link.safesslred.com - urlscan.io

Summary

This website contacted 2 IPs in 4 countries across 4 domains to perform 2 HTTP transactions. The main IP is 52.211.95.198, located in Dublin, Ireland and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is link.safesslred.com.

This is the only time link.safesslred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.223.8.111 104.223.8.111	8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL - QuadraNet)
1 1	45.32.237.225 45.32.237.225	20473 (AS-CHOOPA) (AS-CHOOPA - Choopa)
1	203.189.238.250 203.189.238.250	134833 (LIHGL-HK ...) (LIHGL-HK LANLIAN INTERNATIONAL HOLDING GROUP LIMITED)
1	52.211.95.198 52.211.95.198	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2

1 104.223.8.111 (Los Angeles, United States) 1 redirects

ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet, Inc, US)
PTR: mx1.healthyclothings.com

www.healthyclothings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.32.237.225 (Amsterdam, Netherlands) 1 redirects

ASN20473 (AS-CHOOPA - Choopa, LLC, US)
PTR: 45.32.237.225.vultr.com

go.coresumi.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 203.189.238.250 (China)

ASN134833 (LIHGL-HK LANLIAN INTERNATIONAL HOLDING GROUP LIMITED, HK)

xhqg.popnimblebrand.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.211.95.198 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-211-95-198.eu-west-1.compute.amazonaws.com

link.safesslred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	safesslred.com link.safesslred.com	3 KB
1	popnimblebrand.com xhqg.popnimblebrand.com	3 KB
1	coresumi.xyz 1 redirects go.coresumi.xyz	335 B
1	healthyclothings.com 1 redirects www.healthyclothings.com	260 B
2	4

	Domain	Requested by
1	link.safesslred.com
1	xhqg.popnimblebrand.com
1	go.coresumi.xyz	1 redirects
1	www.healthyclothings.com	1 redirects
2	4

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://link.safesslred.com/c/1ec0179e4156568c?&%3F%3Fkw=ts820-international-redirects-email&group_id=483&email=email&cntrl=00000&pid=584&redid=7607&gsid=68&campaign_id=165&p_id=584&id=XNSX.ts820%7C%7Cinternational%7C%7Credirects%7C%7Cemail%3A%3A3ce13cea%7C%7Cc9f9%7C%7C4c16%7C%7C93d8%7C%7C274cce225ac8%7E148.251.45.254%3A%3Ahid%7Csmd%7C%7C5621ipm734sl38or353v-r7607-t68&impid=a702ae28-12bf-11e8-8090-fa245441bcee
Frame ID: (4DF8410D5C15DDA07D6C8C11497F682B)
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.healthyclothings.com/t/5621ipm734sl38or353v HTTP 302
http://go.coresumi.xyz/ts820-international-redirects-email?hid=smd-5621ipm734sl38or353v HTTP 302
http://xhqg.popnimblebrand.com/?kw=ts820-international-redirects-email&s1=ts820-international-redirects-ema... Page URL
http://link.safesslred.com/c/1ec0179e4156568c?&%3F%3Fkw=ts820-international-redirects-email&group_id=48... Page URL

Page Statistics

2
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

4
Countries

5 kB
Transfer

7 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.healthyclothings.com/t/5621ipm734sl38or353v HTTP 302
http://go.coresumi.xyz/ts820-international-redirects-email?hid=smd-5621ipm734sl38or353v HTTP 302
http://xhqg.popnimblebrand.com/?kw=ts820-international-redirects-email&s1=ts820-international-redirects-email&s2=3ce13cea-c9f9-4c16-93d8-274cce225ac8~148.251.45.254&s3=hid|smd-5621ipm734sl38or353v Page URL
http://link.safesslred.com/c/1ec0179e4156568c?&%3F%3Fkw=ts820-international-redirects-email&group_id=483&email=email&cntrl=00000&pid=584&redid=7607&gsid=68&campaign_id=165&p_id=584&id=XNSX.ts820%7C%7Cinternational%7C%7Credirects%7C%7Cemail%3A%3A3ce13cea%7C%7Cc9f9%7C%7C4c16%7C%7C93d8%7C%7C274cce225ac8%7E148.251.45.254%3A%3Ahid%7Csmd%7C%7C5621ipm734sl38or353v-r7607-t68&impid=a702ae28-12bf-11e8-8090-fa245441bcee Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.healthyclothings.com/t/5621ipm734sl38or353v HTTP 302
http://go.coresumi.xyz/ts820-international-redirects-email?hid=smd-5621ipm734sl38or353v HTTP 302
http://xhqg.popnimblebrand.com/?kw=ts820-international-redirects-email&s1=ts820-international-redirects-email&s2=3ce13cea-c9f9-4c16-93d8-274cce225ac8~148.251.45.254&s3=hid|smd-5621ipm734sl38or353v

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response xhqg.popnimblebrand.com/ Redirect Chain http://www.healthyclothings.com/t/5621ipm734sl38or353v http://go.coresumi.xyz/ts820-international-redirects-email?hid=smd-5621ipm734sl38or353v http://xhqg.popnimblebrand.com/?kw=ts820-international-redirects-email&s1=ts820-international-redirects-email&s2=3ce13cea-c9f9-4c16-93d8-274cce225ac8~148.251.45.254&s3=hid\|smd-5621ipm734sl38or353v	3 KB 3 KB	1831ms 732ms	Document text/html	203.189.238.250 LIHGL-HK LANLIAN ...
General Check archive.org Show headers Download Go to Full URL http://xhqg.popnimblebrand.com/?kw=ts820-international-redirects-email&s1=ts820-international-redirects-email&s2=3ce13cea-c9f9-4c16-93d8-274cce225ac8~148.251.45.254&s3=hid\|smd-5621ipm734sl38or353v Protocol HTTP/1.1 Server 203.189.238.250 , China, ASN134833 (LIHGL-HK LANLIAN INTERNATIONAL HOLDING GROUP LIMITED, HK), Reverse DNS Software / Resource Hash `7f0e8e501d8bd4c380d4c75bbfd9d653c694009302012526a30c92b0df93b1a0` Request headers Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Connection keep-alive Accept-Encoding gzip, deflate Host xhqg.popnimblebrand.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers X-ImpID a702ae28-12bf-11e8-8090-fa245441bcee Date Fri, 16 Feb 2018 02:18:18 GMT Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Location http://xhqg.popnimblebrand.com/?kw=ts820-international-redirects-email&s1=ts820-international-redirects-email&s2=3ce13cea-c9f9-4c16-93d8-274cce225ac8~148.251.45.254&s3=hid\|smd-5621ipm734sl38or353v Date Fri, 16 Feb 2018 02:18:16 GMT Server nginx/1.6.2 Connection close Transfer-Encoding chunked
POST H/1.1	200 OK	Primary Request Cookie set 1ec0179e4156568c Show response link.safesslred.com/c/	5 KB 3 KB	208ms 77ms	Document text/html	52.211.95.198 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://link.safesslred.com/c/1ec0179e4156568c?&%3F%3Fkw=ts820-international-redirects-email&group_id=483&email=email&cntrl=00000&pid=584&redid=7607&gsid=68&campaign_id=165&p_id=584&id=XNSX.ts820%7C%7Cinternational%7C%7Credirects%7C%7Cemail%3A%3A3ce13cea%7C%7Cc9f9%7C%7C4c16%7C%7C93d8%7C%7C274cce225ac8%7E148.251.45.254%3A%3Ahid%7Csmd%7C%7C5621ipm734sl38or353v-r7607-t68&impid=a702ae28-12bf-11e8-8090-fa245441bcee Protocol HTTP/1.1 Server 52.211.95.198 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-52-211-95-198.eu-west-1.compute.amazonaws.com Software nginx / PHP/7.0.26 Resource Hash `11a8ffbe9ac7c21cc7cb4e48c2d178505ff059b67fb0a85eeb05c16c90a15f2a` Request headers Pragma no-cache Origin http://xhqg.popnimblebrand.com Accept-Encoding gzip, deflate Host link.safesslred.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Content-Type application/x-www-form-urlencoded Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Referer http://xhqg.popnimblebrand.com/?kw=ts820-international-redirects-email&s1=ts820-international-redirects-email&s2=3ce13cea-c9f9-4c16-93d8-274cce225ac8~148.251.45.254&s3=hid\|smd-5621ipm734sl38or353v Connection keep-alive Content-Length 1525 Referer http://xhqg.popnimblebrand.com/?kw=ts820-international-redirects-email&s1=ts820-international-redirects-email&s2=3ce13cea-c9f9-4c16-93d8-274cce225ac8~148.251.45.254&s3=hid\|smd-5621ipm734sl38or353v Origin http://xhqg.popnimblebrand.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers Date Fri, 16 Feb 2018 02:18:18 GMT Content-Encoding gzip Server nginx X-Powered-By PHP/7.0.26 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Set-Cookie unique_330207=unique_330207; expires=Sat, 17-Feb-2018 02:18:18 GMT; Max-Age=86400; path=/ unique_id=5a863f6aea045261248229; expires=Sat, 17-Feb-2018 02:18:18 GMT; Max-Age=86400; path=/ unique_330207=unique_330207; expires=Sat, 17-Feb-2018 02:18:18 GMT; Max-Age=86400; path=/ unique_id=5a863f6aea045261248229; expires=Sat, 17-Feb-2018 02:18:18 GMT; Max-Age=86400; path=/ Connection keep-alive

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			link.safesslred.com/	1970-01-18 13:53:53	Name: unique_id Value: 5a863f6aea045261248229
			link.safesslred.com/	1970-01-18 13:53:53	Name: unique_330207 Value: unique_330207

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

go.coresumi.xyz
link.safesslred.com
www.healthyclothings.com
xhqg.popnimblebrand.com
104.223.8.111
203.189.238.250
45.32.237.225
52.211.95.198
11a8ffbe9ac7c21cc7cb4e48c2d178505ff059b67fb0a85eeb05c16c90a15f2a
7f0e8e501d8bd4c380d4c75bbfd9d653c694009302012526a30c92b0df93b1a0

link.safesslred.com Open in urlscan Pro 52.211.95.198 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

2 Requests

0 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

2 IPs

4 Countries

5 kBTransfer

7 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

Indicators

link.safesslred.com Open in urlscan Pro
52.211.95.198 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

4
Countries

5 kB
Transfer

7 kB
Size

2
Cookies

2 HTTP transactions
0 data transactions