redeemgifting.tk Open in urlscan Pro
159.140.213.100 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://redeemgifting.tk/?rid=nWoYbyC
Submission: On June 23 via automatic, source openphish (June 23rd 2022, 1:10:02 am UTC) — Scanned from DE

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 159.140.213.100, located in United States and belongs to CERNER-CORPORATE-AS, US. The main domain is redeemgifting.tk.

This is the only time redeemgifting.tk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	159.140.213.100 159.140.213.100	36502 (CERNER-CO...) (CERNER-CORPORATE-AS)
1	2600:9000:215... 2600:9000:2156:ae00:1d:d7f6:39d0:c781	16509 (AMAZON-02) (AMAZON-02)
2	2

1 159.140.213.100 (United States)

ASN36502 (CERNER-CORPORATE-AS, US)

redeemgifting.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:ae00:1d:d7f6:39d0:c781 (United States)

ASN16509 (AMAZON-02, US)

images-na.ssl-images-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	ssl-images-amazon.com images-na.ssl-images-amazon.com — Cisco Umbrella Rank: 789	25 KB
1	redeemgifting.tk redeemgifting.tk	2 KB
2	2

	Domain	Requested by
1	images-na.ssl-images-amazon.com	redeemgifting.tk
1	redeemgifting.tk
2	2

This site contains no links.

Subject Issuer	Validity	Valid
Images-na.ssl-images-amazon.com DigiCert Global CA G2	`2022-02-01` - `2023-01-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://redeemgifting.tk/?rid=nWoYbyC
Frame ID: 5990307D77D20942AAE307A91DA9AB4D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

2
Requests

50 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

27 kB
Transfer

30 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response redeemgifting.tk/	5 KB 2 KB	546ms 356ms	Document text/html	159.140.213.100 CERNER-CORPORATE-AS
General Check archive.org Show headers Download Go to Full URL http://redeemgifting.tk/?rid=nWoYbyC Protocol HTTP/1.1 Server 159.140.213.100 , United States, ASN36502 (CERNER-CORPORATE-AS, US), Reverse DNS Software / Resource Hash `291a053d221f652249fd8785b47107613b0cc95e2943e8d39e1624e677ebba2a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Content-Encoding gzip Content-Length 1917 Content-Type text/html; charset=utf-8 Date Thu, 23 Jun 2022 01:09:57 GMT Vary Accept-Encoding X-Server gophish
GET H2	200	AmazonUIBaseCSS-sprite_1x-a45c662e707240b03417f6ca8b97bcb486f27428._V2_.png images-na.ssl-images-amazon.com/images/G/01/AUIClients/	25 KB 25 KB	70ms 10ms	Image image/png	2600:9000:2156:ae00:1d:d7f6:39d0:c781 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-a45c662e707240b03417f6ca8b97bcb486f27428._V2_.png Requested by Host: redeemgifting.tk URL: http://redeemgifting.tk/?rid=nWoYbyC Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:ae00:1d:d7f6:39d0:c781 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `3425e9036117199702c5eea1bec0a4cecc8b779edae5e4870e688d67d12ac71a` Request headers accept-language de-DE,de;q=0.9 Referer http://redeemgifting.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Fri, 25 Feb 2022 06:10:50 GMT via 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront) age 10177147 edge-cache-tag x-cache-249,/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-a45c662e707240b03417f6ca8b97bcb486f27428 x-nginx-cache-status HIT x-cache Hit from cloudfront content-length 25262 surrogate-key x-cache-249 /images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-a45c662e707240b03417f6ca8b97bcb486f27428 last-modified Sat, 13 Feb 2016 23:21:21 GMT server Server content-type image/png access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id b80110f7-c10f-436a-9b30-0b12a596f1ad x-amz-cf-pop FRA50-C1 accept-ranges bytes timing-allow-origin https://www.amazon.com x-amz-cf-id a17glJ6ravmlLJ22S_zlrLlQpSMqZbZYFS4Q0Q8JlullUm4S-VtzLg== expires Mon, 17 Feb 2042 16:51:51 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

images-na.ssl-images-amazon.com
redeemgifting.tk
159.140.213.100
2600:9000:2156:ae00:1d:d7f6:39d0:c781
291a053d221f652249fd8785b47107613b0cc95e2943e8d39e1624e677ebba2a
3425e9036117199702c5eea1bec0a4cecc8b779edae5e4870e688d67d12ac71a

redeemgifting.tk Open in urlscan Pro 159.140.213.100 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

2 Requests

50 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

27 kBTransfer

30 kBSize

0 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

redeemgifting.tk Open in urlscan Pro
159.140.213.100 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

27 kB
Transfer

30 kB
Size

0
Cookies

2 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!