYIFMFJYPy%2F9Y8%2F%2FfjDI8Ol9m8%2FPxNeGOazgREIgarAxV"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0 cf-ray 809c85239ebe4bc6-BUF alt-svc h3=":443"; ma=86400
GET H2	200	/ monkey.redirectmaster.com/ Redirect Chain https://alienfb.trade/Geo/index.php https://country.contentrightnow.com/?k=07c26007ab94bc677c4d0102a4c46279&type=mainstream&subtype=global https://monkey.redirectmaster.com/?utm_medium=9edef15e72214e8a973d0e5b01f40580976cda9b&utm_campaign=optimizedb	8 KB 3 KB	141ms 35ms	Document text/html	99.198.108.194 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://monkey.redirectmaster.com/?utm_medium=9edef15e72214e8a973d0e5b01f40580976cda9b&utm_campaign=optimizedb Requested by Host: alienfb.trade URL: https://alienfb.trade/h/index.php?username=rosalbafb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.198.108.194 , United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS server04.com-2.mobi Software nginx / PHP/8.2.0 Resource Hash Request headers Referer https://tiktok_51d0.of4n.com/07e2e Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language en-US,en;q=0.9 Response headers accept-ch Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version cache-control no-store, no-cache, must-revalidate, max-age=0 content-encoding gzip content-type text/html; charset=utf-8 date Wed, 20 Sep 2023 19:36:56 GMT expires Thu, 01 Jan 1970 00:00:00 GMT pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.2.0 Redirect headers Connection keep-alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Wed, 20 Sep 2023 19:36:56 GMT Location https://monkey.redirectmaster.com/?utm_medium=9edef15e72214e8a973d0e5b01f40580976cda9b&utm_campaign=optimizedb Server nginx/1.16.1 (Ubuntu)
GET H2	200	/ whos.amung.us/pingjs/	32 B 32 B	251ms 64ms	Image text/javascript	2606:4700:10::ac43:88d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://whos.amung.us/pingjs/?k=alienfbpanel&t=CASH&x=https://www.cashbycashapp.com/aesthetic14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 19:36:56 GMT content-encoding gzip cf-cache-status DYNAMIC server cloudflare cf-ray 809c8526bdbe4bc7-BUF content-type text/javascript;charset=UTF-8
GET H2	200	/ whos.amung.us/pingjs/	30 B 30 B	254ms 66ms	Image text/javascript	2606:4700:10::ac43:88d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://whos.amung.us/pingjs/?k=aesthetic14&t=CASH&x=https://www.cashbycashapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 19:36:56 GMT content-encoding gzip cf-cache-status DYNAMIC server cloudflare cf-ray 809c8526bdbf4bc7-BUF content-type text/javascript;charset=UTF-8
GET H2	200	proc.php monkey.redirectmaster.com/	1 KB 1 KB	49ms 48ms	Document text/html	99.198.108.194 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://monkey.redirectmaster.com/proc.php?69760ebe49af457525e0930f35501be99133f2a1 Requested by Host: monkey.redirectmaster.com URL: https://monkey.redirectmaster.com/?utm_medium=9edef15e72214e8a973d0e5b01f40580976cda9b&utm_campaign=optimizedb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.198.108.194 , United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS server04.com-2.mobi Software nginx / PHP/8.2.0 Resource Hash Request headers Referer https://monkey.redirectmaster.com/?utm_medium=9edef15e72214e8a973d0e5b01f40580976cda9b&utm_campaign=optimizedb Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language en-US,en;q=0.9 Response headers accept-ch Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version cache-control no-store, no-cache, must-revalidate, max-age=0 content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 20 Sep 2023 19:36:57 GMT expires Thu, 01 Jan 1970 00:00:00 GMT location https://www.iwinprize.xyz/BsqKYyD5?cost=0&external_id=M7280994414653079692&ad_campaign_id=3ac78f&partner_id=4400&pid=4400-bd34abaz&app_name=unknown pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.2.0
GET H2	200	Primary Request / Show response rduto.tempestforge.top/blue-robot/ Redirect Chain https://www.iwinprize.xyz/BsqKYyD5?cost=0&external_id=M7280994414653079692&ad_campaign_id=3ac78f&partner_id=4400&pid=4400-bd34abaz&app_name=unknown https://www.llucky.xyz/MBFjvX?{type}=Type&{geo}=Geo https://rduto.vegalyrae.top/?pl=2o78qvevO0uWxPcuCAny6Q&click_id=2olrq72122tc9 https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919	14 KB 6 KB	518ms 253ms	Document text/html	172.64.131.19
General Check archive.org Show headers Download Go to Full URL https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919 Requested by Host: monkey.redirectmaster.com URL: https://monkey.redirectmaster.com/proc.php?69760ebe49af457525e0930f35501be99133f2a1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.131.19 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash `9b2ed619a9620fc9d445ebab690f1f1c4108a41b93c6e4ddc80f7f9aea03bdec` Request headers Referer https://monkey.redirectmaster.com/proc.php?69760ebe49af457525e0930f35501be99133f2a1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 809c853ded988c7e-EWR content-encoding br content-type text/html date Wed, 20 Sep 2023 19:37:00 GMT last-modified Wed, 28 Jun 2023 10:38:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ZN3nKgZYjjIgqq9o6yv6latrq8bg0Ql3H2%2BNayJMLT9FXVY89U8NamZDUNTI%2FwOafpc%2BEYTP%2F29d9OjH3l2X1BA60H34pmaqooA1vGdqnqDx4NkEj8aFMPhMJNV90puRhqGXkObxp2P"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers alt-svc h3=":443"; ma=86400 cache-control max-age=0, no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 809c853a7ffe36a2-YYZ content-length 0 date Wed, 20 Sep 2023 19:36:59 GMT location https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eTrxa8aJEqfuhzcA8vPqT5k2hkyxRMuOKxISYVFfvqbLAEAysjCeAPpxNW5zHT%2F%2FRUBmYEfncqn0%2BxMy%2Bq6sM9JeiDxS7pcuge4njDXqBltppgz8jB5apK38OqilLF3hb4g7M58w"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	trls.js Show response rduto.tempestforge.top/blue-robot/assets/	8 KB 2 KB	63ms 59ms	Script application/javascript	172.64.131.19
General Check archive.org Show headers Download Go to Full URL https://rduto.tempestforge.top/blue-robot/assets/trls.js Requested by Host: rduto.tempestforge.top URL: https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.131.19 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash `2c0b0f46a0c12f49cc290e1b3d62a890e8da3434dc80720e3c5a20bec0ab43e1` Request headers accept-language en-US,en;q=0.9 Referer https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 19:37:00 GMT content-encoding br cf-cache-status HIT last-modified Wed, 28 Jun 2023 10:38:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3588 etag W/"649c0dba-1fa7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i4OAjNJ4Q6volBtvoWifEKRUfdcz7dKoapy0DPXwRWvwt%2F0GEQI3ZIsRDchJD7RNsm88DWE8Rjo8ZVTGEqhUIaoeE8cGgBhTrz9y0vyMVZ%2B9fJJiBFLmiybp6P7ngCishWyLN5DdYhXs"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 809c853faf6a8c7e-EWR alt-svc h3=":443"; ma=86400
GET H2	200	style.css rduto.tempestforge.top/blue-robot/assets/	4 KB 1 KB	72ms 69ms	Stylesheet text/css	172.64.131.19
General Check archive.org Show headers Download Go to Full URL https://rduto.tempestforge.top/blue-robot/assets/style.css Requested by Host: rduto.tempestforge.top URL: https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.131.19 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 19:37:00 GMT content-encoding br cf-cache-status HIT last-modified Wed, 28 Jun 2023 10:38:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2418 etag W/"649c0dba-f8e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JOfkzPTLzK71F8azudynHV6Lfo76i0a5cfYemDDql4ja9AOnp%2B1KkWt60tIvQ6H26d46qQxPG2P5PQK704O%2FZif%2BritJtf0IxzZOADZ7y%2FmnyFz4jfJ6e7fxCamT%2BY9oqPrSgB54k9GA"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 809c853faf698c7e-EWR alt-svc h3=":443"; ma=86400
GET H2	200	static-pl.js rduto.tempestforge.top/shared-js/assets/	3 KB 1 KB	70ms 67ms	Script application/javascript	172.64.131.19
General Check archive.org Show headers Download Go to Full URL https://rduto.tempestforge.top/shared-js/assets/static-pl.js Requested by Host: rduto.tempestforge.top URL: https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.131.19 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://rduto.tempestforge.top/blue-robot/?pl=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&hash=nOvYLpeuxKYfv1rej5DFCg&exp=1695238919 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Wed, 20 Sep 2023 19:37:00 GMT content-encoding br cf-cache-status HIT last-modified Wed, 28 Jun 2023 10:38:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4741 etag W/"649c0dba-bf3" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YirtqojevUIDhX%2B0P1QmIfwGOwaBKaHYBUSbNCG7dLX5hAERvVNU28fK2JyXl4hBTs%2BGYilmzpWZgp53kstHUTADmyBG9dXHPx70MLz2QuKH3n5I0NhgUE7dAXZm9gbV%2BQuuRC%2BowxTK"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 809c853faf6b8c7e-EWR alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	748 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/svg+xml
GET		ps.js cdnstatic.tempestforge.top/ps/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdnstatic.tempestforge.top
URL: https://cdnstatic.tempestforge.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=2o78qvevO0uWxPcuCAny6Q&sm=blue-robot&click_id=2olrq72122tc9&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.tempestforge.top

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.iwinprize.xyz/	1970-01-20 15:38:37	Name: _subid Value: 2olrq72122tc8
www.iwinprize.xyz/	1970-01-21 00:29:58	Name: b7beb Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQxNjdcIjoxNjk1MjM4NjE4fSxcImNhbXBhaWduc1wiOntcIjM0NjZcIjoxNjk1MjM4NjE4fSxcInRpbWVcIjoxNjk1MjM4NjE4fSJ9.cK5fNv6MpRWYY7yBaATqDrmv0AhpcITU9xES2aPvrdM
www.llucky.xyz/	1970-01-20 15:38:37	Name: _subid Value: 2olrq72122tc9
www.llucky.xyz/	1970-01-21 00:29:58	Name: b7beb Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjI0MThcIjoxNjk1MjM4NjE5fSxcImNhbXBhaWduc1wiOntcIjEwNDdcIjoxNjk1MjM4NjE5fSxcInRpbWVcIjoxNjk1MjM4NjE5fSJ9.SFX3S85-M5FiVCjE-VLnwiaWShrss0ipZ3PexwDX5dM
www.llucky.xyz/	1970-01-20 15:38:37	Name: _token Value: uuid_2olrq72122tc9_2olrq72122tc9650b49db058111.76916189

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alienfb.trade
cdnstatic.tempestforge.top
country.contentrightnow.com
monkey.redirectmaster.com
rduto.tempestforge.top
rduto.vegalyrae.top
tiktok_51d0.of4n.com
whos.amung.us
www.iwinprize.xyz
www.llucky.xyz
cdnstatic.tempestforge.top
172.64.131.19
172.67.130.128
2606:4700:10::ac43:88d
2606:4700:3031::6815:14db
2606:4700:3032::6815:393f
2606:4700:3037::6815:3fa6
2606:4700:3037::ac43:c764
64.227.23.114
99.198.108.194
2c0b0f46a0c12f49cc290e1b3d62a890e8da3434dc80720e3c5a20bec0ab43e1
9b2ed619a9620fc9d445ebab690f1f1c4108a41b93c6e4ddc80f7f9aea03bdec
fda29adefc5a6d21683341e8d10a8eb488358d1533ac7963a74588afe7e70293

rduto.tempestforge.top Open in urlscan Pro 172.64.131.19 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

11 Requests

91 %HTTPS

56 %IPv6

9 Domains

10 Subdomains

6 IPs

1 Countries

16 kBTransfer

41 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

5 Cookies

Indicators

rduto.tempestforge.top Open in urlscan Pro
172.64.131.19 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

56 %
IPv6

9
Domains

10
Subdomains

6
IPs

1
Countries

16 kB
Transfer

41 kB
Size

5
Cookies

11 HTTP transactions
1 data transactions