gauts-lwt.com
Open in
urlscan Pro
18.209.183.29
Public Scan
Submitted URL: https://apps.icloud.cm/
Effective URL: https://gauts-lwt.com/zclkvisitor/ea0d6b92-aa48-11ef-9d27-0affdde0eee7/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid...
Submission: On November 24 via automatic, source certstream-suspicious — Scanned from IT
Effective URL: https://gauts-lwt.com/zclkvisitor/ea0d6b92-aa48-11ef-9d27-0affdde0eee7/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid...
Submission: On November 24 via automatic, source certstream-suspicious — Scanned from IT
Summary
This website contacted 4 IPs
in 2 countries
across 5 domains to perform 6 HTTP transactions.
The main IP is 18.209.183.29, located in
Ashburn, United States and
belongs to AMAZON-AES, US.
The main domain is gauts-lwt.com.
The Cisco Umbrella rank of the primary domain is 612958.
TLS certificate: Issued by Amazon RSA 2048 M03 on November 4th 2024. Valid for: a year.
This is the only time gauts-lwt.com was scanned on urlscan.io!
TLS certificate: Issued by Amazon RSA 2048 M03 on November 4th 2024. Valid for: a year.
This is the only time gauts-lwt.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 5 | 64.190.63.222 64.190.63.222 | 47846 (SEDO-AS S...) (SEDO-AS SEDO GmbH) | |
| 1 | 205.234.175.175 205.234.175.175 | 30081 (CACHENETW...) (CACHENETWORKS) | |
| 1 1 | 173.239.53.32 173.239.53.32 | 27257 (WEBAIR-IN...) (WEBAIR-INTERNET) | |
| 1 | 18.209.183.29 18.209.183.29 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 6 | 4 |
1
205.234.175.175
(United States)
ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
| img.sedoparking.com |
1
18.209.183.29
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-209-183-29.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-209-183-29.compute-1.amazonaws.com
| gauts-lwt.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
icloud.cm
2 redirects
apps.icloud.cm |
3 KB |
| 1 |
gauts-lwt.com
gauts-lwt.com — Cisco Umbrella Rank: 612958 |
3 KB |
| 1 |
sedodna.com
1 redirects
xml.sedodna.com — Cisco Umbrella Rank: 301377 |
309 B |
| 1 |
sedoparking.com
img.sedoparking.com — Cisco Umbrella Rank: 65939 |
15 KB |
| 0 |
doubleclick.net
Failed
ad.doubleclick.net Failed |
|
| 6 | 5 |
| Domain | Requested by | |
|---|---|---|
| 5 | apps.icloud.cm |
2 redirects
apps.icloud.cm
|
| 1 | gauts-lwt.com |
apps.icloud.cm
|
| 1 | xml.sedodna.com | 1 redirects |
| 1 | img.sedoparking.com | |
| 0 | ad.doubleclick.net Failed |
gauts-lwt.com
|
| 6 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| apps.icloud.cm Encryption Everywhere DV TLS CA - G2 |
2024-11-24 - 2025-11-23 |
a year | crt.sh |
| *.cachefly.net GlobalSign RSA OV SSL CA 2018 |
2023-11-13 - 2024-12-14 |
a year | crt.sh |
| gauts-lwt.com Amazon RSA 2048 M03 |
2024-11-04 - 2025-12-03 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://ad.doubleclick.net/ddm/trackclk/N1987506.3660574INSTAL/B32908278.408642803;dc_trk_aid=600655787;dc_trk_cid=187225440;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=;dc_tdv=1&a=ea8be5bd-0830-4179-adae-c03d79c7780f:a98454431ae2f34005e337f0a3dfd56441eefcba
Frame ID: 7E3E0FC180D3CC7713A58788B0EA7AA6
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://apps.icloud.cm/ Page URL
-
https://apps.icloud.cm/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DFE6z3P76Qo...
HTTP 302
https://apps.icloud.cm/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DFE6z3P76Qo... HTTP 302
https://xml.sedodna.com/click?i=FE6z3P76QoQ_0 HTTP 302
https://gauts-lwt.com/zclkvisitor/ea0d6b92-aa48-11ef-9d27-0affdde0eee7/9232f590-d991-493f-b95d-d38... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://apps.icloud.cm/ Page URL
-
https://apps.icloud.cm/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DFE6z3P76QoQ_0&v=ZmNjMGI3M2JiNzlmNzJmODI5NDBlODNjYmQyNzlmMDcJMQlhcHBzLmljbG91ZC5jbTY3NDJmNWQ5MjMwZDA4LjQ2MTQ3NDcwCWFwcHMuaWNsb3VkLmNtNjc0MmY1ZDkyMzBmOTIuMTQwMTM5OTEJMTczMjQ0MTU2MwlhZF82M18w&l=ogcJF5m28-RQY7ZeHe81wejrzgkhKN4B1mlyW0xmyJAUYwKT_c_jZmkn1FlBYRDqWoy4cel0C1D8P57fI2Z70sPunR5VDaSlgsLFFcWBWnxzv_87zL5ieQE82BOR3CJAjCeqVNxBvhgqgZtgffFMSpELu_W1iQH7hIReTRGkHh11kXAlyn8mJDsYuSOGnXw_P3Lkp48s4rq3syaepP1WAZ9jTI2fuRv-CmLAs-xiZEzbICIj7ehzlOZVptiKONoHN32Rt7cG7Evw3eLc60izIzzRpt4tLhql3uTJSPEEAq5RTl7nkq4rxDSZzEQwhyeahSTC_yZamDgSt47ztvSb1xiAnXfJodHAb7TkoiZ0D_6xzhJ6cJF7Qgx8YVgiEAnqt1VH-UukN-KDGyVcpXXvIkdqzBWtN0rsoQ1TGGEwm3Ds5gAr_GhND1-HIn_uDmJrJx5drOasybvZuLEcmSKnqRZowypgfvBl6O2x6BFYLMobMBhyWBO5CdwXOL_UV2RwpFgBTRHsgK5U6TxOi1QxHd3Jkr6S9lWxL7GUXpKjZaNBPiAuRAfUHGa6rH250dm3mWC-40tMNFWf6Olq6v1ViQ4dBy3HIbRT7Ng1JS-HNUTc_lL5RTc4bnpZdDEz6iUQjw143kfOnHTz-lwGWBb8B0JCKZQyT66yy40an8y9QBGZsRRZ2xKbBOM8Cp-F84nuPwHXkOnfhCtkMfkdQ
HTTP 302
https://apps.icloud.cm/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DFE6z3P76QoQ_0&v=ZmNjMGI3M2JiNzlmNzJmODI5NDBlODNjYmQyNzlmMDcJMQlhcHBzLmljbG91ZC5jbTY3NDJmNWQ5MjMwZDA4LjQ2MTQ3NDcwCWFwcHMuaWNsb3VkLmNtNjc0MmY1ZDkyMzBmOTIuMTQwMTM5OTEJMTczMjQ0MTU2MwlhZF82M18w&l=ogcJF5m28-RQY7ZeHe81wejrzgkhKN4B1mlyW0xmyJAUYwKT_c_jZmkn1FlBYRDqWoy4cel0C1D8P57fI2Z70sPunR5VDaSlgsLFFcWBWnxzv_87zL5ieQE82BOR3CJAjCeqVNxBvhgqgZtgffFMSpELu_W1iQH7hIReTRGkHh11kXAlyn8mJDsYuSOGnXw_P3Lkp48s4rq3syaepP1WAZ9jTI2fuRv-CmLAs-xiZEzbICIj7ehzlOZVptiKONoHN32Rt7cG7Evw3eLc60izIzzRpt4tLhql3uTJSPEEAq5RTl7nkq4rxDSZzEQwhyeahSTC_yZamDgSt47ztvSb1xiAnXfJodHAb7TkoiZ0D_6xzhJ6cJF7Qgx8YVgiEAnqt1VH-UukN-KDGyVcpXXvIkdqzBWtN0rsoQ1TGGEwm3Ds5gAr_GhND1-HIn_uDmJrJx5drOasybvZuLEcmSKnqRZowypgfvBl6O2x6BFYLMobMBhyWBO5CdwXOL_UV2RwpFgBTRHsgK5U6TxOi1QxHd3Jkr6S9lWxL7GUXpKjZaNBPiAuRAfUHGa6rH250dm3mWC-40tMNFWf6Olq6v1ViQ4dBy3HIbRT7Ng1JS-HNUTc_lL5RTc4bnpZdDEz6iUQjw143kfOnHTz-lwGWBb8B0JCKZQyT66yy40an8y9QBGZsRRZ2xKbBOM8Cp-F84nuPwHXkOnfhCtkMfkdQ HTTP 302
https://xml.sedodna.com/click?i=FE6z3P76QoQ_0 HTTP 302
https://gauts-lwt.com/zclkvisitor/ea0d6b92-aa48-11ef-9d27-0affdde0eee7/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=1e63ca00-a5b3-11ef-8fe9-12832fc4c381 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://gauts-lwt.com/zclkredirect?visitid=ea0d6b92-aa48-11ef-9d27-0affdde0eee7&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC%2B01%3A00&timezoneName=Europe%2FRome HTTP 302
- https://farm.performyze.com/tracking/click/1146734b-6bbc-48e3-91fd-61f3140fcd31/ HTTP 302
- https://vidi-skok.club/trkclk/?pid=2701&cid=3301440&custom1=&custom2=1146734b-6bbc-48e3-91fd-61f3140fcd31 HTTP 302
- https://ad.doubleclick.net/ddm/trackclk/N1987506.3660574INSTAL/B32908278.408642803;dc_trk_aid=600655787;dc_trk_cid=187225440;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=;dc_tdv=1&a=ea8be5bd-0830-4179-adae-c03d79c7780f:a98454431ae2f34005e337f0a3dfd56441eefcba
6 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
apps.icloud.cm/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js_preloader.gif
apps.icloud.cm/img.sedoparking.com/images/ |
0 19 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tsc.php
apps.icloud.cm/search/ |
0 35 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sedo_logo.png
img.sedoparking.com/templates/logos/ |
15 KB 15 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
9232f590-d991-493f-b95d-d38c0c6cdd28
gauts-lwt.com/zclkvisitor/ea0d6b92-aa48-11ef-9d27-0affdde0eee7/ Redirect Chain
|
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
B32908278.408642803;dc_trk_aid=600655787;dc_trk_cid=187225440;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=;dc_tdv=1&a=ea8be5bd...
ad.doubleclick.net/ddm/trackclk/N1987506.3660574INSTAL/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ad.doubleclick.net
- URL
- https://ad.doubleclick.net/ddm/trackclk/N1987506.3660574INSTAL/B32908278.408642803;dc_trk_aid=600655787;dc_trk_cid=187225440;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=;dc_tdv=1&a=ea8be5bd-0830-4179-adae-c03d79c7780f:a98454431ae2f34005e337f0a3dfd56441eefcba
Verdicts & Comments Add Verdict or Comment
3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| maxWaitTime number| nextCheckDelay function| getBrowserInfoAfterDOMLoaded2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| vidi-skok.club/ | Name: cx_ntsl_i Value: 86a4c1cb-095c-43a9-a923-aa2161fe48a6 |
|
| vidi-skok.club/ | Name: instal-cookie Value: "2|1:0|10:1732441567|13:instal-cookie|124:eyIzMzAxNDQwIjogImVhOGJlNWJkLTA4MzAtNDE3OS1hZGFlLWMwM2Q3OWM3NzgwZjphOTg0NTQ0MzFhZTJmMzQwMDVlMzM3ZjBhM2RmZDU2NDQxZWVmY2JhIn0=|782a5763fc981ff506b1d1b725bf70e659a1f5b42107c90abbfbbde80935f6f6" |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad.doubleclick.net
apps.icloud.cm
gauts-lwt.com
img.sedoparking.com
xml.sedodna.com
ad.doubleclick.net
173.239.53.32
18.209.183.29
205.234.175.175
64.190.63.222
18e0ccdf7e6d5dc8f0eee8954c8352acba7db7c064ca4ff34bc769c4b9aada30
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6cc2601293606513e1ae32c0642d89900ec4feb5a80588521dea11456263394