ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud Open in urlscan Pro
169.46.118.100 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud/kitulixuvxpecogtshqdsbmksfgvhb/rkgilqfxibhihovinxzvavbj.html?bzJnSHJtQWs3L3lJdXREbWxiazY4UjhCRjh...
Submission Tags: https://phish.report @phish_report Search All
Submission: On April 28 via api (April 28th 2023, 2:47:38 pm UTC) from FI — Scanned from US

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 2 HTTP transactions. The main IP is 169.46.118.100, located in Irving, United States and belongs to SOFTLAYER, US. The main domain is ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 3rd 2022. Valid for: a year.

This is the only time ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	169.46.118.100 169.46.118.100	36351 (SOFTLAYER) (SOFTLAYER)
1 1	2606:4700:303... 2606:4700:3036::ac43:87cf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.168.62.109 104.168.62.109	36352 (AS-COLOCR...) (AS-COLOCROSSING)
2	2

1 169.46.118.100 (Irving, United States)

ASN36351 (SOFTLAYER, US)
PTR: 64.76.2ea9.ip4.static.sl-reverse.com

ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::ac43:87cf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

redirectnotifications.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.168.62.109 (United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 104-168-62-109-host.colocrossing.com

www.redirectusers.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	redirectusers.org www.redirectusers.org
1	redirectnotifications.com 1 redirects redirectnotifications.com	547 B
1	appdomain.cloud ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud	529 B
2	3

	Domain	Requested by
1	www.redirectusers.org	ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud
1	redirectnotifications.com	1 redirects
1	ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud
2	3

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.us-south.cloud-object-storage.appdomain.cloud DigiCert TLS RSA SHA256 2020 CA1	`2022-11-03` - `2023-11-02`	a year	crt.sh
www.redirectusers.org R3	`2023-02-01` - `2023-05-02`	3 months	crt.sh

This page contains 1 frames:

Frame: https://www.redirectusers.org/27KM4H3/K5DMLHC/?sub1=1&sub2=91545_403&sub3=674_25060_372316_4045572_md
Frame ID: 23A04BC3B4D52F90001723C0B95B9F0A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

2
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

1 kB
Transfer

0 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://redirectnotifications.com/bzJnSHJtQWs3L3lJdXREbWxiazY4UjhCRjhzaDFpOVpSTzlDYi9TMTUrSVAvSFByOHJoWmFFcVAycjlVVWpja2ZSZVBhMHJxVXBjREZlQUpJdi93OGYxdzJLT250WXBWR3lCd21yRmhTNWc9 HTTP 302
https://www.redirectusers.org/27KM4H3/K5DMLHC/?sub1=1&sub2=91545_403&sub3=674_25060_372316_4045572_md

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request rkgilqfxibhihovinxzvavbj.html Show response ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud/kitulixuvxpecogtshqdsbmksfgvhb/	162 B 529 B	211ms 72ms	Document text/html	169.46.118.100 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud/kitulixuvxpecogtshqdsbmksfgvhb/rkgilqfxibhihovinxzvavbj.html?bzJnSHJtQWs3L3lJdXREbWxiazY4UjhCRjhzaDFpOVpSTzlDYi9TMTUrSVAvSFByOHJoWmFFcVAycjlVVWpja2ZSZVBhMHJxVXBjREZlQUpJdi93OGYxdzJLT250WXBWR3lCd21yRmhTNWc9 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 169.46.118.100 Irving, United States, ASN36351 (SOFTLAYER, US), Reverse DNS 64.76.2ea9.ip4.static.sl-reverse.com Software Cleversafe / Resource Hash `15f9fda9c9d10c4c346c9830833fa59fbba9f19fa491433ee19c5ba5716722eb` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Accept-Ranges bytes Content-Length 162 Content-Type text/html Date Fri, 28 Apr 2023 14:46:58 GMT ETag "a55db874c6e73f62549e8baeacdda10c" Last-Modified Fri, 28 Apr 2023 07:01:42 GMT Server Cleversafe X-Clv-Request-Id 301440be-6cf7-4288-94a3-a67e60032e22 X-Clv-S3-Version 2.5 x-amz-request-id 301440be-6cf7-4288-94a3-a67e60032e22
GET H/1.1	204 No Content	/ www.redirectusers.org/27KM4H3/K5DMLHC/ Redirect Chain https://redirectnotifications.com/bzJnSHJtQWs3L3lJdXREbWxiazY4UjhCRjhzaDFpOVpSTzlDYi9TMTUrSVAvSFByOHJoWmFFcVAycjlVVWpja2ZSZVBhMHJxVXBjREZlQUpJdi93OGYxdzJLT250WXBWR3lCd21yRmhTNWc9 https://www.redirectusers.org/27KM4H3/K5DMLHC/?sub1=1&sub2=91545_403&sub3=674_25060_372316_4045572_md	0 0	151ms 77ms	Document text/plain	104.168.62.109 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.redirectusers.org/27KM4H3/K5DMLHC/?sub1=1&sub2=91545_403&sub3=674_25060_372316_4045572_md Requested by Host: ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud URL: https://ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud/kitulixuvxpecogtshqdsbmksfgvhb/rkgilqfxibhihovinxzvavbj.html?bzJnSHJtQWs3L3lJdXREbWxiazY4UjhCRjhzaDFpOVpSTzlDYi9TMTUrSVAvSFByOHJoWmFFcVAycjlVVWpja2ZSZVBhMHJxVXBjREZlQUpJdi93OGYxdzJLT250WXBWR3lCd21yRmhTNWc9 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.168.62.109 , United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 104-168-62-109-host.colocrossing.com Software nginx / Resource Hash Request headers Referer https://ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud/kitulixuvxpecogtshqdsbmksfgvhb/rkgilqfxibhihovinxzvavbj.html?bzJnSHJtQWs3L3lJdXREbWxiazY4UjhCRjhzaDFpOVpSTzlDYi9TMTUrSVAvSFByOHJoWmFFcVAycjlVVWpja2ZSZVBhMHJxVXBjREZlQUpJdi93OGYxdzJLT250WXBWR3lCd21yRmhTNWc9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language en-US,en;q=0.9 Response headers accept-ch Sec-Ch-Ua-Platform-Version date Fri, 28 Apr 2023 14:47:02 GMT server nginx vary Origin x-eflow-request-id 1edbcf7c-a0e2-4a5a-a0dc-39bd1dbe756e Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7bf01909fcf942e3-EWR content-type text/html; charset=UTF-8 date Fri, 28 Apr 2023 14:47:02 GMT location https://www.redirectusers.org/27KM4H3/K5DMLHC/?sub1=1&sub2=91545_403&sub3=674_25060_372316_4045572_md nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LSk9JZG9%2FKpp8kruGhfsYIgNBKidVWxqzeOntRx6ZOfunSZz8lxGYApdsm6PRi3YyDY0BaX8FmMQu2rPD2Nc%2F8yDNL%2BwdmlqLvll5W9YqM1bfmo8TUa1X7RN5gJTrRjrSmBzhs3%2BcRQPHqa0SCQkk4pVhtp1X29p"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.1.33

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud
redirectnotifications.com
www.redirectusers.org
104.168.62.109
169.46.118.100
2606:4700:3036::ac43:87cf
15f9fda9c9d10c4c346c9830833fa59fbba9f19fa491433ee19c5ba5716722eb

ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud Open in urlscan Pro 169.46.118.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

2 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

1 kBTransfer

0 kBSize

0 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

Indicators

ntgmnzkwncevluachrwratubzgqatg.s3.us-south.cloud-object-storage.appdomain.cloud Open in urlscan Pro
169.46.118.100 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

1 kB
Transfer

0 kB
Size

0
Cookies

2 HTTP transactions
0 data transactions