urlscan.io logo urlscan.io
SecurityTrails logo

www.google.com Open in urlscan Pro
2a00:1450:4001:831::2004  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://smartlinkreferheretzetoffers.work/
Effective URL: https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C...
Submission Tags: @phish_report
Submission: On September 22 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 7 domains to perform 5 HTTP transactions. The main IP is 2a00:1450:4001:831::2004, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is www.google.com. The Cisco Umbrella rank of the primary domain is 11.
TLS certificate: Issued by GTS CA 1C3 on September 4th 2023. Valid for: 3 months.
This is the only time www.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 139.45.197.242 9002 (RETN-AS)
1 37.48.68.71 60781 (LEASEWEB-...)
1 139.45.195.8 9002 (RETN-AS)
1 1 18.196.89.56 16509 (AMAZON-02)
1 192.0.78.26 2635 (AUTOMATTIC)
1 2a00:1450:400... 15169 (GOOGLE)
5 5
1    2606:4700:3035::ac43:914a (United States)

ASN13335 (CLOUDFLARENET, US)
smartlinkreferheretzetoffers.work
2    139.45.197.242 (Ascension Island)

ASN9002 (RETN-AS, GB)
nebsefte.net
1    37.48.68.71 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
datatechone.com
1    139.45.195.8 (Ascension Island)

ASN9002 (RETN-AS, GB)
my.rtmark.net
1    18.196.89.56 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-89-56.eu-central-1.compute.amazonaws.com
resionsfrester.com
1    192.0.78.26 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
href.li
1    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
2 nebsefte.net
nebsefte.net — Cisco Umbrella Rank: 174333
14 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 11
2 KB
1 href.li
href.li — Cisco Umbrella Rank: 72851
519 B
1 resionsfrester.com
resionsfrester.com
744 B
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 6646
491 B
1 datatechone.com
datatechone.com — Cisco Umbrella Rank: 22356
465 B
1 smartlinkreferheretzetoffers.work
smartlinkreferheretzetoffers.work
483 B
5 7
Domain Requested by
2 nebsefte.net 1 redirects
1 www.google.com href.li
1 href.li
1 resionsfrester.com 1 redirects
1 my.rtmark.net nebsefte.net
1 datatechone.com nebsefte.net
1 smartlinkreferheretzetoffers.work 1 redirects
5 7

This site contains links to these domains. Also see Links.

Domain
www.outlookindia.com
Subject Issuer Validity Valid
nebsefte.net
R3		 2023-07-21 -
2023-10-19		 3 months crt.sh
datatechone.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-18 -
2023-12-24		 a year crt.sh
rtmark.net
R3		 2023-07-25 -
2023-10-23		 3 months crt.sh
tls.automattic.com
R3		 2023-09-01 -
2023-11-30		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C3%25A4-2023-9-parasta-nettikasinoa-ilman-kyc-t%25C3%25A4-news-318079/&;source=gmail&;ust=1695396384517000&;usg=AOvVaw0NtFkrjIMvhGG0ECodvBXn
Frame ID: 3510A12F4F783C2DEC5D0BFA8BB45535
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Uudelleenohjausilmoitus

Page URL History Show full URLs

  1. https://smartlinkreferheretzetoffers.work/ HTTP 301
    https://nebsefte.net/4/6354911 Page URL
  2. https://nebsefte.net/?z=6354911&syncedCookie=true&rhd=false HTTP 302
    https://resionsfrester.com/1b2e3dff-8ac1-4f64-9502-18c356aaf870?zoneid=6354911&bannerid=19022307&zonety... HTTP 302
    https://href.li/?https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight... Page URL
  3. https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%... Page URL

Page Statistics

5
Requests

100 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

5
IPs

4
Countries

16 kB
Transfer

30 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://smartlinkreferheretzetoffers.work/ HTTP 301
    https://nebsefte.net/4/6354911 Page URL
  2. https://nebsefte.net/?z=6354911&syncedCookie=true&rhd=false HTTP 302
    https://resionsfrester.com/1b2e3dff-8ac1-4f64-9502-18c356aaf870?zoneid=6354911&bannerid=19022307&zonetype={zone_type}&campaignid=7441097&device=desktop&region=18&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/117.0.5938.92%20Safari/537.36&language=fi&connectiontype=broadband&cost=0.013619&visitor_id=729061582830833720 HTTP 302
    https://href.li/?https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C3%25A4-2023-9-parasta-nettikasinoa-ilman-kyc-t%25C3%25A4-news-318079/&;source=gmail&;ust=1695396384517000&;usg=AOvVaw0NtFkrjIMvhGG0ECodvBXn Page URL
  3. https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C3%25A4-2023-9-parasta-nettikasinoa-ilman-kyc-t%25C3%25A4-news-318079/&;source=gmail&;ust=1695396384517000&;usg=AOvVaw0NtFkrjIMvhGG0ECodvBXn Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://smartlinkreferheretzetoffers.work/ HTTP 301
  • https://nebsefte.net/4/6354911
Request Chain 3
  • https://nebsefte.net/?z=6354911&syncedCookie=true&rhd=false HTTP 302
  • https://resionsfrester.com/1b2e3dff-8ac1-4f64-9502-18c356aaf870?zoneid=6354911&bannerid=19022307&zonetype={zone_type}&campaignid=7441097&device=desktop&region=18&isp=blix%20group%20as&useragent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/117.0.5938.92%20Safari/537.36&language=fi&connectiontype=broadband&cost=0.013619&visitor_id=729061582830833720 HTTP 302
  • https://href.li/?https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C3%25A4-2023-9-parasta-nettikasinoa-ilman-kyc-t%25C3%25A4-news-318079/&;source=gmail&;ust=1695396384517000&;usg=AOvVaw0NtFkrjIMvhGG0ECodvBXn

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
6354911
nebsefte.net/4/
Redirect Chain
  • https://smartlinkreferheretzetoffers.work/
  • https://nebsefte.net/4/6354911
27 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nebsefte.net/4/6354911
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.242 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
7510ab059d8a091b4e2591449d5ab1888b43794bd452fb0c3d1dc8034cf9fbb0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
* *
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf8
date
Fri, 22 Sep 2023 12:22:25 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
link
<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma
no-cache no-cache
server
nginx
timing-allow-origin
*
x-trace-id
a4090e5e8546a8cea036f8e84d73ff71

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
80aa8361da9056af-OSL
content-type
text/html
date
Fri, 22 Sep 2023 12:22:24 GMT
location
https://nebsefte.net/4/6354911
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YDTMPPTrxVNddXHtAo4SuxDNEOhORyzDncHj4ASA7u56VVtx8R8SspQ3g2%2FCbtNcXVTsoZ36x1Dvn9ps9bEe7a7SY5dCERXdmAqQ0u0ChMdWt1UBaD17M6YMHvFsjMITWQ752d%2FyHX%2BIHrpm0cg2LC0pBN%2FOU%2BOZNcriP%2BmD%2BEw%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-turbo-charged-by
LiteSpeed
add
datatechone.com/log/ 		2 B
465 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
Requested by
Host: nebsefte.net
URL: https://nebsefte.net/4/6354911
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.48.68.71 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx/1.19.10 /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://nebsefte.net/
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Fri, 22 Sep 2023 12:22:25 GMT
Server
nginx/1.19.10
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://nebsefte.net
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length
2
img.gif
my.rtmark.net/ 		43 B
491 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=77ccdcfe15794dac8cce2b6424ef61d9
Requested by
Host: nebsefte.net
URL: https://nebsefte.net/4/6354911
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nebsefte.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Fri, 22 Sep 2023 12:22:25 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
/
href.li/
Redirect Chain
  • https://nebsefte.net/?z=6354911&syncedCookie=true&rhd=false
  • https://resionsfrester.com/1b2e3dff-8ac1-4f64-9502-18c356aaf870?zoneid=6354911&bannerid=19022307&zonetype={zone_type}&campaignid=7441097&device=desktop&region=18&isp=blix%20group%20as&useragent=Moz...
  • https://href.li/?https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C3%25A4-2023-9-parasta-nettikasinoa-ilman-kyc-t%25C3%25A4-news...
1 KB
519 B 		Document
General
Check archive.org
Download Go to
Full URL
https://href.li/?https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C3%25A4-2023-9-parasta-nettikasinoa-ilman-kyc-t%25C3%25A4-news-318079/&;source=gmail&;ust=1695396384517000&;usg=AOvVaw0NtFkrjIMvhGG0ECodvBXn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.26 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://nebsefte.net
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 22 Sep 2023 12:22:26 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-ac
3.arn _dca MISS

Redirect headers

cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
0
date
Fri, 22 Sep 2023 12:22:26 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://href.li/?https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C3%25A4-2023-9-parasta-nettikasinoa-ilman-kyc-t%25C3%25A4-news-318079/&;source=gmail&;ust=1695396384517000&;usg=AOvVaw0NtFkrjIMvhGG0ECodvBXn
pragma
no-cache
server
nginx
Primary Request url
www.google.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C3%25A4-2023-9-parasta-nettikasinoa-ilman-kyc-t%25C3%25A4-news-318079/&;source=gmail&;ust=1695396384517000&;usg=AOvVaw0NtFkrjIMvhGG0ECodvBXn
Requested by
Host: href.li
URL: https://href.li/?https://www.google.com/url?q=https://www.outlookindia.com/outlook-spotlight/kasinot-ilman-rekister%25C3%25B6itymist%25C3%25A4-2023-9-parasta-nettikasinoa-ilman-kyc-t%25C3%25A4-news-318079/&;source=gmail&;ust=1695396384517000&;usg=AOvVaw0NtFkrjIMvhGG0ECodvBXn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
1ca00284094d17c87fb598266ace1330d43471f9b142430190ee4519c9a42471
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-BjTNiQxmaiRWkoRxA_DuyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
Strict-Transport-Security max-age=31536000
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ch
Sec-CH-UA-Platform Sec-CH-UA-Platform-Version Sec-CH-UA-Full-Version Sec-CH-UA-Arch Sec-CH-UA-Model Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-WoW64
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
737
content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-BjTNiQxmaiRWkoRxA_DuyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type
text/html; charset=UTF-8
date
Fri, 22 Sep 2023 12:22:26 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy
unload=()
pragma
no-cache
server
gws
strict-transport-security
max-age=31536000
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

8 Cookies

Domain/Path Name / Value
nebsefte.net/ Name: OAID
Value: 77ccdcfe15794dac8cce2b6424ef61d9
nebsefte.net/ Name: oaidts
Value: 1695385345
my.rtmark.net/ Name: ID
Value: 77ccdcfe15794dac8cce2b6424ef61d9
nebsefte.net/ Name: syncedCookie
Value: true
.resionsfrester.com/ Name: 1b2e3dff-8ac1-4f64-9502-18c356aaf870-v4
Value: rsgCBmhCSO0TQZ1QrhrtUcB_9lmG91Pa6rid0tePWKI
.resionsfrester.com/ Name: cc-v4
Value: Fpy29psOUZXct8P8yhMmvQnhEfU4un3M5L5IH9c6NCLqKoItx13bwV8j6x1GboQns8Q4UaD3WAxI6Vp96ChYtIJ2QLr9sLSvHZOrbYK%2BPGh6A7stmqEmlCinQZUjHGC7KAC9HSzlXScgBQpDHYVl3g%3D%3D
.google.com/ Name: __Secure-ENID
Value: 14.SE=S8pRNge98lXrNvA-YjT-I_qxwy37_KFFqHBzsHJyc7SMRTiJUYduqxcQG4ObmhCaBevQ8gW_zOd0-Kc59abSctPQl91AUtgxQ-YvjkR2orO27EIpDDmdHOY7ZJ7O3nTt9t03ymms_l7RNh_A38dvKM0QhsqTyvseIvNqRfKWw9U
.google.com/ Name: CONSENT
Value: PENDING+713

1 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'unload'.