amazingtours.is Open in urlscan Pro
213.190.100.236 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://aafart.com/blogs/media/red/hobal
Effective URL:
https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Submission: On October 06 via manual (October 6th 2020, 7:56:57 am UTC) from DK

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 12 HTTP transactions. The main IP is 213.190.100.236, located in Iceland and belongs to VORTEX-AS Skulagotu 19, IS. The main domain is amazingtours.is.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 21st 2020. Valid for: 3 months.

This is the only time amazingtours.is was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 4	185.21.41.67 185.21.41.67	48854 (ZITCOM) (ZITCOM)
2 10	213.190.100.236 213.190.100.236	25509 (VORTEX-AS...) (VORTEX-AS Skulagotu 19)
1	2606:4700:20:... 2606:4700:20::ac43:45e2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	3

4 185.21.41.67 (Denmark) 1 redirects

ASN48854 (ZITCOM, DK)
PTR: prolinux2.123hotel.dk

aafart.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 213.190.100.236 (Iceland) 2 redirects

ASN25509 (VORTEX-AS Skulagotu 19, IS)
PTR: web3.vortex.is

amazingtours.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:45e2 (United States)

ASN13335 (CLOUDFLARENET, US)

ipapi.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	amazingtours.is 2 redirects amazingtours.is	398 KB
4	aafart.com 1 redirects aafart.com	118 KB
1	ipapi.co ipapi.co	762 B
12	3

	Domain	Requested by
10	amazingtours.is	2 redirects amazingtours.is
4	aafart.com	1 redirects aafart.com
1	ipapi.co	amazingtours.is
12	3

This site contains no links.

Subject Issuer	Validity	Valid
aafart.com Let's Encrypt Authority X3	`2020-09-26` - `2020-12-25`	3 months	crt.sh
amazingtours.is Let's Encrypt Authority X3	`2020-09-21` - `2020-12-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-17` - `2021-07-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Frame ID: 50FED1A5D4D9197E402B4C1C8F84BD37
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://aafart.com/blogs/media/red/hobal HTTP 301
https://aafart.com/blogs/media/red/hobal/ Page URL
https://amazingtours.is/old/pix_mail/api_campaign/N_v1/ HTTP 302
https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326 HTTP 301
https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

516 kB
Transfer

649 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://aafart.com/blogs/media/red/hobal HTTP 301
https://aafart.com/blogs/media/red/hobal/ Page URL
https://amazingtours.is/old/pix_mail/api_campaign/N_v1/ HTTP 302
https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326 HTTP 301
https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://aafart.com/blogs/media/red/hobal HTTP 301
https://aafart.com/blogs/media/red/hobal/

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set / Show response
aafart.com/blogs/media/red/hobal/
Redirect Chain

https://aafart.com/blogs/media/red/hobal
https://aafart.com/blogs/media/red/hobal/

516 B
923 B

359ms
358ms

Document
text/html

185.21.41.67
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL: https://aafart.com/blogs/media/red/hobal/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.21.41.67 , Denmark, ASN48854 (ZITCOM, DK),
Reverse DNS: prolinux2.123hotel.dk
Software: Apache / PHP/7.3.22
Resource Hash: a222632903b504e6e97caaee668ac6e7b91b0355041dac77fc4a9ac4ec07442c

Request headers

Host: aafart.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:56:38 GMT
Server: Apache
X-Powered-By: PHP/7.3.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=24a87c0fc0b02ac1c1a1df7bacb265ca; path=/
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Tue, 06 Oct 2020 07:56:38 GMT
Server: Apache
Location: https://aafart.com/blogs/media/red/hobal/
Content-Length: 249
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK hop.png
aafart.com/blogs/media/red/hobal/ 29 KB
29 KB 28ms
28ms Image
image/png 185.21.41.67
ZITCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aafart.com/blogs/media/red/hobal/hop.png
Requested by: Host: aafart.com
URL: https://aafart.com/blogs/media/red/hobal/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.21.41.67 , Denmark, ASN48854 (ZITCOM, DK),
Reverse DNS: prolinux2.123hotel.dk
Software: Apache /
Resource Hash: 6c297588abfc2d68e1b38a034a1c585b99f4d258c20e7bd6c876e5e435fed1f4

Request headers

Referer: https://aafart.com/blogs/media/red/hobal/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:56:38 GMT
Last-Modified: Mon, 05 Oct 2020 16:54:26 GMT
Server: Apache
ETag: "7376-5b0ef55c84dff"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 29558

GET
H/1.1 200
OK lo.gif
aafart.com/blogs/media/red/hobal/ 88 KB
88 KB 75ms
28ms Image
image/gif 185.21.41.67
ZITCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aafart.com/blogs/media/red/hobal/lo.gif
Requested by: Host: aafart.com
URL: https://aafart.com/blogs/media/red/hobal/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.21.41.67 , Denmark, ASN48854 (ZITCOM, DK),
Reverse DNS: prolinux2.123hotel.dk
Software: Apache /
Resource Hash: b4b91d1b8888b77fdbf5d54b3ed71f03b1473cd97bb13fadb4fe5efe0e7eaf20

Request headers

Referer: https://aafart.com/blogs/media/red/hobal/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:56:38 GMT
Last-Modified: Mon, 05 Oct 2020 16:54:26 GMT
Server: Apache
ETag: "15e3a-5b0ef55c84a17"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 89658

GET
H/1.1

200
OK

Primary Request / Show response
amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Redirect Chain

https://amazingtours.is/old/pix_mail/api_campaign/N_v1/
https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326
https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/

5 KB
2 KB

286ms
285ms

Document
text/html

213.190.100.236
VORTEX-AS Skulago...

General

Check archive.org

Show headers Download Go to

Full URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.190.100.236 , Iceland, ASN25509 (VORTEX-AS Skulagotu 19, IS),
Reverse DNS: web3.vortex.is
Software: Apache/2.4.12 (Ubuntu) /
Resource Hash: 6f2bac7f87065ae6eb31f511901a8f78f6a4a047a1493f82c9a9a119b576631e

Request headers

Host: amazingtours.is
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://aafart.com/blogs/media/red/hobal/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: PHPSESSID=ub2jl00mjug8lge0rod6obmjvi
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://aafart.com/blogs/media/red/hobal/

Response headers

Date: Tue, 06 Oct 2020 07:50:02 GMT
Server: Apache/2.4.12 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Tue, 06 Oct 2020 07:50:02 GMT
Server: Apache/2.4.12 (Ubuntu)
Location: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Content-Length: 356
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK style.css
amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/css/ 21 KB
4 KB 502ms
499ms Stylesheet
text/css 213.190.100.236
VORTEX-AS Skulago...

General

Check archive.org

Show headers Download Go to

Full URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/css/style.css
Requested by: Host: amazingtours.is
URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.190.100.236 , Iceland, ASN25509 (VORTEX-AS Skulagotu 19, IS),
Reverse DNS: web3.vortex.is
Software: Apache/2.4.12 (Ubuntu) /
Resource Hash: 2f085a84cb00b9b35b5125231a1accae74aba455992b2b21c28380345ba52c53

Request headers

Referer: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:50:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Oct 2020 07:50:02 GMT
Server: Apache/2.4.12 (Ubuntu)
ETag: W/"5283-5b0fbd8b14e07-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 4162

GET
H/1.1 200
OK app.css
amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/css/ 2 KB
1008 B 537ms
534ms Stylesheet
text/css 213.190.100.236
VORTEX-AS Skulago...

General

Check archive.org

Show headers Download Go to

Full URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/css/app.css
Requested by: Host: amazingtours.is
URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.190.100.236 , Iceland, ASN25509 (VORTEX-AS Skulagotu 19, IS),
Reverse DNS: web3.vortex.is
Software: Apache/2.4.12 (Ubuntu) /
Resource Hash: 5efb393cf10db7ee157dcd3109179e7619633c7e8d17c5ab3eab1ea1278f6dd1

Request headers

Referer: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:50:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Oct 2020 07:50:02 GMT
Server: Apache/2.4.12 (Ubuntu)
ETag: W/"9e2-5b0fbd8b15da7-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 670

GET
H/1.1 200
OK jquery.min.js Show response
amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/js/ 152 KB
44 KB 612ms
482ms Script
application/javascript 213.190.100.236
VORTEX-AS Skulago...

General

Check archive.org

Show headers Download Go to

Full URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/js/jquery.min.js
Requested by: Host: amazingtours.is
URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.190.100.236 , Iceland, ASN25509 (VORTEX-AS Skulagotu 19, IS),
Reverse DNS: web3.vortex.is
Software: Apache/2.4.12 (Ubuntu) /
Resource Hash: 7aa387f2db11236e0a3d6e4124c33bbf9f588dff926a1454a92ce694fc84c620

Request headers

Referer: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:50:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Oct 2020 07:50:02 GMT
Server: Apache/2.4.12 (Ubuntu)
ETag: W/"261cf-5b0fbd8b1ea47-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 44410

GET
H/1.1 200
OK validet.js Show response
amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/js/ 7 KB
1 KB 676ms
546ms Script
application/javascript 213.190.100.236
VORTEX-AS Skulago...

General

Check archive.org

Show headers Download Go to

Full URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/js/validet.js
Requested by: Host: amazingtours.is
URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.190.100.236 , Iceland, ASN25509 (VORTEX-AS Skulagotu 19, IS),
Reverse DNS: web3.vortex.is
Software: Apache/2.4.12 (Ubuntu) /
Resource Hash: 3668352cee7c03431751e26e34aebf496fe874ae28a8b96c4481dc129b502822

Request headers

Referer: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:50:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Oct 2020 07:50:02 GMT
Server: Apache/2.4.12 (Ubuntu)
ETag: W/"1c52-5b0fbd8b20987-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 934

GET
H/1.1 200
OK bg-login-large.jpg
amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/img/ 342 KB
342 KB 432ms
431ms Image
image/jpeg 213.190.100.236
VORTEX-AS Skulago...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/img/bg-login-large.jpg
Requested by: Host: amazingtours.is
URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.190.100.236 , Iceland, ASN25509 (VORTEX-AS Skulagotu 19, IS),
Reverse DNS: web3.vortex.is
Software: Apache/2.4.12 (Ubuntu) /
Resource Hash: 68a140f407da7acc8b00ae9eb2be5a09df4b046277a3bfe03881417a068da7e4

Request headers

Referer: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:50:03 GMT
Last-Modified: Tue, 06 Oct 2020 07:50:02 GMT
Server: Apache/2.4.12 (Ubuntu)
ETag: "55787-5b0fbd8aff647"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 350087

GET
H/1.1 200
OK FB-logo.png
amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/img/ 1 KB
2 KB 364ms
363ms Image
image/png 213.190.100.236
VORTEX-AS Skulago...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/img/FB-logo.png
Requested by: Host: amazingtours.is
URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.190.100.236 , Iceland, ASN25509 (VORTEX-AS Skulagotu 19, IS),
Reverse DNS: web3.vortex.is
Software: Apache/2.4.12 (Ubuntu) /
Resource Hash: 3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Request headers

Referer: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:50:03 GMT
Last-Modified: Tue, 06 Oct 2020 07:50:02 GMT
Server: Apache/2.4.12 (Ubuntu)
ETag: "5af-5b0fbd8af88e7"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1455

GET
H/1.1 200
OK glob.png
amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/img/ 842 B
1 KB 465ms
464ms Image
image/png 213.190.100.236
VORTEX-AS Skulago...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/img/glob.png
Requested by: Host: amazingtours.is
URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.190.100.236 , Iceland, ASN25509 (VORTEX-AS Skulagotu 19, IS),
Reverse DNS: web3.vortex.is
Software: Apache/2.4.12 (Ubuntu) /
Resource Hash: 4f8072ca4cdc4412083462c38eebc18bb5a0b919fb4bb63ec98769f0b644306e

Request headers

Referer: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 06 Oct 2020 07:50:03 GMT
Last-Modified: Tue, 06 Oct 2020 07:50:02 GMT
Server: Apache/2.4.12 (Ubuntu)
ETag: "34a-5b0fbd8af2b27"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 842

GET
H2 200 / Show response
ipapi.co/json/ 729 B
762 B 240ms
223ms XHR
application/json 2606:4700:20::ac43:45e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ipapi.co/json/

Requested by

Host: amazingtours.is
URL: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/js/jquery.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::ac43:45e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed6a667b843199174dd727f0d8f3dc690c504866128b47d440f071616555022f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Referer: https://amazingtours.is/old/pix_mail/api_campaign/N_v1/Netflix326/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 06 Oct 2020 07:56:45 GMT
content-encoding: br
vary: Host, Origin
cf-cache-status: DYNAMIC
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
allow: OPTIONS, POST, GET, OPTIONS, HEAD
content-type: application/json
access-control-allow-origin: https://amazingtours.is
cf-ray: 5dddd3e0efe32c56-FRA
cf-request-id: 059e82c09500002c56f89db200000001

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery function| ipLookUp

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			amazingtours.is/	1969-12-31 23:59:59	Name: PHPSESSID Value: ub2jl00mjug8lge0rod6obmjvi

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aafart.com
amazingtours.is
ipapi.co
185.21.41.67
213.190.100.236
2606:4700:20::ac43:45e2
2f085a84cb00b9b35b5125231a1accae74aba455992b2b21c28380345ba52c53
3668352cee7c03431751e26e34aebf496fe874ae28a8b96c4481dc129b502822
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
4f8072ca4cdc4412083462c38eebc18bb5a0b919fb4bb63ec98769f0b644306e
5efb393cf10db7ee157dcd3109179e7619633c7e8d17c5ab3eab1ea1278f6dd1
68a140f407da7acc8b00ae9eb2be5a09df4b046277a3bfe03881417a068da7e4
6c297588abfc2d68e1b38a034a1c585b99f4d258c20e7bd6c876e5e435fed1f4
6f2bac7f87065ae6eb31f511901a8f78f6a4a047a1493f82c9a9a119b576631e
7aa387f2db11236e0a3d6e4124c33bbf9f588dff926a1454a92ce694fc84c620
a222632903b504e6e97caaee668ac6e7b91b0355041dac77fc4a9ac4ec07442c
b4b91d1b8888b77fdbf5d54b3ed71f03b1473cd97bb13fadb4fe5efe0e7eaf20
ed6a667b843199174dd727f0d8f3dc690c504866128b47d440f071616555022f

amazingtours.is Open in urlscan Pro 213.190.100.236 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

516 kBTransfer

649 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

amazingtours.is Open in urlscan Pro
213.190.100.236 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

516 kB
Transfer

649 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!