cloth-jqq.com
Open in
urlscan Pro
52.44.190.239
Public Scan
Submitted URL: http://mygoverment.org/
Effective URL: https://cloth-jqq.com/zclkvisitor/e1057123-6d56-11ef-ab38-0afff7d3031d/f8472a30-a5e5-11ec-9226-0a76dcc61f13?campaignid...
Submission Tags: @ecarlesi threat phishing Search All
Submission: On September 07 via api from IT — Scanned from IT
Effective URL: https://cloth-jqq.com/zclkvisitor/e1057123-6d56-11ef-ab38-0afff7d3031d/f8472a30-a5e5-11ec-9226-0a76dcc61f13?campaignid...
Submission Tags: @ecarlesi threat phishing Search All
Submission: On September 07 via api from IT — Scanned from IT
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 3 HTTP transactions.
The main IP is 52.44.190.239, located in
Ashburn, United States and
belongs to AMAZON-AES, US.
The main domain is cloth-jqq.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on September 3rd 2024. Valid for: a year.
This is the only time cloth-jqq.com was scanned on urlscan.io!
TLS certificate: Issued by Amazon RSA 2048 M03 on September 3rd 2024. Valid for: a year.
This is the only time cloth-jqq.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 72.14.178.174 72.14.178.174 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
| 1 | 52.44.190.239 52.44.190.239 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 3 | 3 |
2
72.14.178.174
(Richardson, United States)
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li40-174.members.linode.com
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li40-174.members.linode.com
| mygoverment.org |
1
52.44.190.239
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-190-239.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-190-239.compute-1.amazonaws.com
| cloth-jqq.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
mygoverment.org
1 redirects
mygoverment.org |
1 KB |
| 1 |
cloth-jqq.com
cloth-jqq.com |
3 KB |
| 0 |
luxhotel.net
Failed
luxhotel.net Failed |
|
| 3 | 3 |
| Domain | Requested by | |
|---|---|---|
| 2 | mygoverment.org | 1 redirects |
| 1 | cloth-jqq.com |
mygoverment.org
|
| 0 | luxhotel.net Failed |
cloth-jqq.com
|
| 3 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| mygoverment.org R11 |
2024-09-07 - 2024-12-06 |
3 months | crt.sh |
| cloth-jqq.com Amazon RSA 2048 M03 |
2024-09-03 - 2025-10-02 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://luxhotel.net/?utm_source=zeropark&utm_medium=erythraean-weasel&utm_campaign=
Frame ID: D17C742861AA19743C818D7A2AC88EDE
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://mygoverment.org/
HTTP 307
https://mygoverment.org/ Page URL
-
https://mygoverment.org/?gp=1&js=1&uuid=1725740537.0023294678&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjo...
HTTP 302
https://cloth-jqq.com/zclkvisitor/e1057123-6d56-11ef-ab38-0afff7d3031d/f8472a30-a5e5-11ec-9226-0a7... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://mygoverment.org/
HTTP 307
https://mygoverment.org/ Page URL
-
https://mygoverment.org/?gp=1&js=1&uuid=1725740537.0023294678&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC43In0=
HTTP 302
https://cloth-jqq.com/zclkvisitor/e1057123-6d56-11ef-ab38-0afff7d3031d/f8472a30-a5e5-11ec-9226-0a76dcc61f13?campaignid=2200f6a0-a3e9-11ee-857f-123f4a2b6bb7 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://mygoverment.org/ HTTP 307
- https://mygoverment.org/
- https://cloth-jqq.com/zclkredirect?visitid=e1057123-6d56-11ef-ab38-0afff7d3031d&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B02%3A00&timezoneName=Europe%2FRome HTTP 302
- https://clicktracking.g2afse.com/click?pid=778&offer_id=4155&sub1=zre10571236d5611efab380afff7d3031dc01a0d57ecb34cc09d66d2b858cd8144084908e9da7e98aa3a&sub3=erythraean-weasel&sub4=0.001000&sub5=DOMAIN__broad&sub2=zeropark&sub6=NON-ADULT&sub7=bravo-zed-vqpe24gzdm&sub8= HTTP 302
- https://luxhotel.net/?utm_source=zeropark&utm_medium=erythraean-weasel&utm_campaign=
3 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
mygoverment.org/ Redirect Chain
|
993 B 753 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
f8472a30-a5e5-11ec-9226-0a76dcc61f13
cloth-jqq.com/zclkvisitor/e1057123-6d56-11ef-ab38-0afff7d3031d/ Redirect Chain
|
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
luxhotel.net/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- luxhotel.net
- URL
- https://luxhotel.net/?utm_source=zeropark&utm_medium=erythraean-weasel&utm_campaign=
Verdicts & Comments Add Verdict or Comment
3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| maxWaitTime number| nextCheckDelay function| getBrowserInfoAfterDOMLoaded3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| mygoverment.org/ | Name: mtm_delivered Value: "" |
|
| clicktracking.g2afse.com/ | Name: afclick Value: 66dcb5fca9212e0001b4acfc |
|
| clicktracking.g2afse.com/ | Name: afoffers Value: {"4155":1725740540} |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cloth-jqq.com
luxhotel.net
mygoverment.org
luxhotel.net
52.44.190.239
72.14.178.174
e93ee5bc066518bd7ec7f96e1a1b9098a9b7a589a33d885d56a52badab92cf02