7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com Open in urlscan Pro
52.216.204.19 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rb.gy/91d4uw#4VuFzd147554Hpnj336amftegwfdp1386LYMJDFLDUXQMPJB504166/269817Y21
Effective URL:
https://7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com/2klDSYqnDzndgQC4j0EU9GL.html?5498411
Submission: On November 04 via manual (November 4th 2024, 3:02:27 pm UTC) from US — Scanned from CA

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 2 HTTP transactions. The main IP is 52.216.204.19, located in Ashburn, United States and belongs to AMAZON-02, US. The main domain is 7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on April 22nd 2024. Valid for: a year.

This is the only time 7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.236.88.61 34.236.88.61	14618 (AMAZON-AES) (AMAZON-AES)
1	52.216.204.19 52.216.204.19	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:303... 2606:4700:3032::ac43:a00e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	42.0.29.64 42.0.29.64	56140 (NOCSER-MY...) (NOCSER-MY ModernOne Data Solutions Sdn. Bhd.)
2	2

1 34.236.88.61 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-88-61.compute-1.amazonaws.com

rb.gy	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.204.19 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:a00e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

fn1.one	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 42.0.29.64 (Malaysia)

ASN56140 (NOCSER-MY ModernOne Data Solutions Sdn. Bhd., MY)

www.substantialweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	substantialweb.com www.substantialweb.com
1	fn1.one 1 redirects fn1.one	760 B
1	amazonaws.com 7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com	542 B
1	rb.gy 1 redirects rb.gy — Cisco Umbrella Rank: 104661	209 B
2	4

	Domain	Requested by
1	www.substantialweb.com	7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com
1	fn1.one	1 redirects
1	7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com
1	rb.gy	1 redirects
2	4

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.amazonaws.com Amazon RSA 2048 M01	`2024-04-22` - `2025-04-07`	a year	crt.sh
substantialweb.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-08` - `2025-07-08`	a year	crt.sh

This page contains 1 frames:

Frame: https://www.substantialweb.com/3LKKRHG/WR2ZRZD//?sub1=21&sub2=336-147554&sub3=1386-504166-269817
Frame ID: 19C1B7F944E4F6FAC93EDC7D02BB152B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://rb.gy/91d4uw HTTP 301
https://7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com/2klDSYqnDzndgQC4j0EU9GL.html?5498411 Page URL

Page Statistics

2
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

1 kB
Transfer

0 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rb.gy/91d4uw HTTP 301
https://7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com/2klDSYqnDzndgQC4j0EU9GL.html?5498411 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://fn1.one/4VuFzd147554Hpnj336amftegwfdp1386LYMJDFLDUXQMPJB504166/269817Y21 HTTP 302
https://www.substantialweb.com/3LKKRHG/WR2ZRZD//?sub1=21&sub2=336-147554&sub3=1386-504166-269817

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 2klDSYqnDzndgQC4j0EU9GL.html Show response 7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com/ Redirect Chain https://rb.gy/91d4uw https://7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com/2klDSYqnDzndgQC4j0EU9GL.html?5498411	148 B 542 B	338ms 79ms	Document text/html	52.216.204.19 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com/2klDSYqnDzndgQC4j0EU9GL.html?5498411 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.216.204.19 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash `99c2934dd40505e542632d742973a0b166c8ae8cb453446e75bbd5e7d1aef101` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Content-Length 148 Content-Type text/html Date Mon, 04 Nov 2024 15:02:10 GMT ETag "f5fa9342d98345958e8caf8870cb8bba" Last-Modified Mon, 04 Nov 2024 11:54:56 GMT Server AmazonS3 x-amz-id-2 A2NVQTPUYMT4wbYxk9ojvnXNKavcgJqvXUwVrO1m089G+kKq7vlW9Nkd1onE8/Wt9uo8OuEl0pU= x-amz-request-id 53PQ5BDTKPCTXCP5 x-amz-server-side-encryption AES256 Redirect headers cache-control no-cache, no-store content-length 0 date Mon, 04 Nov 2024 15:02:09 GMT engine Rebrandly.redirect, version 2.1 expires -1 location https://7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com/2klDSYqnDzndgQC4j0EU9GL.html?5498411 strict-transport-security max-age=15552000
GET H/1.1	204 No Content	/ www.substantialweb.com/3LKKRHG/WR2ZRZD// Redirect Chain https://fn1.one/4VuFzd147554Hpnj336amftegwfdp1386LYMJDFLDUXQMPJB504166/269817Y21 https://www.substantialweb.com/3LKKRHG/WR2ZRZD//?sub1=21&sub2=336-147554&sub3=1386-504166-269817	0 0	1698ms 996ms	Document text/plain	42.0.29.64 NOCSER-MY ModernO...
General Check archive.org Show headers Download Go to Full URL https://www.substantialweb.com/3LKKRHG/WR2ZRZD//?sub1=21&sub2=336-147554&sub3=1386-504166-269817 Requested by Host: 7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com URL: https://7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com/2klDSYqnDzndgQC4j0EU9GL.html?5498411 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 42.0.29.64 , Malaysia, ASN56140 (NOCSER-MY ModernOne Data Solutions Sdn. Bhd., MY), Reverse DNS Software nginx / Resource Hash Request headers Referer https://7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com/2klDSYqnDzndgQC4j0EU9GL.html?5498411#4VuFzd147554Hpnj336amftegwfdp1386LYMJDFLDUXQMPJB504166/269817Y21 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers Accept-Ch Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model Date Mon, 04 Nov 2024 15:02:12 GMT Server nginx Vary Origin X-Eflow-Request-Id 90fef51f-5b4c-4858-ac19-2cc0ddaea8ab Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8dd57bc9d847428e-EWR content-type text/html; charset=utf-8 date Mon, 04 Nov 2024 15:02:10 GMT location https://www.substantialweb.com/3LKKRHG/WR2ZRZD//?sub1=21&sub2=336-147554&sub3=1386-504166-269817 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZFJL4lZK4qRxsxCWOmIr12wKCxsk1xGTq8aB0fCFj0YPBwY0E3hzDnmORn5skwtW9Sdj2QKP4iGQf93AQtJAzZ%2BET2PKzeY3NBPyWy6bnUR2sF6J6tCZuRlCZNYsaDs769mM9LIp"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=67487&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4161&recv_bytes=4501&delivery_rate=291&cwnd=12000&unsent_bytes=0&cid=2a46befeefe2b428&ts=470&x=1" cfHdrFlush;dur=0 x-address gin_throttle_mw_360000000000_2001:4958:1420:151::221 x-ratelimit-limit 10 x-ratelimit-remaining 8 x-ratelimit-reset 1730736001

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com
fn1.one
rb.gy
www.substantialweb.com
2606:4700:3032::ac43:a00e
34.236.88.61
42.0.29.64
52.216.204.19
99c2934dd40505e542632d742973a0b166c8ae8cb453446e75bbd5e7d1aef101

7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com Open in urlscan Pro 52.216.204.19 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

2 IPs

2 Countries

1 kBTransfer

0 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

7ikrtddns9ernwv67nsmtt9wda.s3.amazonaws.com Open in urlscan Pro
52.216.204.19 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

1 kB
Transfer

0 kB
Size

0
Cookies

2 HTTP transactions
0 data transactions