cr.thesafelink.co.uk

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 178.62.116.151, located in Slough, United Kingdom and belongs to DIGITALOCEAN-ASN, US. The main domain is cr.thesafelink.co.uk.

This is the only time cr.thesafelink.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	178.62.116.151 178.62.116.151	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	3

1 178.62.116.151 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)

cr.thesafelink.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	msauth.net logincdn.msauth.net — Cisco Umbrella Rank: 3676	21 KB
1	thesafelink.co.uk cr.thesafelink.co.uk	45 KB
3	2

	Domain	Requested by
2	logincdn.msauth.net	cr.thesafelink.co.uk
1	cr.thesafelink.co.uk
3	2

This site contains links to these domains. Also see Links.

Domain
home.thesafelink.co.uk

Subject Issuer	Validity	Valid
identitycdn.msauth.net Microsoft Azure RSA TLS Issuing CA 03	`2024-01-17` - `2025-01-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://cr.thesafelink.co.uk/?rid=IhWN4z0
Frame ID: 85BBAB9F4D95AFA9E3444EDB61A9AE77
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your DocuSign account

Page Statistics

3
Requests

67 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

66 kB
Transfer

218 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://home.thesafelink.co.uk/?rid=fMf3Bqk
Title: Create one!

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response cr.thesafelink.co.uk/	69 KB 45 KB	303ms 201ms	Document text/html	178.62.116.151 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL http://cr.thesafelink.co.uk/?rid=IhWN4z0 Protocol HTTP/1.1 Server 178.62.116.151 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software / Resource Hash `9f9fe9d5309d5d03885d94e49687e681d86d09ee6869ae278ff6c9936b8ca794` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Thu, 14 Mar 2024 09:58:15 GMT Transfer-Encoding chunked Vary Accept-Encoding X-Server gophish
GET H2	200	Converged_v22057_qWV3sGhBzcGORhNLatPttg2.css logincdn.msauth.net/16.000/	108 KB 20 KB	1081ms 896ms	Stylesheet text/css	2620:1ec:bdf::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://logincdn.msauth.net/16.000/Converged_v22057_qWV3sGhBzcGORhNLatPttg2.css Requested by Host: cr.thesafelink.co.uk URL: http://cr.thesafelink.co.uk/?rid=IhWN4z0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash `c305b2bd6f0006d596ff6e9e8b54297189acc00a10faccbbbf748e5feb1b48f2` Request headers accept-language en-GB,en;q=0.9 Referer http://cr.thesafelink.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 14 Mar 2024 09:58:16 GMT content-encoding gzip x-cache TCP_MISS x-fd-int-roxy-purgeid 0 content-length 20220 x-ms-lease-status unlocked last-modified Thu, 18 May 2023 12:18:51 GMT etag 0x8DB579A0AAAFB6E x-azure-ref 20240314T095815Z-uvpesqq52x5frda4hqy5qtfvhs000000050000000001edhr content-type text/css access-control-allow-origin * x-ms-request-id 84710f36-301e-0015-52f6-75d2b6000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	signin-options_4e48046ce74f4b89d45037c90576bfac.svg logincdn.msauth.net/shared/1.0/content/images/	2 KB 1 KB	173ms 70ms	Image image/svg+xml	2620:1ec:bdf::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg Requested by Host: cr.thesafelink.co.uk URL: http://cr.thesafelink.co.uk/?rid=IhWN4z0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash `8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93` Request headers accept-language en-GB,en;q=0.9 Referer http://cr.thesafelink.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 14 Mar 2024 09:58:15 GMT content-encoding gzip x-cache TCP_HIT x-cache-info L1_T2 x-fd-int-roxy-purgeid 0 content-length 621 x-ms-lease-status unlocked last-modified Tue, 10 Nov 2020 03:41:24 GMT etag 0x8D8852A7F48993A x-azure-ref 20240314T095815Z-uvpesqq52x5frda4hqy5qtfvhs000000050000000001edhs content-type image/svg+xml access-control-allow-origin * x-ms-request-id a20ad16a-101e-0017-53ad-7484b2000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bd01b16c981089cb0e1ca9662889b63d043f2d41c5f4c5a0449403b740c770e9` Request headers accept-language en-GB,en;q=0.9 Referer http://cr.thesafelink.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	34 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `729e9cd37ddc86c0604dc6defaa1d801205df7fd5efcdd43c8adea06dc1aa5b1` Request headers accept-language en-GB,en;q=0.9 Referer http://cr.thesafelink.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| PROOF

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cr.thesafelink.co.uk
logincdn.msauth.net
178.62.116.151
2620:1ec:bdf::45
729e9cd37ddc86c0604dc6defaa1d801205df7fd5efcdd43c8adea06dc1aa5b1
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
9f9fe9d5309d5d03885d94e49687e681d86d09ee6869ae278ff6c9936b8ca794
bd01b16c981089cb0e1ca9662889b63d043f2d41c5f4c5a0449403b740c770e9
c305b2bd6f0006d596ff6e9e8b54297189acc00a10faccbbbf748e5feb1b48f2

cr.thesafelink.co.uk Open in urlscan Pro 178.62.116.151 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

3 Requests

67 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

66 kBTransfer

218 kBSize

0 Cookies

1 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

Indicators

cr.thesafelink.co.uk Open in urlscan Pro
178.62.116.151 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

67 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

66 kB
Transfer

218 kB
Size

0
Cookies

3 HTTP transactions
2 data transactions