redlink.cl - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 192.185.48.212, located in Houston, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is redlink.cl.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 22nd 2019. Valid for: a year.

This is the only time redlink.cl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
6	192.185.48.212 192.185.48.212	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	152.199.23.72 152.199.23.72	15133 (EDGECAST) (EDGECAST)
7	2

6 192.185.48.212 (Houston, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: cookandcompanycpa.com

redlink.cl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.23.72 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msauthimages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	redlink.cl redlink.cl	324 KB
1	msauthimages.net aadcdn.msauthimages.net	10 KB
7	2

	Domain	Requested by
6	redlink.cl	redlink.cl
1	aadcdn.msauthimages.net	redlink.cl
7	2

This site contains no links.

Subject Issuer	Validity	Valid
redlink.cl Sectigo RSA Domain Validation Secure Server CA	`2019-07-22` - `2020-07-21`	a year	crt.sh
aadcdn.msauthimages.net Microsoft IT TLS CA 1	`2018-12-07` - `2020-12-07`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f
Frame ID: 25E8D3EA65F7FA409F5987DAFD2EB6B6
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

334 kB
Transfer

399 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response redlink.cl/voie/	9 KB 4 KB	1842ms 1578ms	Document text/html	192.185.48.212 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.48.212 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS cookandcompanycpa.com Software nginx/1.17.6 / Resource Hash `ed7a95e38954151e08b9b8f495699f30413cc99d3e95c9f2b5f8e4eb339c9afd` Request headers :method GET :authority redlink.cl :scheme https :path /voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Tue, 26 May 2020 04:33:35 GMT server nginx/1.17.6 content-type text/html; charset=UTF-8 content-length 3543 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache vary Accept-Encoding content-encoding gzip x-server-cache false set-cookie PHPSESSID=g0jsbhn6rjhmn1v34ie3n7a7h0; path=/
GET H2	200	Converged1033.css redlink.cl/voie/files2/	86 KB 23 KB	238ms 237ms	Stylesheet text/css	192.185.48.212 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://redlink.cl/voie/files2/Converged1033.css Requested by Host: redlink.cl URL: https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.48.212 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS cookandcompanycpa.com Software nginx/1.17.6 / Resource Hash `4ab7658cf047ebb6d8ca59ad1c66a3dc4edf94b2b26ff98e2525fc57320de69c` Request headers Referer https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 26 May 2020 04:33:35 GMT content-encoding gzip last-modified Sun, 09 Feb 2020 15:13:44 GMT server nginx/1.17.6 x-server-cache false vary Accept-Encoding content-type text/css status 200 accept-ranges bytes
GET H2	200	load2.gif redlink.cl/voie/files/	3 KB 3 KB	219ms 218ms	Image image/gif	192.185.48.212 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://redlink.cl/voie/files/load2.gif Requested by Host: redlink.cl URL: https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.48.212 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS cookandcompanycpa.com Software nginx/1.17.6 / Resource Hash `a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13` Request headers Referer https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 26 May 2020 04:33:35 GMT last-modified Sun, 09 Feb 2020 15:13:44 GMT server nginx/1.17.6 x-server-cache false content-type image/gif status 200 accept-ranges bytes content-length 2672
GET H2	200	bannerlogo aadcdn.msauthimages.net/dbd5a2dd-ge72c7umrrgixnwykmkzfhy2lljaap6l3bvymzmi7dm/logintenantbranding/0/	9 KB 10 KB	847ms 733ms	Image image/png	152.199.23.72 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauthimages.net/dbd5a2dd-ge72c7umrrgixnwykmkzfhy2lljaap6l3bvymzmi7dm/logintenantbranding/0/bannerlogo?ts=636075166084364051 Requested by Host: redlink.cl URL: https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.72 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `a158033553affbb2f4ffcefa4c7b97cb688232c194e77e4eeacb61c19c4f7d14` Request headers Referer https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Tue, 26 May 2020 04:33:35 GMT last-modified Tue, 23 Aug 2016 02:36:49 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 content-md5 kubtTEIgLv+JfYc8qwSeAg== etag 0x8D3CAFE55BA4C52 content-type image/png status 200 x-ms-request-id 48ae22df-001e-00a6-5516-33b847000000 cache-control public, max-age=86400 x-ms-version 2009-09-19 content-length 9554
GET H2	200	arrow_left.png redlink.cl/voie/files/	240 B 278 B	218ms 217ms	Image image/png	192.185.48.212 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://redlink.cl/voie/files/arrow_left.png Requested by Host: redlink.cl URL: https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.48.212 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS cookandcompanycpa.com Software nginx/1.17.6 / Resource Hash `ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83` Request headers Referer https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 26 May 2020 04:33:35 GMT last-modified Sun, 09 Feb 2020 15:13:44 GMT server nginx/1.17.6 x-server-cache false content-type image/png status 200 accept-ranges bytes content-length 240
GET H2	200	0-small.jpg redlink.cl/voie/files2/	1 KB 1 KB	519ms 519ms	Image image/jpeg	192.185.48.212 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://redlink.cl/voie/files2/0-small.jpg Requested by Host: redlink.cl URL: https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.48.212 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS cookandcompanycpa.com Software nginx/1.17.6 / Resource Hash `c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b` Request headers Referer https://redlink.cl/voie/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 26 May 2020 04:33:35 GMT last-modified Sun, 09 Feb 2020 15:13:44 GMT server nginx/1.17.6 x-server-cache false content-type image/jpeg status 200 accept-ranges bytes content-length 1029
GET H2	200	0.jpg redlink.cl/voie/files/	291 KB 293 KB	296ms 295ms	Image image/jpeg	192.185.48.212 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://redlink.cl/voie/files/0.jpg Requested by Host: redlink.cl URL: https://redlink.cl/voie/?ss=2&ea=petie.walker@stockland.com.au&session=2544db7d8bbc90276c1b80c66a64bc9f2544db7d8bbc90276c1b80c66a64bc9f Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.48.212 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS cookandcompanycpa.com Software nginx/1.17.6 / Resource Hash `62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214` Request headers Referer https://redlink.cl/voie/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 26 May 2020 04:33:35 GMT last-modified Sun, 09 Feb 2020 15:13:44 GMT server nginx/1.17.6 x-server-cache false content-type image/jpeg status 200 accept-ranges bytes content-length 298105

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			redlink.cl/	1969-12-31 23:59:59	Name: PHPSESSID Value: g0jsbhn6rjhmn1v34ie3n7a7h0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauthimages.net
redlink.cl
152.199.23.72
192.185.48.212
4ab7658cf047ebb6d8ca59ad1c66a3dc4edf94b2b26ff98e2525fc57320de69c
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
a158033553affbb2f4ffcefa4c7b97cb688232c194e77e4eeacb61c19c4f7d14
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
ed7a95e38954151e08b9b8f495699f30413cc99d3e95c9f2b5f8e4eb339c9afd

redlink.cl Open in urlscan Pro 192.185.48.212 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

334 kBTransfer

399 kBSize

1 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

Indicators

redlink.cl Open in urlscan Pro
192.185.48.212 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

334 kB
Transfer

399 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!