www.hollagift.com Open in urlscan Pro
52.208.196.199 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://goodnews4u.site/support/upp40tar.php?94828$vgibpaixrk#7200884
Effective URL:
https://www.hollagift.com/iphonexs?bemobdata=c%3D8668f8ac-07e2-4b86-8dbc-ffbcfa4c378d..a%3D0..b%3D0..e%3D70828942d5d64c4db...
Submission Tags: phishing malicious Search All
Submission: On November 18 via api (November 18th 2019, 2:55:36 pm UTC) from PL

Summary HTTP 29 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 14 domains to perform 29 HTTP transactions. The main IP is 52.208.196.199, located in Dublin, Ireland and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.hollagift.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 8th 2019. Valid for: 3 months.

This is the only time www.hollagift.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	23.95.97.53 23.95.97.53	36352 (AS-COLOCR...) (AS-COLOCROSSING - ColoCrossing)
2 3	2a05:d018:483... 2a05:d018:483:6110:1151:1546:9e4a:df36	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a05:d018:483... 2a05:d018:483:6130:3c15:3fed:823c:bf5d	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	212.32.252.66 212.32.252.66	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	18.203.163.34 18.203.163.34	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	3.121.73.171 3.121.73.171	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.208.196.199 52.208.196.199	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2606:4700:e4:... 2606:4700:e4::ac40:a108	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	52.51.248.232 52.51.248.232	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
13	2606:4700:e4:... 2606:4700:e4::ac40:a008	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	54.93.101.66 54.93.101.66	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	63.33.30.234 63.33.30.234	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY - Fastly)
2	162.247.242.20 162.247.242.20	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
29	13

1 23.95.97.53 (Buffalo, United States) 1 redirects

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: 23-95-97-53-host.colocrossing.com

goodnews4u.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:483:6110:1151:1546:9e4a:df36 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

cd-down.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:483:6130:3c15:3fed:823c:bf5d (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

gdmconvtrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.32.252.66 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

click.yxdeus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.203.163.34 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-203-163-34.eu-west-1.compute.amazonaws.com

app.fieryx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.73.171 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-121-73-171.eu-central-1.compute.amazonaws.com

c.ttrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.208.196.199 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-208-196-199.eu-west-1.compute.amazonaws.com

www.hollagift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e4::ac40:a108 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

styles.assets-landingi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.248.232 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-51-248-232.eu-west-1.compute.amazonaws.com

popups.landingi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:e4::ac40:a008 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

images.assets-landingi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
old.assets-landingi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scripts.assets-landingi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.93.101.66 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-93-101-66.eu-central-1.compute.amazonaws.com

t.afleads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.30.234 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-63-33-30-234.eu-west-1.compute.amazonaws.com

analytics.landingi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.242.20 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-8.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	assets-landingi.com styles.assets-landingi.com images.assets-landingi.com old.assets-landingi.com scripts.assets-landingi.com	189 KB
3	cd-down.com 2 redirects cd-down.com	4 KB
2	nr-data.net bam.nr-data.net	445 B
2	gstatic.com fonts.gstatic.com	18 KB
2	landingi.com popups.landingi.com analytics.landingi.com	123 B
2	googleapis.com fonts.googleapis.com ajax.googleapis.com	33 KB
2	ttrck.com 2 redirects c.ttrck.com	2 KB
2	fieryx.com 2 redirects app.fieryx.com	561 B
1	newrelic.com js-agent.newrelic.com	10 KB
1	afleads.com t.afleads.com
1	hollagift.com www.hollagift.com	15 KB
1	yxdeus.com 1 redirects click.yxdeus.com	417 B
1	gdmconvtrck.com gdmconvtrck.com	878 B
1	goodnews4u.site 1 redirects goodnews4u.site	261 B
29	14

	Domain	Requested by
7	old.assets-landingi.com	www.hollagift.com
5	images.assets-landingi.com	www.hollagift.com
3	styles.assets-landingi.com	www.hollagift.com
3	cd-down.com	2 redirects
2	bam.nr-data.net	js-agent.newrelic.com
2	fonts.gstatic.com	www.hollagift.com
2	c.ttrck.com	2 redirects
2	app.fieryx.com	2 redirects
1	js-agent.newrelic.com	www.hollagift.com
1	analytics.landingi.com	www.hollagift.com
1	t.afleads.com	www.hollagift.com
1	scripts.assets-landingi.com	www.hollagift.com
1	ajax.googleapis.com	www.hollagift.com
1	popups.landingi.com	www.hollagift.com
1	fonts.googleapis.com	www.hollagift.com
1	www.hollagift.com	gdmconvtrck.com
1	click.yxdeus.com	1 redirects
1	gdmconvtrck.com	cd-down.com
1	goodnews4u.site	1 redirects
29	19

This site contains no links.

Subject Issuer	Validity	Valid
cd-down.com Amazon	`2019-04-04` - `2020-05-04`	a year	crt.sh
gdmconvtrck.com Amazon	`2019-04-19` - `2020-05-19`	a year	crt.sh
www.hollagift.com Let's Encrypt Authority X3	`2019-10-08` - `2020-01-06`	3 months	crt.sh
*.googleapis.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
sni196130.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-10-28` - `2020-05-05`	6 months	crt.sh
popups.landingi.com Amazon	`2019-10-16` - `2020-11-16`	a year	crt.sh
t.afleads.com Let's Encrypt Authority X3	`2019-11-09` - `2020-02-07`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.landingi.com Certum Domain Validation CA SHA2	`2019-10-15` - `2020-10-14`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-04-10` - `2020-03-21`	a year	crt.sh
*.nr-data.net GeoTrust RSA CA 2018	`2018-01-11` - `2020-03-17`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://www.hollagift.com/iphonexs?bemobdata=c%3D8668f8ac-07e2-4b86-8dbc-ffbcfa4c378d..a%3D0..b%3D0..e%3D70828942d5d64c4db56b6afe1d535be4104ce..c1%3D85281..r%3Dhttps%253A%252F%252Fcd-down.com%252F%253Fa%253D96022%2526o%253D71227%2526c%253D0
Frame ID: 4B27D8A9473E65900681660BE28EACD3
Requests: 28 HTTP requests in this frame

Frame: https://t.afleads.com/form/?a=y&x_affiliate_id=85281&x_pixel_id=&x_clickid=Eptfetg9c6aaWDYpyaHv18
Frame ID: 69DFA43F26F044629550B42DC9B84405
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://goodnews4u.site/support/upp40tar.php?94828$vgibpaixrk HTTP 302
https://cd-down.com/?a=96022&o=71227&c=0 Page URL
https://cd-down.com/?a=96022&c=201576&oc=91110&sr=t&vt=1574088917080&h=1b97b61309e7ba6622526fa20... HTTP 302
https://click.yxdeus.com/click?pid=2&offer_id=230&sub1=70828942d5d64c4db56b6afe1d535be41163b&sub2=960... HTTP 302
https://app.fieryx.com/pl/g/start-298111?ar_cid=5dd2b0d5d4bfa90001b02191&ar_pid=2&nw_cid=70828942d5... HTTP 302
https://app.fieryx.com/pl/p/redirect/NL HTTP 302
https://cd-down.com/?a=85281&o=66766&c=0 HTTP 302
https://c.ttrck.com/go/8668f8ac-07e2-4b86-8dbc-ffbcfa4c378d?cid=70828942d5d64c4db56b6afe1d535be4... HTTP 302
https://www.hollagift.com/iphonexs?bemobdata=c%3D8668f8ac-07e2-4b86-8dbc-ffbcfa4c378d..a%3D0..b%3D0..e... Page URL

Page Statistics

29
Requests

100 %
HTTPS

41 %
IPv6

14
Domains

19
Subdomains

13
IPs

4
Countries

267 kB
Transfer

465 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://goodnews4u.site/support/upp40tar.php?94828$vgibpaixrk HTTP 302
https://cd-down.com/?a=96022&o=71227&c=0 Page URL
https://cd-down.com/?a=96022&c=201576&oc=91110&sr=t&vt=1574088917080&h=1b97b61309e7ba6622526fa20a647ffc6c102838&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D96022%26o%3D71227%26c%3D0&us=b97b32b2d7f74092b1df78141a074454 HTTP 302
https://click.yxdeus.com/click?pid=2&offer_id=230&sub1=70828942d5d64c4db56b6afe1d535be41163b&sub2=96022&sub3=&sub8=&sub7=&sub6= HTTP 302
https://app.fieryx.com/pl/g/start-298111?ar_cid=5dd2b0d5d4bfa90001b02191&ar_pid=2&nw_cid=70828942d5d64c4db56b6afe1d535be41163b&nw_pid=96022&nw_fbp=&pf=&src=&gtm= HTTP 302
https://app.fieryx.com/pl/p/redirect/NL HTTP 302
https://cd-down.com/?a=85281&o=66766&c=0 HTTP 302
https://c.ttrck.com/go/8668f8ac-07e2-4b86-8dbc-ffbcfa4c378d?cid=70828942d5d64c4db56b6afe1d535be4104ce&aid=85281&x_pixel_id= HTTP 302
https://www.hollagift.com/iphonexs?bemobdata=c%3D8668f8ac-07e2-4b86-8dbc-ffbcfa4c378d..a%3D0..b%3D0..e%3D70828942d5d64c4db56b6afe1d535be4104ce..c1%3D85281..r%3Dhttps%253A%252F%252Fcd-down.com%252F%253Fa%253D96022%2526o%253D71227%2526c%253D0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://goodnews4u.site/support/upp40tar.php?94828$vgibpaixrk HTTP 302
https://cd-down.com/?a=96022&o=71227&c=0

Request Chain 21

https://c.ttrck.com/click/1 HTTP 302
https://t.afleads.com/form/?a=y&x_affiliate_id=85281&x_pixel_id=&x_clickid=Eptfetg9c6aaWDYpyaHv18

29 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
cd-down.com/
Redirect Chain

http://goodnews4u.site/support/upp40tar.php?94828$vgibpaixrk
https://cd-down.com/?a=96022&o=71227&c=0

2 KB
874 B

126ms
29ms

Document
text/html

2a05:d018:483:6110:1151:1546:9e4a:df36
Amazon.com

General

Domain/Path	Expires	Name / Value
.afleads.com/	1970-01-19 05:19:08	Name: ubvt Value: 109.236.87.2341574631982778350
t.afleads.com/	1970-01-19 09:34:00	Name: ubvs Value: 109.236.87.2341574631982778350
t.afleads.com/form/	1970-01-19 09:39:46	Name: ubpv Value: a%2Cab7cbcf2-ea0c-11e9-8332-024280f0cb1c

www.hollagift.com Open in urlscan Pro 52.208.196.199 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

29 Requests

100 %HTTPS

41 %IPv6

14 Domains

19 Subdomains

13 IPs

4 Countries

267 kBTransfer

465 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.hollagift.com Open in urlscan Pro
52.208.196.199 Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

100 %
HTTPS

41 %
IPv6

14
Domains

19
Subdomains

13
IPs

4
Countries

267 kB
Transfer

465 kB
Size

3
Cookies

29 HTTP transactions
0 data transactions