urlscan.io logo urlscan.io
SecurityTrails logo

quartersnet.world Open in urlscan Pro
2606:4700:3037::6815:a69  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ppt.cc/fREFFx
Effective URL: https://quartersnet.world/?s1=350708&s2=1164392509&s3=6681&s4=GIZA&ow=&s10=3595
Submission Tags: @phish_report
Submission: On April 04 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3037::6815:a69, located in United States and belongs to CLOUDFLARENET, US. The main domain is quartersnet.world.
TLS certificate: Issued by GTS CA 1P5 on April 1st 2024. Valid for: 3 months.
This is the only time quartersnet.world was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 59.120.118.168 3462 (HINET Dat...)
1 31.24.251.133 57271 (BITWEB-AS)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 172.67.131.90 13335 (CLOUDFLAR...)
4 3
Apex Domain
Subdomains		 Transfer
3 quartersnet.world
quartersnet.world
4 KB
1 risingdress.com
risingdress.com
439 B
1 ppt.cc
ppt.cc — Cisco Umbrella Rank: 942997
308 B
4 3
Domain Requested by
3 quartersnet.world risingdress.com
quartersnet.world
1 risingdress.com
1 ppt.cc 1 redirects
4 3

This site contains no links.

Subject Issuer Validity Valid
risingdress.com
R3		 2024-03-19 -
2024-06-17		 3 months crt.sh
quartersnet.world
GTS CA 1P5		 2024-04-01 -
2024-06-30		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://quartersnet.world/?s1=350708&s2=1164392509&s3=6681&s4=GIZA&ow=&s10=3595
Frame ID: 725077C6D5F9B5C2B96388C93C9C5B26
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ppt.cc/fREFFx HTTP 302
    https://risingdress.com/0/0/0/43f4bf017820869abc9235d446f11cbf/dhm/netflix Page URL
  2. https://quartersnet.world/?s1=350708&s2=1164392509&s3=6681&s4=GIZA&ow=&s10=3595 Page URL

Page Statistics

4
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

5 kB
Transfer

17 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ppt.cc/fREFFx HTTP 302
    https://risingdress.com/0/0/0/43f4bf017820869abc9235d446f11cbf/dhm/netflix Page URL
  2. https://quartersnet.world/?s1=350708&s2=1164392509&s3=6681&s4=GIZA&ow=&s10=3595 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://ppt.cc/fREFFx HTTP 302
  • https://risingdress.com/0/0/0/43f4bf017820869abc9235d446f11cbf/dhm/netflix

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
netflix
risingdress.com/0/0/0/43f4bf017820869abc9235d446f11cbf/dhm/
Redirect Chain
  • https://ppt.cc/fREFFx
  • https://risingdress.com/0/0/0/43f4bf017820869abc9235d446f11cbf/dhm/netflix
142 B
439 B 		Document
General
Check archive.org
Download Go to
Full URL
https://risingdress.com/0/0/0/43f4bf017820869abc9235d446f11cbf/dhm/netflix
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
31.24.251.133 , Russian Federation, ASN57271 (BITWEB-AS, RU),
Reverse DNS
235019.bitweb.ru
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
fi-FI,fi;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-length
142
content-type
text/html; charset=UTF-8
date
Thu, 04 Apr 2024 11:18:13 GMT
server
Apache

Redirect headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 04 Apr 2024 11:18:12 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://risingdress.com/0/0/0/43f4bf017820869abc9235d446f11cbf/dhm/netflix
pragma
no-cache
server
PPT.cc
vary
Accept-Encoding
Primary Request /
quartersnet.world/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://quartersnet.world/?s1=350708&s2=1164392509&s3=6681&s4=GIZA&ow=&s10=3595
Requested by
Host: risingdress.com
URL: https://risingdress.com/0/0/0/43f4bf017820869abc9235d446f11cbf/dhm/netflix
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:a69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e654ab96e769fb79ed89c0dea034af09ee67401d432872e3060e615bd22724f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risingdress.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
fi-FI,fi;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
86f0e5819e9334d0-WAW
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 04 Apr 2024 11:18:14 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QAWxCSIcA7KUBTfiUNi8t%2FoDG9ZGZhD9qILs1%2Fug%2BDmhqSvsrQiecUX65pFezirilag9j78gMzEue89mhqNlLWM7QqjhI9yYmdYarRsq4wBd8nsDSAlE5X3HgUZgE0TJsIhHQ4YdkK6QtAiwOGqUbw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
175a323961ff48acfdbe81a0949c7faf
quartersnet.world/ 		16 B
538 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://quartersnet.world/175a323961ff48acfdbe81a0949c7faf?_ax=w
Requested by
Host: quartersnet.world
URL: https://quartersnet.world/?s1=350708&s2=1164392509&s3=6681&s4=GIZA&ow=&s10=3595
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.131.90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89e4dfaaca84f09a76429cea8f0ff6b476b93d4988247399e381a7bfa114f20b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://quartersnet.world/175a323961ff48acfdbe81a0949c7faf
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 11:18:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zOg8vwMXjqTzraePFN9kruq12FiMoUhj144grwl0ol0jhCfA2Z7NIFGOjqCwg5PDiZHos0Alch2iffULQqw3Cn965UYLIAJGomIGkEpX9Ss7HmPF5KDcX76q%2B%2FAGSzHeiDP4Iw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate
cf-ray
86f0e5862f335b6c-VIE
expires
Thu, 19 Nov 1981 08:52:00 GMT
favicon.ico
quartersnet.world/ 		15 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://quartersnet.world/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.131.90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
703063f5cfebf76bd6190dd87052d6664d3a0fcf474d837d89f6b7fae7a8f3b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://quartersnet.world/175a323961ff48acfdbe81a0949c7faf
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 11:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18499
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 16 Nov 2023 21:26:04 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
image/x-icon
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xj9BL8ShjVzpa04hiRh3zyuxH1XfFMk0fBPROb%2Ffv9N61F5pngVTTrZ%2B0kYp27AuNRPO9lMM%2Be0zydziBWk671%2B6l%2BB5RhcinBb3FadmhyVuS3CP1x%2Fy75oVIn%2FMLDLTB4empQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
86f0e5862f355b6c-VIE
expires
Thu, 11 Apr 2024 06:09:55 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _0x4eba function| _0x3ccf

3 Cookies

Domain/Path Name / Value
ppt.cc/ Name: PHPSESSID
Value: h5rdb7c022uev6v668kp087gu4
risingdress.com/ Name: uid6681
Value: 1164392509-20240404071813-30dd1794afd0e3d7cb87b0d3f67cd963-3653
quartersnet.world/ Name: PHPSESSID
Value: 340e09b8744d8859e14f2d4cb98f8c76

1 Console Messages

Source Level URL
Text
network error URL: https://quartersnet.world/175a323961ff48acfdbe81a0949c7faf?_ax=w
Message:
Failed to load resource: the server responded with a status of 404 ()