urlscan.io logo urlscan.io
SecurityTrails logo

incosa.de Open in urlscan Pro
188.114.97.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://blex.co.il/tmp/Q6TBMsPEsPwi.html
Effective URL: https://incosa.de/services/Gonow.html
Submission: On February 26 via manual from IN — Scanned from IL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 4 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is incosa.de.
TLS certificate: Issued by E1 on January 31st 2024. Valid for: 3 months.
This is the only time incosa.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 212.150.243.220 1680 (NV-ASN CE...)
1 2 188.114.97.3 13335 (CLOUDFLAR...)
2 3 103.20.215.76 132420 (E2E-NETWO...)
4 4
Apex Domain
Subdomains		 Transfer
3 dnsracks.com
kalibreglobal.dnsracks.com
1 KB
1 incosa.de
incosa.de
748 B
1 parkpension.de
go.parkpension.de
448 B
1 blex.co.il
blex.co.il
324 B
0 even-oil.com Failed
anti.even-oil.com Failed
4 5
Domain Requested by
3 kalibreglobal.dnsracks.com 2 redirects
1 incosa.de
1 go.parkpension.de 1 redirects
1 blex.co.il
0 anti.even-oil.com Failed
4 5

This site contains no links.

Subject Issuer Validity Valid
blex.funet.co.il
R3		 2024-01-25 -
2024-04-24		 3 months crt.sh
kalibreglobal.dnsracks.com
R3		 2024-02-23 -
2024-05-23		 3 months crt.sh
incosa.de
E1		 2024-01-31 -
2024-04-30		 3 months crt.sh

This page contains 1 frames:

Frame: https://anti.even-oil.com/IClyHPs
Frame ID: 1BECFADE6F6B91635B3A4AEA0C4B4C80
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://blex.co.il/tmp/Q6TBMsPEsPwi.html Page URL
  2. https://go.parkpension.de/Q6TBMsPEsPwi HTTP 302
    https://kalibreglobal.dnsracks.com/ HTTP 302
    https://kalibreglobal.dnsracks.com/app/index HTTP 302
    https://kalibreglobal.dnsracks.com/app/signin Page URL
  3. https://incosa.de/services/Gonow.html Page URL

Page Statistics

4
Requests

75 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

2 kB
Transfer

0 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://blex.co.il/tmp/Q6TBMsPEsPwi.html Page URL
  2. https://go.parkpension.de/Q6TBMsPEsPwi HTTP 302
    https://kalibreglobal.dnsracks.com/ HTTP 302
    https://kalibreglobal.dnsracks.com/app/index HTTP 302
    https://kalibreglobal.dnsracks.com/app/signin Page URL
  3. https://incosa.de/services/Gonow.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://go.parkpension.de/Q6TBMsPEsPwi HTTP 302
  • https://kalibreglobal.dnsracks.com/ HTTP 302
  • https://kalibreglobal.dnsracks.com/app/index HTTP 302
  • https://kalibreglobal.dnsracks.com/app/signin

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Q6TBMsPEsPwi.html
blex.co.il/tmp/ 		88 B
324 B 		Document
General
Check archive.org
Download Go to
Full URL
https://blex.co.il/tmp/Q6TBMsPEsPwi.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
212.150.243.220 Yas'ur, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS
server02.funet.co.il
Software
LiteSpeed /
Resource Hash
3556c2b6e3f561c0f406bd2037ead6031ce784ea90afcbdbe2c3169c87de4cc4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
he-IL,he;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
88
content-type
text/html
date
Mon, 26 Feb 2024 09:06:45 GMT
last-modified
Fri, 23 Feb 2024 21:46:51 GMT
server
LiteSpeed
signin
kalibreglobal.dnsracks.com/app/
Redirect Chain
  • https://go.parkpension.de/Q6TBMsPEsPwi
  • https://kalibreglobal.dnsracks.com/
  • https://kalibreglobal.dnsracks.com/app/index
  • https://kalibreglobal.dnsracks.com/app/signin
91 B
483 B 		Document
General
Check archive.org
Download Go to
Full URL
https://kalibreglobal.dnsracks.com/app/signin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.20.215.76 Faridabad, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
e2e-4-76.ssdcloudindia.net
Software
nginx / PHP/7.4.33 PleskLin
Resource Hash
227fda17f5c3573f2bbc44f9b17fb4be639efe6372d0620ce5eaa94f63be9d74
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blex.co.il/tmp/Q6TBMsPEsPwi.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
he-IL,he;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 26 Feb 2024 09:06:50 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
host
www.fbi.gov
origin
https://www.fbi.gov
pragma
no-cache
referer
https://www.fbi.gov
remote_addr
104.16.77.187
server
nginx
x-content-type
nosniff
x-forwarded-host
www.fbi.gov
x-forwarded-proto
https
x-powered-by
PHP/7.4.33 PleskLin
x-xss-protection
1; mode=block
x_forwarded_for
104.16.77.187

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html; charset=UTF-8
date
Mon, 26 Feb 2024 09:06:50 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
host
www.fbi.gov
location
signin
origin
https://www.fbi.gov
pragma
no-cache
referer
https://www.fbi.gov
remote_addr
104.16.77.187
server
nginx
x-content-type
nosniff
x-forwarded-host
www.fbi.gov
x-forwarded-proto
https
x-powered-by
PHP/7.4.33 PleskLin
x-xss-protection
1; mode=block
x_forwarded_for
104.16.77.187
Primary Request Gonow.html
incosa.de/services/ 		82 B
748 B 		Document
General
Check archive.org
Download Go to
Full URL
https://incosa.de/services/Gonow.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
0fb08f04ad36253b8861e76cebe39c2780118741746c2af0a773c45f266c9024
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://kalibreglobal.dnsracks.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
he-IL,he;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85b708cc08610e5f-MXP
content-encoding
br
content-type
text/html
date
Mon, 26 Feb 2024 09:06:50 GMT
host
www.fbi.gov
last-modified
Sun, 25 Feb 2024 16:35:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin
https://www.fbi.gov
referer
https://www.fbi.gov
remote_addr
104.16.77.187
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sa7%2FKuSNCL3OgBu9tEv%2F9ECWZVwS2N%2BmhL6Ft8%2BFUhEw%2B46esFbB3lREjoruRYIm6V05lpriblbP3xyBAFbBZsh1Xik1Nc9PTKo1jG9b2JhIAstsbfVVlLUtGEk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-accel-version
0.01
x-content-type
nosniff
x-forwarded-host
www.fbi.gov
x-forwarded-proto
https
x-powered-by
PleskLin
x-xss-protection
1; mode=block
x_forwarded_for
104.16.77.187
IClyHPs
anti.even-oil.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
anti.even-oil.com
URL
https://anti.even-oil.com/IClyHPs

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
kalibreglobal.dnsracks.com/ Name: PHPSESSID
Value: hi3gsn6235ukpl5tmmmfp0nd1k