get.greatlifebargains2024.com Open in urlscan Pro
108.178.23.115 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://intellectualastray.top/oioTTTEipj?ozrv1703717093514
Effective URL:
https://get.greatlifebargains2024.com/proc.php?2b8f527e6da9b2e075e435a6b786711a27ed551d
Submission Tags: falconsandbox
Submission: On January 08 via api (January 8th 2024, 6:05:19 pm UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 9 HTTP transactions. The main IP is 108.178.23.115, located in United States and belongs to SINGLEHOP-LLC, US. The main domain is get.greatlifebargains2024.com. The Cisco Umbrella rank of the primary domain is 199088.
TLS certificate: Issued by R3 on December 6th 2023. Valid for: 3 months.

This is the only time get.greatlifebargains2024.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700:303... 2606:4700:3037::6815:4aba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.155.184.32 185.155.184.32	5398 (AS5398) (AS5398)
1 2	185.155.186.26 185.155.186.26	203639 (TEKNOLOGY) (TEKNOLOGY)
2	108.178.23.115 108.178.23.115	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
9	6

2 2606:4700:3037::6815:4aba (United States)

ASN13335 (CLOUDFLARENET, US)

intellectualastray.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

m.erredirect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.155.184.32 (Switzerland)

ASN5398 (AS5398, CH)

prizebigtop.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.155.186.26 (Switzerland) 1 redirects

ASN203639 (TEKNOLOGY, CH)

85.ayusski.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.178.23.115 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

get.greatlifebargains2024.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	greatlifebargains2024.com get.greatlifebargains2024.com — Cisco Umbrella Rank: 199088	3 KB
2	ayusski.live 1 redirects 85.ayusski.live	4 KB
2	intellectualastray.top intellectualastray.top	2 KB
1	prizebigtop.life prizebigtop.life	38 KB
1	erredirect.com m.erredirect.com	576 B
0	qeh8.com Failed v111304.qeh8.com Failed
0	baidu.com Failed hm.baidu.com Failed
9	7

	Domain	Requested by
2	get.greatlifebargains2024.com	85.ayusski.live get.greatlifebargains2024.com
2	85.ayusski.live	1 redirects prizebigtop.life
2	intellectualastray.top	intellectualastray.top
1	prizebigtop.life	m.erredirect.com
1	m.erredirect.com	intellectualastray.top
0	v111304.qeh8.com Failed	get.greatlifebargains2024.com
0	hm.baidu.com Failed	intellectualastray.top
9	7

This site contains no links.

Subject Issuer	Validity	Valid
intellectualastray.top E1	`2023-12-16` - `2024-03-15`	3 months	crt.sh
erredirect.com E1	`2023-12-30` - `2024-03-29`	3 months	crt.sh
prizebigtop.life R3	`2023-12-26` - `2024-03-25`	3 months	crt.sh
ayusski.live R3	`2023-12-28` - `2024-03-27`	3 months	crt.sh
get.greatlifebargains2024.com R3	`2023-12-06` - `2024-03-05`	3 months	crt.sh

This page contains 1 frames:

Frame: https://v111304.qeh8.com/go.php?ad=dpmly88mjyqsa7zl6x30&sid=M7321790153142304914&pub=1314&pid=1314-5ecd6faz&c=0&app=unknown&br=Chrome&os=[[os]]&d=Google+Chrome&ca=DE+WiFi&a=0
Frame ID: 1D7B7497AEB3EA9B07457835CA366438
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Click "Allow" To Continue

Page URL History Show full URLs

https://intellectualastray.top/oioTTTEipj?ozrv1703717093514 Page URL
https://intellectualastray.top/404/nfp.html Page URL
https://m.erredirect.com/ Page URL
https://prizebigtop.life/?u=r0lpd0d&o=9nzny9q&m=1&t=op24DE&cid=op24_DE Page URL
https://85.ayusski.live/nhmtmsvp/article85.doc?u=r0lpd0d&o=9nzny9q&m=1&t=op24DE&cid=op24_DE&f=1&sid=... Page URL
https://85.ayusski.live/web/?sid=t9~b1wabw2yzrln4bm2tj1w4qyd HTTP 302
https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=de8f... Page URL
https://get.greatlifebargains2024.com/proc.php?2b8f527e6da9b2e075e435a6b786711a27ed551d Page URL

Page Statistics

9
Requests

78 %
HTTPS

40 %
IPv6

7
Domains

7
Subdomains

6
IPs

2
Countries

47 kB
Transfer

50 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://intellectualastray.top/oioTTTEipj?ozrv1703717093514 Page URL
https://intellectualastray.top/404/nfp.html Page URL
https://m.erredirect.com/ Page URL
https://prizebigtop.life/?u=r0lpd0d&o=9nzny9q&m=1&t=op24DE&cid=op24_DE Page URL
https://85.ayusski.live/nhmtmsvp/article85.doc?u=r0lpd0d&o=9nzny9q&m=1&t=op24DE&cid=op24_DE&f=1&sid=t9~b1wabw2yzrln4bm2tj1w4qyd&fp=OKy9yg26pCo6GEyZvaYsNA%3D%3D Page URL
https://85.ayusski.live/web/?sid=t9~b1wabw2yzrln4bm2tj1w4qyd HTTP 302
https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=de8f2eab-0ea8-43cc-af8d-1568537025c7&np=1 Page URL
https://get.greatlifebargains2024.com/proc.php?2b8f527e6da9b2e075e435a6b786711a27ed551d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://85.ayusski.live/web/?sid=t9~b1wabw2yzrln4bm2tj1w4qyd HTTP 302
https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=de8f2eab-0ea8-43cc-af8d-1568537025c7&np=1

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	oioTTTEipj intellectualastray.top/	1 KB 1 KB	358ms 82ms	Document text/html	2606:4700:3037::6815:4aba CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://intellectualastray.top/oioTTTEipj?ozrv1703717093514 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:4aba , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-headers X-Requested-With,X_Requested_With,X-PINGOTHER,Content-Type access-control-allow-methods POST,GET,OPTIONS access-control-allow-origin * alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 84265e0c59733ca7-CDG content-encoding br content-type text/html; charset=UTF-8 date Mon, 08 Jan 2024 18:05:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KvmSp70trYSFeNz7tVKBPWXAw%2F%2FHPeiGxhMUptoNmy8HuGw8ceuQ35I2qbA%2Fo57KB9zWDCx1o1JD35ACBRGWHo6ma2y4ATi4ppdHO4laERYDrWX7C0Uw82SV%2F%2Fd9rjt%2B4quZY0vBmQaKnFiEWUWJ4KUsVJPX"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	nfp.html Show response intellectualastray.top/404/	829 B 719 B	48ms 48ms	Document text/html	2606:4700:3037::6815:4aba CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://intellectualastray.top/404/nfp.html Requested by Host: intellectualastray.top URL: https://intellectualastray.top/oioTTTEipj?ozrv1703717093514 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:4aba , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `243568c1285d2a6af45172e0141bdc9cfa8628d81b99f09227016804a435ce3a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 84265e0e5e1b3ca7-CDG content-encoding br content-type text/html date Mon, 08 Jan 2024 18:05:13 GMT last-modified Sat, 30 Dec 2023 19:35:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X0JbycqtlEdy7BJJwq5jVMHmg8KxZqt8MC3FonpLGfvCm6sMcYcahc9O%2BTmhP1HVaghtPi4FbWTPh3IpN9XPNw929QysDxVLZ28Hfw%2BvpmIyhuEdOL3WeKORTuHNAPCRLHyNPjOFkZDmiA5WSknAQKFRIleC"}],"group":"cf-nel","max_age":604800} server cloudflare
GET		hm.js hm.baidu.com/	0 0

GET H2	200	/ m.erredirect.com/	142 B 576 B	247ms 176ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://m.erredirect.com/ Requested by Host: intellectualastray.top URL: https://intellectualastray.top/404/nfp.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://intellectualastray.top/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 84265e0fdda5b8d9-AMS content-encoding br content-type text/html; charset=UTF-8 date Mon, 08 Jan 2024 18:05:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iobQdy1xqforyI%2FYFlVvvFnLXYcMdWPwpeQ5lyqPpjreD98sYMooi%2Fo0hzBuSS8mMvtUoIl8lG31IYQhPlzXfO5AKKYa7OLllEZP7%2BllQ1Kpk7Ij38T1pMgRx8Lug70cHfpDH%2B4u5sEUEL51130q"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H/1.1	200 OK	/ Show response prizebigtop.life/	37 KB 38 KB	177ms 51ms	Document text/html	185.155.184.32 AS5398
General Check archive.org Show headers Download Go to Full URL https://prizebigtop.life/?u=r0lpd0d&o=9nzny9q&m=1&t=op24DE&cid=op24_DE Requested by Host: m.erredirect.com URL: https://m.erredirect.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 185.155.184.32 , Switzerland, ASN5398 (AS5398, CH), Reverse DNS Software nginx / Resource Hash `cea116b1b88d7293804ad498cbd0c83ec601a411d8f7425e2de081097de7e56a` Request headers Referer https://m.erredirect.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-transform Connection keep-alive Content-Length 38187 Content-Type text/html Date Mon, 08 Jan 2024 18:05:13 GMT Server nginx cache-control private
GET H/1.1	200 OK	article85.doc 85.ayusski.live/nhmtmsvp/	3 KB 4 KB	188ms 35ms	Document text/html	185.155.186.26 TEKNOLOGY
General Check archive.org Show headers Download Go to Full URL https://85.ayusski.live/nhmtmsvp/article85.doc?u=r0lpd0d&o=9nzny9q&m=1&t=op24DE&cid=op24_DE&f=1&sid=t9~b1wabw2yzrln4bm2tj1w4qyd&fp=OKy9yg26pCo6GEyZvaYsNA%3D%3D Requested by Host: prizebigtop.life URL: https://prizebigtop.life/?u=r0lpd0d&o=9nzny9q&m=1&t=op24DE&cid=op24_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305 Server 185.155.186.26 , Switzerland, ASN203639 (TEKNOLOGY, CH), Reverse DNS Software openresty / Resource Hash Request headers Referer https://prizebigtop.life/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Length 3434 Content-Type text/html Date Mon, 08 Jan 2024 18:05:14 GMT Server openresty cache-control private
GET H2	200	/ Show response get.greatlifebargains2024.com/ Redirect Chain https://85.ayusski.live/web/?sid=t9~b1wabw2yzrln4bm2tj1w4qyd https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=de8f2eab-0ea8-43cc-af8d-1568537025c7&np=1	6 KB 2 KB	395ms 126ms	Document text/html	108.178.23.115 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=de8f2eab-0ea8-43cc-af8d-1568537025c7&np=1 Requested by Host: 85.ayusski.live URL: https://85.ayusski.live/nhmtmsvp/article85.doc?u=r0lpd0d&o=9nzny9q&m=1&t=op24DE&cid=op24_DE&f=1&sid=t9~b1wabw2yzrln4bm2tj1w4qyd&fp=OKy9yg26pCo6GEyZvaYsNA%3D%3D Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.178.23.115 , United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS server04.com-2.mobi Software nginx / PHP/8.2.8 Resource Hash `dc4ecca9b99c1d3adeed0e68ca50ba8f11cae7e32d19208630ed2d4bc77139d4` Request headers Referer https://85.ayusski.live/nhmtmsvp/article85.doc?u=r0lpd0d&o=9nzny9q&m=1&t=op24DE&cid=op24_DE&f=1&sid=t9~b1wabw2yzrln4bm2tj1w4qyd&fp=OKy9yg26pCo6GEyZvaYsNA%3D%3D Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version cache-control no-store, no-cache, must-revalidate, max-age=0 content-encoding gzip content-type text/html; charset=utf-8 date Mon, 08 Jan 2024 18:05:14 GMT expires Thu, 01 Jan 1970 00:00:00 GMT pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.2.8 Redirect headers Connection keep-alive Content-Length 280 Content-Type text/html; charset=utf-8 Date Mon, 08 Jan 2024 18:05:14 GMT Server openresty cache-control private location https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=de8f2eab-0ea8-43cc-af8d-1568537025c7&np=1 referrer-policy no-referrer
GET H2	200	Primary Request proc.php get.greatlifebargains2024.com/	1 KB 1 KB	125ms 124ms	Document text/html	108.178.23.115 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://get.greatlifebargains2024.com/proc.php?2b8f527e6da9b2e075e435a6b786711a27ed551d Requested by Host: get.greatlifebargains2024.com URL: https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=de8f2eab-0ea8-43cc-af8d-1568537025c7&np=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.178.23.115 , United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS server04.com-2.mobi Software nginx / PHP/8.2.8 Resource Hash Request headers Referer https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=de8f2eab-0ea8-43cc-af8d-1568537025c7&np=1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version cache-control no-store, no-cache, must-revalidate, max-age=0 content-encoding gzip content-type text/html; charset=UTF-8 date Mon, 08 Jan 2024 18:05:19 GMT expires Thu, 01 Jan 1970 00:00:00 GMT location https://v111304.qeh8.com/go.php?ad=dpmly88mjyqsa7zl6x30&sid=M7321790153142304914&pub=1314&pid=1314-5ecd6faz&c=0&app=unknown&br=Chrome&os=[[os]]&d=Google+Chrome&ca=DE+WiFi&a=0 pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.2.8
GET		go.php v111304.qeh8.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hm.baidu.com
URL: https://hm.baidu.com/hm.js?e6d5c1513b650adee00ba52513a6c25c

Domain: v111304.qeh8.com
URL: https://v111304.qeh8.com/go.php?ad=dpmly88mjyqsa7zl6x30&sid=M7321790153142304914&pub=1314&pid=1314-5ecd6faz&c=0&app=unknown&br=Chrome&os=[[os]]&d=Google+Chrome&ca=DE+WiFi&a=0

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
prizebigtop.life/	1969-12-31 23:59:59	Name: sid Value: t9~b1wabw2yzrln4bm2tj1w4qyd
prizebigtop.life/	1969-12-31 23:59:59	Name: p1 Value: https://ayusski.live/nhmtmsvp/
prizebigtop.life/	1969-12-31 23:59:59	Name: s1 Value: bybvv5fm8ygx8ld4
85.ayusski.live/	1970-01-20 17:33:43	Name: IsNotUniqueMainNew Value: true
85.ayusski.live/	1970-01-20 17:33:43	Name: cookie1 Value: true

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

85.ayusski.live
get.greatlifebargains2024.com
hm.baidu.com
intellectualastray.top
m.erredirect.com
prizebigtop.life
v111304.qeh8.com
hm.baidu.com
v111304.qeh8.com
108.178.23.115
185.155.184.32
185.155.186.26
2606:4700:3037::6815:4aba
2a06:98c1:3121::3
243568c1285d2a6af45172e0141bdc9cfa8628d81b99f09227016804a435ce3a
cea116b1b88d7293804ad498cbd0c83ec601a411d8f7425e2de081097de7e56a
dc4ecca9b99c1d3adeed0e68ca50ba8f11cae7e32d19208630ed2d4bc77139d4

get.greatlifebargains2024.com Open in urlscan Pro 108.178.23.115 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

78 %HTTPS

40 %IPv6

7 Domains

7 Subdomains

6 IPs

2 Countries

47 kBTransfer

50 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

5 Cookies

Indicators

get.greatlifebargains2024.com Open in urlscan Pro
108.178.23.115 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

78 %
HTTPS

40 %
IPv6

7
Domains

7
Subdomains

6
IPs

2
Countries

47 kB
Transfer

50 kB
Size

5
Cookies

9 HTTP transactions
0 data transactions