urlscan.io logo urlscan.io
SecurityTrails logo

recovery-apple.gotdns.ch Open in urlscan Pro
157.230.206.185  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u6899752.ct.sendgrid.net/wf/click?upn=IvZRLAj2aenFqEpf3maU-2FIQHmNNhwynVpXxetp3s1YM-3D_Lp7PE84onRc6DCFt4eaNd2lvKm-2FhB0Lg...
Effective URL: https://recovery-apple.gotdns.ch/
Submission: On September 10 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 157.230.206.185, located in New York, United States and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is recovery-apple.gotdns.ch.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 10th 2019. Valid for: 3 months.
This is the only time recovery-apple.gotdns.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.123.16 11377 (SENDGRID)
3 203.119.112.228 56088 (PANDI-ID ...)
1 1 139.99.114.236 16276 (OVH)
1 157.230.206.185 14061 (DIGITALOC...)
4 2
1    167.89.123.16 (United States)

ASN11377 (SENDGRID - SendGrid, Inc., US)
PTR: o16789123x16.outbound-mail.sendgrid.net
u6899752.ct.sendgrid.net
3    203.119.112.228 (Indonesia)

ASN56088 (PANDI-ID PANDI - Pengelola Nama Domain Internet Indonesia, ID)
PTR: s.id.112.119.203.in-addr.arpa
s.id
analytics.s.id
1    139.99.114.236 (Singapore)

ASN16276 (OVH, FR)
PTR: sgx8.cloudhost.id
bshort.site
1    157.230.206.185 (New York, United States)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
recovery-apple.gotdns.ch
Apex Domain
Subdomains		 Transfer
3 s.id
s.id
analytics.s.id
24 KB
1 gotdns.ch
recovery-apple.gotdns.ch
778 B
1 bshort.site
bshort.site
380 B
1 sendgrid.net
u6899752.ct.sendgrid.net
230 B
4 4
Domain Requested by
2 analytics.s.id s.id
1 recovery-apple.gotdns.ch s.id
1 bshort.site 1 redirects
1 s.id
1 u6899752.ct.sendgrid.net 1 redirects
4 5

This site contains no links.

Subject Issuer Validity Valid
*.s.id
COMODO RSA Domain Validation Secure Server CA		 2018-12-03 -
2020-12-02		 2 years crt.sh
recovery-apple.gotdns.ch
Let's Encrypt Authority X3		 2019-09-10 -
2019-12-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://recovery-apple.gotdns.ch/
Frame ID: 6E783FCA45E1DFB6E6DACE38E7DE6092
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://u6899752.ct.sendgrid.net/wf/click?upn=IvZRLAj2aenFqEpf3maU-2FIQHmNNhwynVpXxetp3s1YM-3D_Lp7PE84onRc6DC... HTTP 302
    https://s.id/appscr Page URL
  2. https://bshort.site/appcheck HTTP 301
    https://recovery-apple.gotdns.ch/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

2
IPs

3
Countries

25 kB
Transfer

66 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u6899752.ct.sendgrid.net/wf/click?upn=IvZRLAj2aenFqEpf3maU-2FIQHmNNhwynVpXxetp3s1YM-3D_Lp7PE84onRc6DCFt4eaNd2lvKm-2FhB0LgGdsr9gblDJk2-2FBSYlUlc0a1kHtAoppgMKdFF5V3iq2h0rogDt7HHPj3vDPSqPMzIUElEoIxkS3NWx3P-2BYgt3wL3t7i2L4-2FV8wCAjTLNXQW94dsIeApCv6x4f3uv8L9RDJPYc5f-2F88ubqpeuQ92I1rDsT2imoCv0ezCukn45bJTgujA7eSZnC3eeT-2BYsJG8nFrD4qup-2BDr1w-3D HTTP 302
    https://s.id/appscr Page URL
  2. https://bshort.site/appcheck HTTP 301
    https://recovery-apple.gotdns.ch/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://u6899752.ct.sendgrid.net/wf/click?upn=IvZRLAj2aenFqEpf3maU-2FIQHmNNhwynVpXxetp3s1YM-3D_Lp7PE84onRc6DCFt4eaNd2lvKm-2FhB0LgGdsr9gblDJk2-2FBSYlUlc0a1kHtAoppgMKdFF5V3iq2h0rogDt7HHPj3vDPSqPMzIUElEoIxkS3NWx3P-2BYgt3wL3t7i2L4-2FV8wCAjTLNXQW94dsIeApCv6x4f3uv8L9RDJPYc5f-2F88ubqpeuQ92I1rDsT2imoCv0ezCukn45bJTgujA7eSZnC3eeT-2BYsJG8nFrD4qup-2BDr1w-3D HTTP 302
  • https://s.id/appscr

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set appscr
s.id/
Redirect Chain
  • https://u6899752.ct.sendgrid.net/wf/click?upn=IvZRLAj2aenFqEpf3maU-2FIQHmNNhwynVpXxetp3s1YM-3D_Lp7PE84onRc6DCFt4eaNd2lvKm-2FhB0LgGdsr9gblDJk2-2FBSYlUlc0a1kHtAoppgMKdFF5V3iq2h0rogDt7HHPj3vDPSqPMzIUE...
  • https://s.id/appscr
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.id/appscr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.119.112.228 , Indonesia, ASN56088 (PANDI-ID PANDI - Pengelola Nama Domain Internet Indonesia, ID),
Reverse DNS
s.id.112.119.203.in-addr.arpa
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
55b3f3be7c0d4eb7cdedf9e7c8c846c247678319561c2ffd841c00ca01a834b1

Request headers

Host
s.id
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Server
nginx/1.10.3 (Ubuntu)
Date
Tue, 10 Sep 2019 15:05:05 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Cache-Control
private, must-revalidate
pragma
no-cache
expires
-1
Set-Cookie
XSRF-TOKEN=eyJpdiI6IjdPQnEwTWVDeW02RzdzZ1VpQmlUWmc9PSIsInZhbHVlIjoiV1hUQlRhWkdob3lPS05qcUZTOWxMMXh3QTlyZHFLSUpqXC9cL1ZPTmFkNWN5Q0xKMW9cL082TFk2MFFvbllPQXkzVFZTNDRFTW9acWdzZ2JBRzJQdXZFNGc9PSIsIm1hYyI6IjM0MGI3MDljN2Q5ODkyNDQ3N2E3ZmJmNGE0NjYyMTc2NzFjMzk4ZjdmYmMwODVjYjU0ODc5OThlY2Q2MWUyYTAifQ%3D%3D; expires=Tue, 10-Sep-2019 17:05:05 GMT; Max-Age=7200; path=/ major_tom=eyJpdiI6IkNFTitPcTl2VDZQbHBzYlFyRVBuRnc9PSIsInZhbHVlIjoiWnlVMDhVVnRQeFNxRW9NVVUxdENQUHYyUE5xZ2pjZ1VrMHdiendrQUd3S2JuVVRpVnVqNE5WQVJZS0ZobTF1T25GZGF4bms1Q1BVaDN0eVNxRnllMGc9PSIsIm1hYyI6ImRmZWRiNjc0Njg4ZTdmNmI5YjJjYjI4NTkzZGUxMWQ3YmFlNjZlYmQ5ZmJhZjAyNGUxODg5MTEwZGNhOTMxMDYifQ%3D%3D; expires=Tue, 10-Sep-2019 17:05:05 GMT; Max-Age=7200; path=/; httponly
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Tue, 10 Sep 2019 15:05:04 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Location
https://s.id/appscr
X-Robots-Tag
noindex, nofollow
Primary Request Cookie set /
recovery-apple.gotdns.ch/
Redirect Chain
  • https://bshort.site/appcheck
  • https://recovery-apple.gotdns.ch/
241 B
778 B 		Document
General
Check archive.org
Download Go to
Full URL
https://recovery-apple.gotdns.ch/
Requested by
Host: s.id
URL: https://s.id/appscr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
157.230.206.185 New York, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
Apple /
Resource Hash
1d5efc46d79804190c1881b7fb79c5187ea069a1e0c241572a92c55f18643ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
recovery-apple.gotdns.ch
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://s.id/appscr
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://s.id/appscr

Response headers

Date
Tue, 10 Sep 2019 15:05:06 GMT
Server
Apple
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
X-BuildVersion
R3-2
X-FRAME-OPTIONS
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Host
appleid.apple.com
Content-Encoding
gzip
Vary
Accept-Encoding
Set-Cookie
PHPSESSID=a48de7d0eb186170746c574858af9c94; path=/
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

status
301
x-powered-by
PHP/5.6.40
set-cookie
PHPSESSID=j468gqt8s3kplugaf7uf2a5j26; path=/ short_appcheck=1; expires=Tue, 10-Sep-2019 15:35:05 GMT; Max-Age=1800; path=/; httponly
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
location
https://recovery-apple.gotdns.ch
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
content-length
20
content-encoding
gzip
date
Tue, 10 Sep 2019 15:05:05 GMT
server
LiteSpeed
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000
piwik.js
analytics.s.id/ 		64 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.s.id/piwik.js
Requested by
Host: s.id
URL: https://s.id/appscr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.119.112.228 , Indonesia, ASN56088 (PANDI-ID PANDI - Pengelola Nama Domain Internet Indonesia, ID),
Reverse DNS
s.id.112.119.203.in-addr.arpa
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://s.id/appscr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 10 Sep 2019 15:05:06 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 May 2018 03:36:14 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
W/"5afba72e-fed5"
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
piwik.php
analytics.s.id/ 		43 B
218 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.s.id/piwik.php?action_name=s.id%2F&idsite=12&rec=1&r=604509&h=17&m=5&s=6&url=https%3A%2F%2Fs.id%2Fappscr&_id=be68c324157990cc&_idts=1568127906&_idvc=1&_idn=0&_refts=0&_viewts=1568127906&send_image=1&cookie=1&res=1600x1200&dimension1=b64188a8-8ca7-48d3-9aea-8220902870e0&gt_ms=253&pv_id=8j3jlZ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.119.112.228 , Indonesia, ASN56088 (PANDI-ID PANDI - Pengelola Nama Domain Internet Indonesia, ID),
Reverse DNS
s.id.112.119.203.in-addr.arpa
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://s.id/appscr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 10 Sep 2019 15:05:06 GMT
Server
nginx/1.10.3 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
recovery-apple.gotdns.ch/ Name: PHPSESSID
Value: a48de7d0eb186170746c574858af9c94

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.s.id
bshort.site
recovery-apple.gotdns.ch
s.id
u6899752.ct.sendgrid.net
139.99.114.236
157.230.206.185
167.89.123.16
203.119.112.228
1d5efc46d79804190c1881b7fb79c5187ea069a1e0c241572a92c55f18643ef8
55b3f3be7c0d4eb7cdedf9e7c8c846c247678319561c2ffd841c00ca01a834b1