Submitted URL: https://protect-us.mimecast.com/s/pK3_CqxWMVHO4DynSZX34A?domain=aldimashqi-kensington.co.uk
Effective URL: https://baltoot.com/49ow/sos.html
Submission: On September 15 via manual from US — Scanned from US

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3036::ac43:a9f1, located in United States and belongs to CLOUDFLARENET, US. The main domain is baltoot.com.
TLS certificate: Issued by GTS CA 1P5 on August 30th 2023. Valid for: 3 months.
This is the only time baltoot.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 207.211.31.113 14135 (NAVISITE-...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a04:4e42::649 54113 (FASTLY)
4 4
Apex Domain
Subdomains
Transfer
2 mimecast.com
protect-us.mimecast.com — Cisco Umbrella Rank: 10627
2 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 918
30 KB
1 jing-vpe.com
jing-vpe.com
892 B
1 baltoot.com
baltoot.com
609 B
1 aldimashqi-kensington.co.uk
aldimashqi-kensington.co.uk
570 B
4 5
Domain Requested by
2 protect-us.mimecast.com 2 redirects
1 code.jquery.com jing-vpe.com
1 jing-vpe.com baltoot.com
code.jquery.com
1 baltoot.com
1 aldimashqi-kensington.co.uk 1 redirects
4 5

This site contains no links.

Subject Issuer Validity Valid
baltoot.com
GTS CA 1P5
2023-08-30 -
2023-11-28
3 months crt.sh
jing-vpe.com
GTS CA 1P5
2023-09-11 -
2023-12-10
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://baltoot.com/49ow/sos.html
Frame ID: EB03E9362BA69C1476FF4446C002A6F8
Requests: 4 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://protect-us.mimecast.com/s/pK3_CqxWMVHO4DynSZX34A?domain=aldimashqi-kensington.co.uk HTTP 307
    https://protect-us.mimecast.com/r/sXLrOaBspN39ihqSGGJ5WiOaPY_KPaKfd0dfWFxQTv2F_35D-qY2PS4W2Q1SySVGHXMQ-PjsOa... HTTP 307
    https://aldimashqi-kensington.co.uk/mde/anti.php HTTP 302
    https://baltoot.com/49ow/sos.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

4
Requests

75 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

31 kB
Transfer

86 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://protect-us.mimecast.com/s/pK3_CqxWMVHO4DynSZX34A?domain=aldimashqi-kensington.co.uk HTTP 307
    https://protect-us.mimecast.com/r/sXLrOaBspN39ihqSGGJ5WiOaPY_KPaKfd0dfWFxQTv2F_35D-qY2PS4W2Q1SySVGHXMQ-PjsOar5imBqV3uSR5nrg7Ma-zpQRkDRkTPSfVEiZuHRujouPG4WUUtX-6U6w0W-aiX6Yb1qTC3HQvK0bafvEqniM__tdAbthcQAexJrBk6pTvqptNewHveiIOj2Lh2yEWnZx9ojuwFBB3IgvoyZCtSGZCbLlkLaTZQHLO60BpafzXMijqbm1g17OiY85vYbR-5Dl25uVdkx7CtzbktMpjnrjEtbb5bDEJPVReIFrB3QzKw4ylGjCaB_haLact7UPSQSLmGN1cZ_Wtj-oIGjdVj_tiLEi-v0uR7mwaOjBRY_yZl3gKOhI_pNuKmDrOXSQV9ZMsupusHbsgEpfMsbv3f5xX6--tKQu1DXMrjP1UoY-CO9vM0DpXgzf6Vm2lZF5Sc3RP6K6GKueRRTrbmQaaenHWN2Nj-wmR3-l_wgffEBh5KbSL54xf3w4py007B90Aj7_nttuPpgA2n5FJFQpIUruVkkoxgq38bDXklP_RrwjgkI9P5AM6pylUXMqKH0Rwkb_TArEl5Xqwf3Fuy9tJlruZi15mfNrr4SrJYyUGAwtX4_eP-wQ_jcRUk4X01owE8CmWtNbbgcpsZjgVOkn75DtnLWwWbaZQlTr-FOd-4BlNo6YCtH0oX4zklGsICu4q2lkMavZHVr2sqRcIJZcbwh0Z9L3V9droWUzcP1oj3QcLzHRWkT90WQ-9aTZuCPcL05ltegKl0xeieVj-cAC29nNsEBybHPR1qhiEdZRxifaspO8O6srZr6bJqcLEJ8SA5aANkxltdENf6tu2pXSAIJEraols2CiACaGiwt2GizJG--YKMOoC88M5kdq6NKAU1J553AiX9ItSjfd_gDy9QGmMJnIome1jf-oKd_3lUJMDnGt5FrDGGBrm5W8o2CBcHGeHNbf-txQPGy_nA1f4CxjsO2TgVJz4eu2WDrN3lPed70ss1utZggUjf9KilP4hZeX_ku_xCV4BMnV2hRtyxfs4zv6fKP01eF6hzlkD3gB3pOrDmfgtJiQbzoy75APrHME0FpVcbCQNxWU81sKtVpuV2OymU9nUerHpuFrEfAtuQoyyI8WVGEgDRQejZtPvLEQ-VHlAIQvc1AZop1EPwLDo2Zb9cDWobqnfE2aWgmCyveygrDHq2HtxCf1IxOzk3104svmTFa1uYqS_DED7-VEPlMTO6EZ1TxYgEaB6dYtWbIj8ezHfjIohX8MYcnNiWHMpzRarFcp6-5C_AiuEyuZmYrdXti_UtjeQOqaQSGECyPy8YfY0k7KquMKeQ3QGT5cZj6EgSVn_UyJ8rhXx1akEZpYQG7b79TWkVgWk8reKGfxTGvQFZWFVRcXBVQZYBmt_Zy1oAU_nhGan5Om9MgUoTEL0OJI8StVZ5OTSX64Ye9eVMvJwtOsA0HP41Nu7KE6YGOgag8-CEV0rvxyjNeD1BXQ4tvV5S52u156Ff-ohLmdXW71Cma_6DanZGN3u4qT7jDntMx1p8BsAPBvkTfbAARI8pkF1pUX_RpZ6Q7kIAL9jSfSKnegoZwVebuaOXDANC6tBLzONFFKf3wTB7hPgkHNtU_u6o7_zcuRjrqIPq9HAdUMx70AfDZg9GF9EeWUQ-X5kINteiBwsmOljicNaKa9e7DUyOR0NL5gGiPzVkXeH2BuiIv2FnA HTTP 307
    https://aldimashqi-kensington.co.uk/mde/anti.php HTTP 302
    https://baltoot.com/49ow/sos.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request sos.html
baltoot.com/49ow/
Redirect Chain
  • https://protect-us.mimecast.com/s/pK3_CqxWMVHO4DynSZX34A?domain=aldimashqi-kensington.co.uk
  • https://protect-us.mimecast.com/r/sXLrOaBspN39ihqSGGJ5WiOaPY_KPaKfd0dfWFxQTv2F_35D-qY2PS4W2Q1SySVGHXMQ-PjsOar5imBqV3uSR5nrg7Ma-zpQRkDRkTPSfVEiZuHRujouPG4WUUtX-6U6w0W-aiX6Yb1qTC3HQvK0bafvEqniM__tdAb...
  • https://aldimashqi-kensington.co.uk/mde/anti.php
  • https://baltoot.com/49ow/sos.html
220 B
609 B
Document
General
Full URL
https://baltoot.com/49ow/sos.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:a9f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bb3ccb574c9ab20b1679390f792ad3eb57dda543b4a4c7d103a6d1a60a54c92

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8073829e294a43c9-EWR
content-encoding
br
content-type
text/html
date
Fri, 15 Sep 2023 20:09:56 GMT
last-modified
Fri, 15 Sep 2023 14:49:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZE%2BIUcdynTT36AMfrvQIaDViYIU3ixZPFScreuE6xMpVhpE5fmpUAzm2R9ZUzidpuXUPtldppgtTHz6e%2BCqn9EZIAA25y%2BvcHBDMTaW9ZUSaaKp9eC%2Bk74iWdC9zqJJ5e3AHGSqCchKROA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
80738290eaff17f9-EWR
content-type
text/html; charset=UTF-8
date
Fri, 15 Sep 2023 20:09:56 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://baltoot.com/49ow/sos.html
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kGP7eI9aOsFvSX1qEcuA5xdz8uquhjIWEQ9pplXRjD%2FF9Zg26yyuFGnxQwqvLX5RnjxeT2uzMWIeW%2FGR%2BMHJ22WCYDGhjGkr4WP89n3jDYbBnDXm17JtNmaU%2BmwkdpG0jcGSTmAO4K4iH%2FGfHy9efIm4kb6FDVtRxvg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
sc.php
jing-vpe.com/host22/admin/js/
819 B
892 B
Script
General
Full URL
https://jing-vpe.com/host22/admin/js/sc.php
Requested by
Host: baltoot.com
URL: https://baltoot.com/49ow/sos.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:cab8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28b563456ae25b6e7b93271b10fec852df4a7a2de1eb6f292c18aa68ac577c64

Request headers

accept-language
en-US,en;q=0.9
Referer
https://baltoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Fri, 15 Sep 2023 20:09:56 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=955BS7%2FzslYJm3khx6fNtaAhPaaB7joMKxTNsqVLAdovgryDWTo86jDmwK1srdgbFTclg1z83VYdSlbCY9EeJ8Ea6WwOfGIaHjN7eLBxN51Mn7NxnkRTWokVcUXlbiZIUKL%2B8vlqtMbXORY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
807382a01c0f426d-EWR
alt-svc
h3=":443"; ma=86400
jquery-3.1.1.min.js
code.jquery.com/
85 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.1.1.min.js
Requested by
Host: jing-vpe.com
URL: https://jing-vpe.com/host22/admin/js/sc.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://baltoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Fri, 15 Sep 2023 20:09:56 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
7995
x-cache
HIT, HIT
content-length
30070
x-served-by
cache-lga21947-LGA, cache-ewr18135-EWR
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1694808597.868836,VS0,VE0
etag
W/"28feccc0-152b5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
84, 213
18b7e20.php
jing-vpe.com/host22/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
jing-vpe.com
URL
https://jing-vpe.com/host22/18b7e20.php

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| scr string| stc number| autograb function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
aldimashqi-kensington.co.uk/ Name: PHPSESSID
Value: 746a87f605fb6d9bd05f58454224a3df