winbir476.com - urlscan.io

Summary

This website contacted 2 IPs in 4 countries across 8 domains to perform 4 HTTP transactions. The main IP is 103.253.186.213, located in Philippines and belongs to SPLUNKNET-PH MCPO Box 1906, PH. The main domain is winbir476.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 19th 2024. Valid for: 3 months.

This is the only time winbir476.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.94.14.19 3.94.14.19	14618 (AMAZON-AES) (AMAZON-AES)
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	185.151.30.186 185.151.30.186	48254 (TWENTYI) (TWENTYI)
1 1	2a07:7800::174 2a07:7800::174	48254 (TWENTYI) (TWENTYI)
1 1	185.151.30.220 185.151.30.220	48254 (TWENTYI) (TWENTYI)
1 4	103.253.186.213 103.253.186.213	45504 (SPLUNKNET...) (SPLUNKNET-PH MCPO Box 1906)
1	2400:52e0:1e0... 2400:52e0:1e00::1054:1	60068 (CDN77 _) (CDN77 _)
4	2

1 3.94.14.19 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-14-19.compute-1.amazonaws.com

smr4.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.151.30.186 (United Kingdom) 2 redirects

ASN48254 (TWENTYI, GB)
PTR: 185-151-30-186.ptr4.stackcp.net

winbir458.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
winbir466.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a07:7800::174 (United Kingdom) 1 redirects

ASN48254 (TWENTYI, GB)

winbirguncel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.151.30.220 (United Kingdom) 1 redirects

ASN48254 (TWENTYI, GB)
PTR: 185-151-30-220.ptr4.stackcp.net

winbirguncel1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 103.253.186.213 (Philippines) 1 redirects

ASN45504 (SPLUNKNET-PH MCPO Box 1906, PH)

winbir476.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1054:1 (Germany)

ASN60068 (CDN77 _, GB)

winbir.b-cdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	winbir476.com 1 redirects winbir476.com	135 KB
1	b-cdn.net winbir.b-cdn.net	7 KB
1	winbirguncel1.com 1 redirects winbirguncel1.com	426 B
1	winbir466.com 1 redirects winbir466.com	434 B
1	winbirguncel.com 1 redirects winbirguncel.com	426 B
1	winbir458.com 1 redirects winbir458.com	432 B
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 7196	401 B
1	smr4.cc 1 redirects smr4.cc	162 B
4	8

	Domain	Requested by
4	winbir476.com	1 redirects winbir476.com
1	winbir.b-cdn.net	winbir476.com
1	winbirguncel1.com	1 redirects
1	winbir466.com	1 redirects
1	winbirguncel.com	1 redirects
1	winbir458.com	1 redirects
1	bit.ly	1 redirects
1	smr4.cc	1 redirects
4	8

This site contains no links.

Subject Issuer	Validity	Valid
winbir.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-19` - `2024-10-14`	3 months	crt.sh
*.b-cdn.net Sectigo RSA Domain Validation Secure Server CA	`2023-11-05` - `2024-11-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://winbir476.com/restricted.html
Frame ID: 9866A75B6D073256355A105D32E5AB7A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

505 Bad Gateway Page

Page URL History Show full URLs

https://smr4.cc/sFC3o HTTP 301
https://bit.ly/winbirhome HTTP 301
https://winbir458.com/tr HTTP 301
https://winbirguncel.com/ HTTP 301
https://winbir466.com/ HTTP 301
https://winbirguncel1.com/ HTTP 301
https://winbir476.com/ HTTP 302
http://winbir476.com/restricted.html HTTP 307
https://winbir476.com/restricted.html Page URL

Page Statistics

4
Requests

100 %
HTTPS

29 %
IPv6

8
Domains

8
Subdomains

2
IPs

4
Countries

142 kB
Transfer

142 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://smr4.cc/sFC3o HTTP 301
https://bit.ly/winbirhome HTTP 301
https://winbir458.com/tr HTTP 301
https://winbirguncel.com/ HTTP 301
https://winbir466.com/ HTTP 301
https://winbirguncel1.com/ HTTP 301
https://winbir476.com/ HTTP 302
http://winbir476.com/restricted.html HTTP 307
https://winbir476.com/restricted.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request restricted.html Show response
winbir476.com/
Redirect Chain

https://smr4.cc/sFC3o
https://bit.ly/winbirhome
https://winbir458.com/tr
https://winbirguncel.com/
https://winbir466.com/
https://winbirguncel1.com/
https://winbir476.com/
http://winbir476.com/restricted.html
https://winbir476.com/restricted.html

2 KB
1 KB

167ms
166ms

Document
text/html

103.253.186.213
SPLUNKNET-PH MCPO...

General

Check archive.org

Show headers Download Go to

Full URL: https://winbir476.com/restricted.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.253.186.213 , Philippines, ASN45504 (SPLUNKNET-PH MCPO Box 1906, PH),
Reverse DNS
Software: 2.0.0 /
Resource Hash: c823ad98acbda92c62e70564a436c64a23927e90a89a24e7543e0aa995c49ef4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Age: 0
Cache-stat: MISS
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 07 Oct 2024 08:53:20 GMT
ETag: W/"66b609d3-7f8"
Last-Modified: Fri, 09 Aug 2024 12:21:39 GMT
Server: 2.0.0
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-NXG: 908287832

Redirect headers

Location: https://winbir476.com/restricted.html
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 winbir_logo_restricted.png
winbir.b-cdn.net/assets2024/images/logo/ 7 KB
7 KB 204ms
74ms Image
image/png 2400:52e0:1e00::1054:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winbir.b-cdn.net/assets2024/images/logo/winbir_logo_restricted.png
Requested by: Host: winbir476.com
URL: https://winbir476.com/restricted.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1054:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1054 /
Resource Hash: 3d0944727afdcfac9e80cf4f1e11cef87869a63caf87a5987d1de43836a16e3f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://winbir476.com/

Response headers

cdn-status: 200
cdn-fileserver: 817
date: Mon, 07 Oct 2024 08:53:21 GMT
cdn-storageserver: DE-383
content-type: image/png
cdn-cachedat: 10/07/2024 08:53:21
last-modified: Fri, 16 Aug 2024 13:28:42 GMT
cdn-requestpullcode: 206
cdn-cache: MISS
cache-control: public, max-age=86400
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: ddee335d-03fe-4070-9eb8-a8a0b94a1daf
cdn-requestid: ccaa303ecf4a25389d97311a0d10fb5f
cdn-pullzone: 1507296
cdn-proxyver: 1.04
accept-ranges: bytes
content-length: 6675
cdn-edgestorageid: 1047
server: BunnyCDN-DE1-1054
cdn-requestcountrycode: FI

GET
H/1.1 200
OK background_empty.jpg
winbir476.com/restricted-static/ 118 KB
118 KB 266ms
266ms Image
image/jpeg 103.253.186.213
SPLUNKNET-PH MCPO...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winbir476.com/restricted-static/background_empty.jpg
Requested by: Host: winbir476.com
URL: https://winbir476.com/restricted.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.253.186.213 , Philippines, ASN45504 (SPLUNKNET-PH MCPO Box 1906, PH),
Reverse DNS
Software: 2.0.0 /
Resource Hash: ffaae52bba83afa7a9022c525b86a1f77b0dc5a266d15c43903135007c339f5b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://winbir476.com/restricted.html

Response headers

ETag: "6661a8c3-1d8ce"
Age: 0
X-NXG: 912531941
Accept-Ranges: bytes
Cache-stat: MISS
Content-Length: 121038
Date: Mon, 07 Oct 2024 08:53:20 GMT
Content-Type: image/jpeg
Last-Modified: Thu, 06 Jun 2024 12:17:07 GMT
Server: 2.0.0

GET
H/1.1 200
OK favicon.ico
winbir476.com/ 15 KB
15 KB 67ms
67ms Other
image/x-icon 103.253.186.213
SPLUNKNET-PH MCPO...

General

Check archive.org

Show headers Download Go to

Full URL

https://winbir476.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.253.186.213 , Philippines, ASN45504 (SPLUNKNET-PH MCPO Box 1906, PH),

Reverse DNS

Software

2.0.0 /

Resource Hash

aa57e5365baf216f7d1371d8b28a37da4e83efb2d5697292ef1528f935ae8126

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://winbir476.com/restricted.html

Response headers

ETag: "66fd8e2c-3c2e"
Age: 852
X-NXG: 910075340 905639794
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-stat: HIT
Content-Length: 15406
Date: Mon, 07 Oct 2024 08:39:09 GMT
Content-Type: image/x-icon
Last-Modified: Wed, 02 Oct 2024 18:17:16 GMT
Server: 2.0.0
X-FRAME-OPTIONS: SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bit.ly/	1970-01-21 04:24:03	Name: _bit Value: o978Rj-9f833911050d83d15a-00r
			.winbir476.com/	1970-01-21 00:06:17	Name: __nxquid Value: vLHDGvqy1x9BJiaNA/yLVGu7eCqrwg==0013

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
smr4.cc
winbir.b-cdn.net
winbir458.com
winbir466.com
winbir476.com
winbirguncel.com
winbirguncel1.com
103.253.186.213
185.151.30.186
185.151.30.220
2400:52e0:1e00::1054:1
2a07:7800::174
3.94.14.19
67.199.248.11
3d0944727afdcfac9e80cf4f1e11cef87869a63caf87a5987d1de43836a16e3f
aa57e5365baf216f7d1371d8b28a37da4e83efb2d5697292ef1528f935ae8126
c823ad98acbda92c62e70564a436c64a23927e90a89a24e7543e0aa995c49ef4
ffaae52bba83afa7a9022c525b86a1f77b0dc5a266d15c43903135007c339f5b

winbir476.com Open in urlscan Pro 103.253.186.213 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

29 %IPv6

8 Domains

8 Subdomains

2 IPs

4 Countries

142 kBTransfer

142 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

Indicators

winbir476.com Open in urlscan Pro
103.253.186.213 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

29 %
IPv6

8
Domains

8
Subdomains

2
IPs

4
Countries

142 kB
Transfer

142 kB
Size

2
Cookies

4 HTTP transactions
0 data transactions