m9.wtf - urlscan.io

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 2604:a880:4:1d0::30e:7000, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is m9.wtf.
TLS certificate: Issued by E6 on November 2nd 2024. Valid for: 3 months.

This is the only time m9.wtf was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2604:a880:4:1... 2604:a880:4:1d0::30e:7000	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:911d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
6	4

1 2604:a880:4:1d0::30e:7000 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

m9.wtf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:911d (United States)

ASN13335 (CLOUDFLARENET, US)

bear-images.sfo2.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	gstatic.com fonts.gstatic.com	48 KB
1	digitaloceanspaces.com bear-images.sfo2.cdn.digitaloceanspaces.com	601 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	986 B
1	m9.wtf m9.wtf	3 KB
6	4

	Domain	Requested by
3	fonts.gstatic.com	fonts.googleapis.com
1	bear-images.sfo2.cdn.digitaloceanspaces.com	m9.wtf
1	fonts.googleapis.com	m9.wtf
1	m9.wtf
6	4

This site contains links to these domains. Also see Links.

Domain
bearblog.dev

Subject Issuer	Validity	Valid
m9.wtf E6	`2024-11-02` - `2025-01-31`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.sfo2.cdn.digitaloceanspaces.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-20` - `2025-05-07`	a year	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://m9.wtf/
Frame ID: C3AC85C6FBDBC1421F0F2E3836B34BA5
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

m9.wtf

Page URL History Show full URLs

http://m9.wtf/ HTTP 307
https://m9.wtf/ Page URL

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

653 kB
Transfer

657 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://bearblog.dev/
Title: Bear ʕ•ᴥ•ʔ

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://m9.wtf/ HTTP 307
https://m9.wtf/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
m9.wtf/
Redirect Chain

http://m9.wtf/
https://m9.wtf/

8 KB
3 KB

772ms
422ms

Document
text/html

2604:a880:4:1d0::30e:7000
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://m9.wtf/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2604:a880:4:1d0::30e:7000 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Caddy cloudflare /

Resource Hash

2606a4039f43dfa24a7a23948b03266f25311fee5a8d08463ef452ec783e6f2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8e7a6b39c8d52716-SJC
content-encoding: zstd
content-type: text/html; charset=utf-8
date: Sun, 24 Nov 2024 15:26:42 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
referrer-policy: origin-when-cross-origin
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1732462002&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=RMTFpoEPnxB6MO8RLOyC%2Bwy%2F%2FZ08MZwyOeVQoWf7JyQ%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1732462002&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&s=RMTFpoEPnxB6MO8RLOyC%2Bwy%2F%2FZ08MZwyOeVQoWf7JyQ%3D
server: Caddy cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=1917&sent=54058&recv=23503&lost=0&retrans=8&sent_bytes=40529892&recv_bytes=1474994&delivery_rate=15894813&cwnd=256&unsent_bytes=0&cid=dcf0d9caee4cc4b9&ts=409163&x=0"
vary: Cookie, Accept-Encoding
via: 1.1 vegur
x-clacks-overhead: GNU Terry Pratchett
x-content-type-options: nosniff
x-frame-options: ALLOWALL

Redirect headers

Location: https://m9.wtf/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
986 B 100ms
31ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Space+Mono:ital@0;1&display=swap

Requested by

Host: m9.wtf
URL: https://m9.wtf/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4f0257d1af164c1693eb81560bbd58f1285e34245eba682ecfa7323c941adf53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://m9.wtf/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 24 Nov 2024 15:26:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 24 Nov 2024 15:26:42 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Sun, 24 Nov 2024 15:26:42 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 bear95-1717792226-0.jpg
bear-images.sfo2.cdn.digitaloceanspaces.com/ 600 KB
601 KB 140ms
60ms Image
image/jpeg 2606:4700:4400::ac40:911d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bear-images.sfo2.cdn.digitaloceanspaces.com/bear95-1717792226-0.jpg

Requested by

Host: m9.wtf
URL: https://m9.wtf/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:911d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46d45c2eaa95e8b9d22e5aff9ce559cff9efbc0e0a5bffa3fdf792f1b9bcc513

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://m9.wtf/

Response headers

x-envoy-upstream-healthchecked-cluster
cf-bgj: h2pri
etag: "0415a8fd184edb0b3660f5037f84a702"
cf-cache-status: HIT
date: Sun, 24 Nov 2024 15:26:42 GMT
x-rgw-object-type: Normal
content-type: image/jpeg
last-modified: Fri, 07 Jun 2024 20:30:28 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-do-cdn-uuid: 5f4a85c3-4960-4cf0-807f-be82b26752a8
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=86400
x-amz-request-id: tx00000a3daadfdc441b909-00673f7528-6afcfcc7-sfo2a
cf-ray: 8e7a6b3c882edbf2-FRA
accept-ranges: bytes
content-length: 613952
server: cloudflare

GET
H3 200 i7dPIFZifjKcF5UAWdDRYEF8RQ.woff2
fonts.gstatic.com/s/spacemono/v14/ 15 KB
15 KB 79ms
32ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/spacemono/v14/i7dPIFZifjKcF5UAWdDRYEF8RQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Space+Mono:ital@0;1&display=swap

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

207135cc190764476b01a6e891e8e87da58cc0b2fab5b35ee0813bb625b79538

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://m9.wtf
Referer: https://fonts.googleapis.com/

Response headers

age: 495954
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 18 Nov 2025 21:40:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 21:40:48 GMT
last-modified: Thu, 26 Sep 2024 23:34:20 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15828
x-xss-protection: 0
server: sffe

GET
H3 200 i7dNIFZifjKcF5UAWdDRYERMR3K_.woff2
fonts.gstatic.com/s/spacemono/v14/ 18 KB
18 KB 84ms
38ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/spacemono/v14/i7dNIFZifjKcF5UAWdDRYERMR3K_.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Space+Mono:ital@0;1&display=swap

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c61e23155b018b2b8afac3da6d60e5b12f24b17d36edcb269ee9e771f31f012

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://m9.wtf
Referer: https://fonts.googleapis.com/

Response headers

age: 344052
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 15:52:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 15:52:30 GMT
last-modified: Thu, 26 Sep 2024 23:22:59 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18224
x-xss-protection: 0
server: sffe

GET
H3 200 i7dPIFZifjKcF5UAWdDRYE98RWq7.woff2
fonts.gstatic.com/s/spacemono/v14/ 14 KB
14 KB 74ms
28ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/spacemono/v14/i7dPIFZifjKcF5UAWdDRYE98RWq7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Space+Mono:ital@0;1&display=swap

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87514b843e0502c6e6f16a94f3fd46dccd6fd3d3fe9cf643ed37ac0be9842bd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://m9.wtf
Referer: https://fonts.googleapis.com/

Response headers

age: 495370
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 18 Nov 2025 21:50:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 21:50:32 GMT
last-modified: Thu, 26 Sep 2024 23:18:46 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 14684
x-xss-protection: 0
server: sffe

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			m9.wtf/	1969-12-31 23:59:59	Name: timezone Value: Europe/Berlin

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bear-images.sfo2.cdn.digitaloceanspaces.com
fonts.googleapis.com
fonts.gstatic.com
m9.wtf
2604:a880:4:1d0::30e:7000
2606:4700:4400::ac40:911d
2a00:1450:4001:80b::200a
2a00:1450:4001:81d::2003
0c61e23155b018b2b8afac3da6d60e5b12f24b17d36edcb269ee9e771f31f012
207135cc190764476b01a6e891e8e87da58cc0b2fab5b35ee0813bb625b79538
2606a4039f43dfa24a7a23948b03266f25311fee5a8d08463ef452ec783e6f2c
46d45c2eaa95e8b9d22e5aff9ce559cff9efbc0e0a5bffa3fdf792f1b9bcc513
4f0257d1af164c1693eb81560bbd58f1285e34245eba682ecfa7323c941adf53
87514b843e0502c6e6f16a94f3fd46dccd6fd3d3fe9cf643ed37ac0be9842bd2

m9.wtf Open in urlscan Pro 2604:a880:4:1d0::30e:7000 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

653 kBTransfer

657 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

m9.wtf Open in urlscan Pro
2604:a880:4:1d0::30e:7000 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

653 kB
Transfer

657 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions