urlscan.io logo urlscan.io
SecurityTrails logo

us.vilitram.com Open in urlscan Pro
2a00:1d26:c771::11  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://p.lownoc.org/go/287184/587964/0.9236238788742732
Effective URL: https://us.vilitram.com/nty/postback/click?key=v2-1708554463945-4-8855-1267435-faf27c94-3f4a-9001-3ca8-14119a5d9849
Submission: On February 21 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 5 domains to perform 3 HTTP transactions. The main IP is 2a00:1d26:c771::11, located in Newark, United States and belongs to I3DNET, NL. The main domain is us.vilitram.com. The Cisco Umbrella rank of the primary domain is 211584.
TLS certificate: Issued by R3 on January 22nd 2024. Valid for: 3 months.
This is the only time us.vilitram.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

Incomplete AppFile_x64.exe 10 MB
Size: 10 MB (10968960 bytes, 80% done)
Downloaded from: https://uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com/cd/0/get/CNvJ0elsuOwAi3hEBhkAL8J7sh-6PUeqK3c7hoDAjF4NHPCltXzUJzLm8DTmA60S-RDc4bxP2m9cTmd9OkmAEEXg3cy9iMvhAbqZ2XcGCjPGnr2qXwpYq4YFB1PA418a0NvIGLlQeDhEYWa_AoeJ2VU0/file?dl=1#

Domain & IP information

IP Address AS Autonomous System
1 2 44.196.106.169 14618 (AMAZON-AES)
1 2 2a00:1d26:c77... 49544 (I3DNET)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2620:100:6019... 19679 (DROPBOX)
1 2620:100:6019... 19679 (DROPBOX)
3 3
2    44.196.106.169 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-196-106-169.compute-1.amazonaws.com
p.lownoc.org
2    2a00:1d26:c771::11 (Newark, United States)

ASN49544 (I3DNET, NL)
us.vilitram.com
1    2606:4700:3037::6815:447 (United States)

ASN13335 (CLOUDFLARENET, US)
gameplays.shop
1    2620:100:6019:18::a27d:412 (United States)

ASN19679 (DROPBOX, US)
www.dropbox.com
1    2620:100:6019:15::a27d:40f (United States)

ASN19679 (DROPBOX, US)
uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com
Apex Domain
Subdomains		 Transfer
2 vilitram.com
us.vilitram.com — Cisco Umbrella Rank: 211584
1 KB
2 lownoc.org
p.lownoc.org
731 B
1 dropboxusercontent.com
uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com
1 dropbox.com
www.dropbox.com — Cisco Umbrella Rank: 2713
978 B
1 gameplays.shop
gameplays.shop
834 B
3 5
Domain Requested by
2 us.vilitram.com 1 redirects p.lownoc.org
2 p.lownoc.org 1 redirects
1 uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com
1 www.dropbox.com 1 redirects
1 gameplays.shop 1 redirects
3 5

This site contains no links.

Subject Issuer Validity Valid
*.vilitram.com
R3		 2024-01-22 -
2024-04-21		 3 months crt.sh
dl.dropbox.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-14 -
2024-03-16		 a year crt.sh

This page contains 1 frames:

Frame: https://uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com/cd/0/get/CNvJ0elsuOwAi3hEBhkAL8J7sh-6PUeqK3c7hoDAjF4NHPCltXzUJzLm8DTmA60S-RDc4bxP2m9cTmd9OkmAEEXg3cy9iMvhAbqZ2XcGCjPGnr2qXwpYq4YFB1PA418a0NvIGLlQeDhEYWa_AoeJ2VU0/file?dl=1
Frame ID: 666E8017E6D9C99CF0BF999A0FCAF51D
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://p.lownoc.org/go/287184/587964/0.9236238788742732 Page URL
  2. http://p.lownoc.org/ad/ad?p=287184&w=587964&t=c9e95f573a300312&r=0.9236238788742732&vw=1600&vh=1200 HTTP 303
    https://us.vilitram.com/nty/postback/click?key=v2-1708554463945-4-8855-1267435-faf27c94-3f4a-9001-3c... Page URL

Page Statistics

3
Requests

67 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

3
IPs

1
Countries

1 kB
Transfer

2 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://p.lownoc.org/go/287184/587964/0.9236238788742732 Page URL
  2. http://p.lownoc.org/ad/ad?p=287184&w=587964&t=c9e95f573a300312&r=0.9236238788742732&vw=1600&vh=1200 HTTP 303
    https://us.vilitram.com/nty/postback/click?key=v2-1708554463945-4-8855-1267435-faf27c94-3f4a-9001-3ca8-14119a5d9849 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://us.vilitram.com/nty/postback/click?key=v2-1708554463945-4-8855-1267435-faf27c94-3f4a-9001-3ca8-14119a5d9849&token=96e190d02afda2da21bb46f31a4132fb&timezone=600&iframe_test=false&webdriver_test=false HTTP 302
  • https://gameplays.shop/ HTTP 302
  • https://www.dropbox.com/scl/fi/mk5th932ip9ym1je5raog/AppFile_x64.exe?rlkey=6onfl2us5nccok43i9bsg9s94&dl=1 HTTP 302
  • https://uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com/cd/0/get/CNvJ0elsuOwAi3hEBhkAL8J7sh-6PUeqK3c7hoDAjF4NHPCltXzUJzLm8DTmA60S-RDc4bxP2m9cTmd9OkmAEEXg3cy9iMvhAbqZ2XcGCjPGnr2qXwpYq4YFB1PA418a0NvIGLlQeDhEYWa_AoeJ2VU0/file?dl=1

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
0.9236238788742732
p.lownoc.org/go/287184/587964/ 		444 B
474 B 		Document
General
Check archive.org
Download Go to
Full URL
http://p.lownoc.org/go/287184/587964/0.9236238788742732
Protocol
HTTP/1.1
Server
44.196.106.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-106-169.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Length
286
Content-Type
text/html
Date
Wed, 21 Feb 2024 22:27:43 GMT
Server
nginx
Vary
Accept-Encoding
Primary Request click
us.vilitram.com/nty/postback/
Redirect Chain
  • http://p.lownoc.org/ad/ad?p=287184&w=587964&t=c9e95f573a300312&r=0.9236238788742732&vw=1600&vh=1200
  • https://us.vilitram.com/nty/postback/click?key=v2-1708554463945-4-8855-1267435-faf27c94-3f4a-9001-3ca8-14119a5d9849
2 KB
936 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us.vilitram.com/nty/postback/click?key=v2-1708554463945-4-8855-1267435-faf27c94-3f4a-9001-3ca8-14119a5d9849
Requested by
Host: p.lownoc.org
URL: http://p.lownoc.org/go/287184/587964/0.9236238788742732
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1d26:c771::11 Newark, United States, ASN49544 (I3DNET, NL),
Reverse DNS
Software
openresty/1.21.4.1 /
Resource Hash
c36630a9ea80ac205f2a7feff1adab5546981057c8ae8e4e01283208625db0f9

Request headers

Referer
http://p.lownoc.org/go/287184/587964/0.9236238788742732
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 21 Feb 2024 22:27:44 GMT
server
openresty/1.21.4.1

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Wed, 21 Feb 2024 22:27:44 GMT
Location
https://us.vilitram.com/nty/postback/click?key=v2-1708554463945-4-8855-1267435-faf27c94-3f4a-9001-3ca8-14119a5d9849#pc274145
Server
nginx
file
uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com/cd/0/get/CNvJ0elsuOwAi3hEBhkAL8J7sh-6PUeqK3c7hoDAjF4NHPCltXzUJzLm8DTmA60S-RDc4bxP2m9cTmd9OkmAEEXg3cy9iMvhAbqZ2XcGCjPGnr2qXwpYq4YFB1PA418a0NvIG...
Redirect Chain
  • https://us.vilitram.com/nty/postback/click?key=v2-1708554463945-4-8855-1267435-faf27c94-3f4a-9001-3ca8-14119a5d9849&token=96e190d02afda2da21bb46f31a4132fb&timezone=600&iframe_test=false&webdriver_t...
  • https://gameplays.shop/
  • https://www.dropbox.com/scl/fi/mk5th932ip9ym1je5raog/AppFile_x64.exe?rlkey=6onfl2us5nccok43i9bsg9s94&dl=1
  • https://uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com/cd/0/get/CNvJ0elsuOwAi3hEBhkAL8J7sh-6PUeqK3c7hoDAjF4NHPCltXzUJzLm8DTmA60S-RDc4bxP2m9cTmd9OkmAEEXg3cy9iMvhAbqZ2XcGCjPGnr2qXwpYq4YFB1PA4...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com/cd/0/get/CNvJ0elsuOwAi3hEBhkAL8J7sh-6PUeqK3c7hoDAjF4NHPCltXzUJzLm8DTmA60S-RDc4bxP2m9cTmd9OkmAEEXg3cy9iMvhAbqZ2XcGCjPGnr2qXwpYq4YFB1PA418a0NvIGLlQeDhEYWa_AoeJ2VU0/file?dl=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:100:6019:15::a27d:40f , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Content-Security-Policy sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy sandbox
X-Content-Type-Options nosniff

Request headers

Referer
https://us.vilitram.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=60
content-disposition
attachment; filename="AppFile_x64.exe"; filename*=UTF-8''AppFile_x64.exe
content-length
10968960
content-security-policy
sandbox
content-type
application/binary
date
Wed, 21 Feb 2024 22:27:45 GMT
etag
1708543749635482d
pragma
public
referrer-policy
no-referrer
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Origin
x-content-security-policy
sandbox
x-content-type-options
nosniff
x-dropbox-request-id
2afe99f36d2a45e58d69f407d7129c31
x-dropbox-response-origin
far_remote
x-robots-tag
noindex, nofollow, noimageindex
x-server-response-time
105
x-webkit-csp
sandbox

Redirect headers

cache-control
no-cache, no-store
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 21 Feb 2024 22:27:45 GMT
location
https://uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com/cd/0/get/CNvJ0elsuOwAi3hEBhkAL8J7sh-6PUeqK3c7hoDAjF4NHPCltXzUJzLm8DTmA60S-RDc4bxP2m9cTmd9OkmAEEXg3cy9iMvhAbqZ2XcGCjPGnr2qXwpYq4YFB1PA418a0NvIGLlQeDhEYWa_AoeJ2VU0/file?dl=1#
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dropbox-request-id
2ce565b42581472c97e3b3af0306f90b
x-dropbox-response-origin
far_remote
x-permitted-cross-domain-policies
none
x-robots-tag
noindex, nofollow, noimageindex
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| detectIframe function| detectWebDriver function| navigateToUrl function| navigateToUrlViaSubmit

11 Cookies

Domain/Path Name / Value
us.vilitram.com/nty/postback Name: platform_user_id
Value: desktop:9578bd82d7c57fa2ab39a297ecccf128
us.vilitram.com/nty/postback Name: platform_user_id_3rd_party
Value: desktop:9578bd82d7c57fa2ab39a297ecccf128
us.vilitram.com/nty/postback Name: platform_user_id_from_ssp
Value: platform:36595ec51542713d1fc7a3f7049a20f9
us.vilitram.com/nty/postback Name: platform_user_id_from_ssp_3rd_party
Value: platform:36595ec51542713d1fc7a3f7049a20f9
gameplays.shop/ Name: _subid
Value: 2ckcm3d6p1qn
gameplays.shop/ Name: d1fb8
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIwMFwiOjE3MDg1NTQ0NjR9LFwiY2FtcGFpZ25zXCI6e1wiODVcIjoxNzA4NTU0NDY0fSxcInRpbWVcIjoxNzA4NTU0NDY0fSJ9.r8MS3xty3C7bctqo28-p6FgGn_GnctsLf5i6Qbkjxk4
www.dropbox.com/ Name: gvc
Value: ODUxMjM1OTY0NzAyNDU5ODIzOTY1MTM1ODg4OTIxMjMwMTE4Mjc=
.dropbox.com/ Name: t
Value: 0orRS_GSVaRmpxMP42ZVzdVw
www.dropbox.com/ Name: __Host-js_csrf
Value: 0orRS_GSVaRmpxMP42ZVzdVw
www.dropbox.com/ Name: __Host-ss
Value: c8cXZ-u7X8
.dropbox.com/ Name: locale
Value: en

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gameplays.shop
p.lownoc.org
uc8f26682840c0a736e8e7713c28.dl.dropboxusercontent.com
us.vilitram.com
www.dropbox.com
2606:4700:3037::6815:447
2620:100:6019:15::a27d:40f
2620:100:6019:18::a27d:412
2a00:1d26:c771::11
44.196.106.169
c36630a9ea80ac205f2a7feff1adab5546981057c8ae8e4e01283208625db0f9