opera.spectaclemnro.com Open in urlscan Pro
104.21.92.9 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://proxy.gameuber.com/
Effective URL:
https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r...
Submission: On October 08 via api (October 8th 2024, 1:55:27 pm UTC) from US — Scanned from CA

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 9 domains to perform 12 HTTP transactions. The main IP is 104.21.92.9, located in and belongs to . The main domain is opera.spectaclemnro.com.
TLS certificate: Issued by WE1 on September 20th 2024. Valid for: 3 months.

This is the only time opera.spectaclemnro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 5	64.190.63.222 64.190.63.222	47846 (SEDO-AS) (SEDO-AS)
1	205.234.175.175 205.234.175.175	23352 (SERVERCEN...) (SERVERCENTRAL)
1 1	173.239.53.32 173.239.53.32	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	2606:4700:10:... 2606:4700:10::6816:17fd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3030::ac43:b552	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:303... 2606:4700:3037::ac43:9b84	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	104.21.92.9 104.21.92.9	() ()
12	5

5 64.190.63.222 (Germany) 2 redirects

ASN47846 (SEDO-AS, DE)

proxy.gameuber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.234.175.175 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vip1.G-anycast1.cachefly.net

img.sedoparking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.239.53.32 (New York, United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

xml.sedodna.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:17fd (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

info.gotrackier.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:b552 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mnr-irrs12.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3037::ac43:9b84 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mnr-blrs21.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.21.92.9 (None, ) 1 redirects

ASN- ()

opera.spectaclemnro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	spectaclemnro.com 1 redirects opera.spectaclemnro.com	35 KB
5	gameuber.com 2 redirects proxy.gameuber.com	4 KB
3	mnr-blrs21.com 1 redirects mnr-blrs21.com	2 KB
1	mnr-irrs12.com 1 redirects mnr-irrs12.com	533 B
1	gotrackier.com 1 redirects info.gotrackier.com — Cisco Umbrella Rank: 311950	468 B
1	sedodna.com 1 redirects xml.sedodna.com — Cisco Umbrella Rank: 343845	215 B
1	sedoparking.com img.sedoparking.com — Cisco Umbrella Rank: 68803	15 KB
0	monro65.casino Failed monro65.casino Failed
0	monro.casino Failed monro.casino Failed
12	9

	Domain	Requested by
5	opera.spectaclemnro.com	1 redirects mnr-blrs21.com opera.spectaclemnro.com
5	proxy.gameuber.com	2 redirects proxy.gameuber.com
3	mnr-blrs21.com	1 redirects proxy.gameuber.com
1	mnr-irrs12.com	1 redirects
1	info.gotrackier.com	1 redirects
1	xml.sedodna.com	1 redirects
1	img.sedoparking.com
0	monro65.casino Failed	opera.spectaclemnro.com
0	monro.casino Failed	opera.spectaclemnro.com
12	9

This site contains no links.

Subject Issuer	Validity	Valid
proxy.gameuber.com Encryption Everywhere DV TLS CA - G2	`2024-08-23` - `2025-08-23`	a year	crt.sh
*.cachefly.net GlobalSign RSA OV SSL CA 2018	`2023-11-13` - `2024-12-14`	a year	crt.sh
mnr-blrs21.com WE1	`2024-08-17` - `2024-11-15`	3 months	crt.sh
spectaclemnro.com WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157
Frame ID: 83C58182862931A2FF0D8A524C84F0B1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://proxy.gameuber.com/ Page URL
https://proxy.gameuber.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dq08yIchskN... HTTP 302
https://proxy.gameuber.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dq08yIchskN... HTTP 302
https://xml.sedodna.com/click?i=q08yIchskNM_0 HTTP 302
https://info.gotrackier.com/sl/KNvwvzD/?pub_id=2&source=95356 HTTP 302
https://mnr-irrs12.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157 HTTP 301
https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df043... Page URL
https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df043... HTTP 302
https://opera.spectaclemnro.com/flicks?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bd... HTTP 302
https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8b... Page URL

Page Statistics

12
Requests

83 %
HTTPS

43 %
IPv6

9
Domains

9
Subdomains

5
IPs

2
Countries

53 kB
Transfer

110 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://proxy.gameuber.com/ Page URL
https://proxy.gameuber.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dq08yIchskNM_0&v=ZTQxNWUyYmNjYmE0YmNlYjRkOTFkM2I2YmY5OThmNTgJMQlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3Njc2MS45NzY0NzQ1Mwlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3NmJhMS41ODkzNjcyNgkxNzI4Mzk1NzIxCWFkXzYzXzA%3D&l=ogc5YKimR8vigakE64-PCt_lOviiRUzTk2vdZJdAPwbX20zx-cnF9WgKZcxn4IpFYSG1GkTcAGRojDOQqRsPuJ7Z4ArkhVTzdRj865W8YQWW_oMgnIH3wwdh-ryUzEIKEYq1VU5xZ2lgcddjCYnDzhcaHO7F-BXVMCiusf_-hkxuhpGUhCvY3SP_jr4l9R0vHjraMT-loart25Nox8Mv40jcZTTd7OYfe3jM___2-a7dWqFodMY5_o7HCWWtB7Ofio0t6JFFv9pfg4Y2gORuNDZd_WJm2he4n0uQkiEdNe93zBLs-W4c2CeRRa9IXFp00YrT_J4SmApgUZNYyK6gSMQ3VAYpI-UL1Tiz77XyOEKJWNMi6Wf1V2JUq3qnFYZcLZDMSqUJsjUV35VXtL0byLA9_iaapXfAU3mg_4cMkJJYLnpi7vh_XvPnfqjPNIvBhHjApgUvx2SYJ-1Ukvyxyex7PlFoSjjmcCT5KOwmzcJdsxDMenQiRPhklL2VirUeMALyREYvJEGtHZhWfhxz_ByqLUiicuZi6KYgphlAYxsix-Gc_sXR6gUuHBafgyl_eo9uz8OyO8tQw3K984Q2GMMGTAUACqOhkQmbEZMDcbRXt4mxyyvj86k-SUIDitBFbvW2G5x_-th9auCU6XOcbxvJ5c8JutCab8wCBriw3yPfFoH9pipcWggCHxKLLc0DPQhYJUk6CTScFNt HTTP 302
https://proxy.gameuber.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dq08yIchskNM_0&v=ZTQxNWUyYmNjYmE0YmNlYjRkOTFkM2I2YmY5OThmNTgJMQlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3Njc2MS45NzY0NzQ1Mwlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3NmJhMS41ODkzNjcyNgkxNzI4Mzk1NzIxCWFkXzYzXzA%3D&l=ogc5YKimR8vigakE64-PCt_lOviiRUzTk2vdZJdAPwbX20zx-cnF9WgKZcxn4IpFYSG1GkTcAGRojDOQqRsPuJ7Z4ArkhVTzdRj865W8YQWW_oMgnIH3wwdh-ryUzEIKEYq1VU5xZ2lgcddjCYnDzhcaHO7F-BXVMCiusf_-hkxuhpGUhCvY3SP_jr4l9R0vHjraMT-loart25Nox8Mv40jcZTTd7OYfe3jM___2-a7dWqFodMY5_o7HCWWtB7Ofio0t6JFFv9pfg4Y2gORuNDZd_WJm2he4n0uQkiEdNe93zBLs-W4c2CeRRa9IXFp00YrT_J4SmApgUZNYyK6gSMQ3VAYpI-UL1Tiz77XyOEKJWNMi6Wf1V2JUq3qnFYZcLZDMSqUJsjUV35VXtL0byLA9_iaapXfAU3mg_4cMkJJYLnpi7vh_XvPnfqjPNIvBhHjApgUvx2SYJ-1Ukvyxyex7PlFoSjjmcCT5KOwmzcJdsxDMenQiRPhklL2VirUeMALyREYvJEGtHZhWfhxz_ByqLUiicuZi6KYgphlAYxsix-Gc_sXR6gUuHBafgyl_eo9uz8OyO8tQw3K984Q2GMMGTAUACqOhkQmbEZMDcbRXt4mxyyvj86k-SUIDitBFbvW2G5x_-th9auCU6XOcbxvJ5c8JutCab8wCBriw3yPfFoH9pipcWggCHxKLLc0DPQhYJUk6CTScFNt HTTP 302
https://xml.sedodna.com/click?i=q08yIchskNM_0 HTTP 302
https://info.gotrackier.com/sl/KNvwvzD/?pub_id=2&source=95356 HTTP 302
https://mnr-irrs12.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157 HTTP 301
https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e Page URL
https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e HTTP 302
https://opera.spectaclemnro.com/flicks?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157 HTTP 302
https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://proxy.gameuber.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dq08yIchskNM_0&v=ZTQxNWUyYmNjYmE0YmNlYjRkOTFkM2I2YmY5OThmNTgJMQlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3Njc2MS45NzY0NzQ1Mwlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3NmJhMS41ODkzNjcyNgkxNzI4Mzk1NzIxCWFkXzYzXzA%3D&l=ogc5YKimR8vigakE64-PCt_lOviiRUzTk2vdZJdAPwbX20zx-cnF9WgKZcxn4IpFYSG1GkTcAGRojDOQqRsPuJ7Z4ArkhVTzdRj865W8YQWW_oMgnIH3wwdh-ryUzEIKEYq1VU5xZ2lgcddjCYnDzhcaHO7F-BXVMCiusf_-hkxuhpGUhCvY3SP_jr4l9R0vHjraMT-loart25Nox8Mv40jcZTTd7OYfe3jM___2-a7dWqFodMY5_o7HCWWtB7Ofio0t6JFFv9pfg4Y2gORuNDZd_WJm2he4n0uQkiEdNe93zBLs-W4c2CeRRa9IXFp00YrT_J4SmApgUZNYyK6gSMQ3VAYpI-UL1Tiz77XyOEKJWNMi6Wf1V2JUq3qnFYZcLZDMSqUJsjUV35VXtL0byLA9_iaapXfAU3mg_4cMkJJYLnpi7vh_XvPnfqjPNIvBhHjApgUvx2SYJ-1Ukvyxyex7PlFoSjjmcCT5KOwmzcJdsxDMenQiRPhklL2VirUeMALyREYvJEGtHZhWfhxz_ByqLUiicuZi6KYgphlAYxsix-Gc_sXR6gUuHBafgyl_eo9uz8OyO8tQw3K984Q2GMMGTAUACqOhkQmbEZMDcbRXt4mxyyvj86k-SUIDitBFbvW2G5x_-th9auCU6XOcbxvJ5c8JutCab8wCBriw3yPfFoH9pipcWggCHxKLLc0DPQhYJUk6CTScFNt HTTP 302
https://proxy.gameuber.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dq08yIchskNM_0&v=ZTQxNWUyYmNjYmE0YmNlYjRkOTFkM2I2YmY5OThmNTgJMQlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3Njc2MS45NzY0NzQ1Mwlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3NmJhMS41ODkzNjcyNgkxNzI4Mzk1NzIxCWFkXzYzXzA%3D&l=ogc5YKimR8vigakE64-PCt_lOviiRUzTk2vdZJdAPwbX20zx-cnF9WgKZcxn4IpFYSG1GkTcAGRojDOQqRsPuJ7Z4ArkhVTzdRj865W8YQWW_oMgnIH3wwdh-ryUzEIKEYq1VU5xZ2lgcddjCYnDzhcaHO7F-BXVMCiusf_-hkxuhpGUhCvY3SP_jr4l9R0vHjraMT-loart25Nox8Mv40jcZTTd7OYfe3jM___2-a7dWqFodMY5_o7HCWWtB7Ofio0t6JFFv9pfg4Y2gORuNDZd_WJm2he4n0uQkiEdNe93zBLs-W4c2CeRRa9IXFp00YrT_J4SmApgUZNYyK6gSMQ3VAYpI-UL1Tiz77XyOEKJWNMi6Wf1V2JUq3qnFYZcLZDMSqUJsjUV35VXtL0byLA9_iaapXfAU3mg_4cMkJJYLnpi7vh_XvPnfqjPNIvBhHjApgUvx2SYJ-1Ukvyxyex7PlFoSjjmcCT5KOwmzcJdsxDMenQiRPhklL2VirUeMALyREYvJEGtHZhWfhxz_ByqLUiicuZi6KYgphlAYxsix-Gc_sXR6gUuHBafgyl_eo9uz8OyO8tQw3K984Q2GMMGTAUACqOhkQmbEZMDcbRXt4mxyyvj86k-SUIDitBFbvW2G5x_-th9auCU6XOcbxvJ5c8JutCab8wCBriw3yPfFoH9pipcWggCHxKLLc0DPQhYJUk6CTScFNt HTTP 302
https://xml.sedodna.com/click?i=q08yIchskNM_0 HTTP 302
https://info.gotrackier.com/sl/KNvwvzD/?pub_id=2&source=95356 HTTP 302
https://mnr-irrs12.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157 HTTP 301
https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response proxy.gameuber.com/	3 KB 2 KB	2479ms 1674ms	Document text/html	64.190.63.222 SEDO-AS
General Check archive.org Show headers Download Go to Full URL https://proxy.gameuber.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 64.190.63.222 , Germany, ASN47846 (SEDO-AS, DE), Reverse DNS Software Parking/1.0 / Resource Hash `c4fcd772e2a75c76e7097915b00a6704d009cbd62ca9ab7db9515abff0ec8d69` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 date Tue, 08 Oct 2024 13:55:21 GMT expires Mon, 26 Jul 1997 05:00:00 GMT last-modified Tue, 08 Oct 2024 13:55:19 GMT pragma no-cache server Parking/1.0 vary Accept-Encoding x-adblock-key MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_PkF24CQf+unbpHY+WAre0DbTy2PeJ3uPRRvQTKGMjAVA+a56UhKQP4rSLt6WfyrwFDsE4QXW4tXoW2qSKMC5Kw== x-cache-miss-from parking-5879f9b8c8-vccqr
GET H2	441	js_preloader.gif proxy.gameuber.com/img.sedoparking.com/images/	0 19 B	189ms 188ms	Image text/plain	64.190.63.222 SEDO-AS
General Check archive.org Show headers Download Go to Show image Full URL https://proxy.gameuber.com/img.sedoparking.com/images/js_preloader.gif Requested by Host: proxy.gameuber.com URL: https://proxy.gameuber.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 64.190.63.222 , Germany, ASN47846 (SEDO-AS, DE), Reverse DNS Software Parking/1.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://proxy.gameuber.com/ Response headers date Tue, 08 Oct 2024 13:55:21 GMT server Parking/1.0 content-length 0
GET H2	200	tsc.php proxy.gameuber.com/search/	0 35 B	164ms 163ms	XHR text/html	64.190.63.222 SEDO-AS
General Check archive.org Show headers Download Go to Full URL https://proxy.gameuber.com/search/tsc.php?ses=ogcHkUz6I-t-ZSdlwhimWFR0r0lzGxvNI5ZudgihYAfGWe_9hDfOJtylkyYlohR0lwdjRQg1oD60DEbsMSsStS833ELI3CUWyTNnCy6ELzdEAs7JtG6hMDnn_HBmx6BXnQgNnNA74PyINK9XqS_MmE_85RP-Wg7BVelmGNTYqXa8g_iZqlkmbi4nmjR8O9W8ZLIZLROeHhfnRBXwyAI8VpX9c16U_Lv3m306MWNWW9wSTH2LNn_niXFNicwEDJTR0pZTGbNcN_tqOaRMXL9g4y6IbaJQF-INy6UVov7IXlY8uvn1cyzSS_4THzaJL_iLeBvGqkoODin-6-F_3KBUbfMlkJRSj_wURiGcdRkEyhdjV4CcIKofHIZiXY1fmMh&cv=2 Requested by Host: proxy.gameuber.com URL: https://proxy.gameuber.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 64.190.63.222 , Germany, ASN47846 (SEDO-AS, DE), Reverse DNS Software Parking/1.0 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://proxy.gameuber.com/ Response headers x-cache-miss-from parking-5879f9b8c8-tfh2t content-length 0 date Tue, 08 Oct 2024 13:55:21 GMT content-type text/html; charset=UTF-8 server Parking/1.0
GET H2	200	sedo_logo.png img.sedoparking.com/templates/logos/	15 KB 15 KB	356ms 37ms	Other image/png	205.234.175.175 SERVERCENTRAL
General Check archive.org Show headers Download Go to Full URL https://img.sedoparking.com/templates/logos/sedo_logo.png Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 205.234.175.175 , United States, ASN23352 (SERVERCENTRAL, US), Reverse DNS vip1.G-anycast1.cachefly.net Software CFS 1124 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://proxy.gameuber.com/ Response headers x-cf2 H expires Tue, 15 Oct 2024 13:55:22 GMT x-cf1 11696:fE.yyz1:cf:nom:cacheN.yyz1-01:H date Tue, 08 Oct 2024 13:55:22 GMT cf4ttl 31536000.000 content-type image/png x-cf-reqid 34719942b500bf3d2dd85b5f5f82a9d7 last-modified Mon, 11 Jan 2021 07:44:34 GMT x-cff B cf4age 0 cache-control max-age=604800 x-cf3 H accept-ranges bytes access-control-allow-origin * content-length 15086 x-cfhash "def00c11b1596db4efee6a9fbe64fc27" x-cf-tsc 1721143080 server CFS 1124
GET H3	200	c42fa87c3 mnr-blrs21.com/ Redirect Chain https://proxy.gameuber.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dq08yIchskNM_0&v=ZTQxNWUyYmNjYmE0YmNlYjRkOTFkM2I2YmY5OThmNTgJMQlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3Njc2... https://proxy.gameuber.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3Dq08yIchskNM_0&v=ZTQxNWUyYmNjYmE0YmNlYjRkOTFkM2I2YmY5OThmNTgJMQlwcm94eS5nYW1ldWJlci5jb202NzA1MzljN2Q3Njc2... https://xml.sedodna.com/click?i=q08yIchskNM_0 https://info.gotrackier.com/sl/KNvwvzD/?pub_id=2&source=95356 https://mnr-irrs12.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157 https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e	2 KB 1 KB	429ms 217ms	Document text/html	2606:4700:3037::ac43:9b84 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e Requested by Host: proxy.gameuber.com URL: https://proxy.gameuber.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:9b84 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8cf6a0e16c7ec3f0-EWR content-encoding br content-type text/html date Tue, 08 Oct 2024 13:55:25 GMT last-modified Tue, 08 Oct 2024 12:57:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QLNT%2BwLTjR1w5g%2BsvbRK3d3c%2BEaN8JXBA%2Brqkz23RFqvtKl2xffBpS%2B%2B%2FjDXlSY9qt4Zxv9ZgkvudV8Prsm1fBiLPoZDWX5jU38FLTMFU8sEIt8TLqKeDgHxJp4j7e33%2FG8%2Btfj7vYwXXNKt%2FA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation" Redirect headers cf-cache-status DYNAMIC cf-ray 8cf6a0de38df0f37-EWR content-type text/html date Tue, 08 Oct 2024 13:55:24 GMT location https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jmb0%2FqOaZkdgaB8yXdxOr95tSXrSByTPm%2BqvVgWErW8U2poo1vlDAr6nxWocaSKK2TDJqHCiN25z%2BOVfPApJfe7kKXbpe7WrXX9LLnwunEtYg23iiMj557a5LeIEJxMGTWZyV%2FEDGa5S8Xx%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation"
GET H3	200	speculation mnr-blrs21.com/cdn-cgi/	128 B 555 B	74ms 73ms	Other application/speculationrules+json	2606:4700:3037::ac43:9b84 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mnr-blrs21.com/cdn-cgi/speculation Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:9b84 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://mnr-blrs21.com Referer https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sRDVgW%2BP5YsvoeQHE86rmhp4t%2BpSILvmLTjeyto%2BjlfwkxHvqvOyyKt%2B4TyavPR6%2Ffw5Rj2iNCceMGf9WrNyVJ39s1tglZV2ZBOLv8epYm74ouBP1UTSm4GBnsojTk2n6JRS%2FAm7i735ZbeNKQ%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cf6a0e3ef2cc3f0-EWR access-control-allow-origin https://mnr-blrs21.com content-length 128 date Tue, 08 Oct 2024 13:55:25 GMT content-type application/speculationrules+json vary Origin, Accept-Encoding server cloudflare
GET H3	200	Primary Request / Show response opera.spectaclemnro.com/flicks/ Redirect Chain https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e https://opera.spectaclemnro.com/flicks?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157 https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157	1 KB 1 KB	213ms 212ms	Document text/html	104.21.92.9
General Check archive.org Show headers Download Go to Full URL https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157 Requested by Host: mnr-blrs21.com URL: https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.92.9 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash `e62a914049fa304e4b3f9ef7518f7779cce3ae913d2bd115016e6b8b2454cf66` Request headers Referer https://mnr-blrs21.com/c42fa87c3?visit_id=670539cb6ab36b0346c2f157&al_id=4ef0db4a2f3b8bda34212df0435c9c3e Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers cache-control private, must-revalidate, no-cache, no-store, max-age=0 cf-cache-status DYNAMIC cf-ray 8cf6a0ed9c49ab42-YYZ content-encoding br content-type text/html; charset=UTF-8 date Tue, 08 Oct 2024 13:55:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SR98%2FJFI41ykPjfSipW5B85xI6z2ofpaewgrotip96EZsPF7bi%2BsDalfruml7%2Fhhnou5XLizyhsDzimcQrPY0UfLIZnYttvVKy00xV9dhr345T3AUKfYs%2BJOezFl636WPbONfUd8N3a7BA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation" vary accept-encoding x-iplb-instance 58409 x-iplb-request-id AC4650C3:380A_4F893455:01BB_670539CF_540B9B:4F87 Redirect headers cf-cache-status DYNAMIC cf-ray 8cf6a0ea1840ab42-YYZ content-type text/html date Tue, 08 Oct 2024 13:55:26 GMT location /flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7%2BieO8u3QdOsyOpxLdGM%2B4NHDmjaQaohHH3z3HwIv8%2BVCP5WGrUg5YkUEiCOb6OOSE8CmpiKVNImeI5eh1Me4QlHNIU%2F4F92IJPMb52zFLV7pJXjUwELsK26hXxyCeLKt6dgu34U4V5UQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation" x-iplb-instance 58409 x-iplb-request-id AC4650C3:380A_4F893455:01BB_670539CE_540B4D:4F87
GET H3	200	speculation opera.spectaclemnro.com/cdn-cgi/	128 B 553 B	95ms 85ms	Other application/speculationrules+json	104.21.92.9
General Check archive.org Show headers Download Go to Full URL https://opera.spectaclemnro.com/cdn-cgi/speculation Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.92.9 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash `11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://opera.spectaclemnro.com Referer https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157 Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WUa5sJYAstzUBUa3YiJHWbZSd8G45LrdIUejYZNR2PSU6XflteF8Gak2PrXQY8STik8Iehyp8hYlE8ih%2Fqo0EX8GFLiKOmoNRpGuBrWGxA2Pa9F6qIGLWS0iFSgLhvP61L5n4oBRWavs%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cf6a0ef1dc6ab42-YYZ access-control-allow-origin https://opera.spectaclemnro.com content-length 128 date Tue, 08 Oct 2024 13:55:27 GMT content-type application/speculationrules+json vary Origin, Accept-Encoding server cloudflare
GET H3	200	index.js Show response opera.spectaclemnro.com/assets/redirector-js/	89 KB 31 KB	61ms 51ms	Script application/javascript	104.21.92.9
General Check archive.org Show headers Download Go to Full URL https://opera.spectaclemnro.com/assets/redirector-js/index.js Requested by Host: opera.spectaclemnro.com URL: https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157 Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.92.9 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash `d517ddab8824d0476bafb2b57a345cb3146587c6f0e2c70f1a64eab67fc3c7d0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157 Response headers content-encoding gzip cf-cache-status HIT etag "66a8a465-7b87" age 5667 x-iplb-request-id AC45D6A2:27A6_4F893455:01BB_66FFF746_127BB77:3632 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rY4vAI6p2oc4PV4BQcYIQ8XSKeCznyS6hRZGXk4WHo0sLNPTutUT%2FUgIUGUEwDI%2BvvWU3QE0ss%2F6n7%2F2HFjue2n7VA6xBH4CRslje3uS4FJEHBcXGLlBP%2FSUrBGIKPsY%2BJMxJFId%2BxUbKw%3D%3D"}],"group":"cf-nel","max_age":604800} date Tue, 08 Oct 2024 13:55:27 GMT content-type application/javascript; charset=utf-8 last-modified Tue, 30 Jul 2024 08:29:25 GMT vary Accept-Encoding cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-iplb-instance 58340 cf-ray 8cf6a0ef1dc9ab42-YYZ accept-ranges bytes content-length 31623 server cloudflare
GET		/ monro.casino/kshtrjq63hdasd/	0 0

GET H3	200	favicon.ico opera.spectaclemnro.com/	0 571 B	323ms 322ms	Other text/html	104.21.92.9
General Check archive.org Show headers Download Go to Full URL https://opera.spectaclemnro.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.92.9 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://opera.spectaclemnro.com/flicks/?stag=216652_670539cdfaab350008d85d04&affb_id=88&al_id=4ef0db4a2f3b8bda34212df0435c9c3e&r=D3-D3-AblVGa39yZulGZuFGb&visit_id=670539cb6ab36b0346c2f157 Response headers cache-control private, must-revalidate, no-cache, no-store, max-age=0 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status BYPASS pragma no-cache speculation-rules "/cdn-cgi/speculation" x-iplb-instance 58409 x-iplb-request-id 6CA2F1BE:E230_4F893455:01BB_670539CF_540C09:4F87 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1fiP%2FtNaTm4vF%2FlFnYXbBvCC9OVWfnN7rhjFFe%2BclPleipfaa0A%2BbIZ5orTXMiiqaQPRuvE4kV3%2F7yCvmW6mjtPE0hEJgJ1Y7WyZR%2B5fDtLZpXR4AQIZyMCzuphz0FoQdGbi%2FJmLLyZG0g%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cf6a0efce9aab42-YYZ date Tue, 08 Oct 2024 13:55:27 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding server cloudflare
GET		/ monro65.casino/kshtrjq63hdasd/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: monro.casino
URL: https://monro.casino/kshtrjq63hdasd/

Domain: monro65.casino
URL: https://monro65.casino/kshtrjq63hdasd/

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			info.gotrackier.com/	1970-01-21 00:16:40	Name: sess_66e838da92d59a7228609373 Value: 660bc352b54ce254f4021046
			.gotrackier.com/	1970-01-21 00:06:37	Name: __cf_bm Value: YeuLi2WTDHsocbfd1LG93LW2K35tSDoTV9wwcVXVWnI-1728395723-1.0.1.1-3CqjV_TqbBCkhO3TAHfnkIe45fF8w7W_h496viBkkEpcWyAw2JkxDgJpa0Ry3Wv.uFoZ5L.CW03cJ3g9iNekIg

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://proxy.gameuber.com/img.sedoparking.com/images/js_preloader.gif Message: Failed to load resource: the server responded with a status of 441 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.sedoparking.com
info.gotrackier.com
mnr-blrs21.com
mnr-irrs12.com
monro.casino
monro65.casino
opera.spectaclemnro.com
proxy.gameuber.com
xml.sedodna.com
monro.casino
monro65.casino
104.21.92.9
173.239.53.32
205.234.175.175
2606:4700:10::6816:17fd
2606:4700:3030::ac43:b552
2606:4700:3037::ac43:9b84
64.190.63.222
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
c4fcd772e2a75c76e7097915b00a6704d009cbd62ca9ab7db9515abff0ec8d69
d517ddab8824d0476bafb2b57a345cb3146587c6f0e2c70f1a64eab67fc3c7d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e62a914049fa304e4b3f9ef7518f7779cce3ae913d2bd115016e6b8b2454cf66

opera.spectaclemnro.com Open in urlscan Pro 104.21.92.9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

12 Requests

83 %HTTPS

43 %IPv6

9 Domains

9 Subdomains

5 IPs

2 Countries

53 kBTransfer

110 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

opera.spectaclemnro.com Open in urlscan Pro
104.21.92.9 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

83 %
HTTPS

43 %
IPv6

9
Domains

9
Subdomains

5
IPs

2
Countries

53 kB
Transfer

110 kB
Size

2
Cookies

12 HTTP transactions
0 data transactions