geidea.ref-r.com - urlscan.io

Summary

This website contacted 6 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 3.7.142.54, located in Mumbai, India and belongs to AMAZON-02, US. The main domain is geidea.ref-r.com.

This is the only time geidea.ref-r.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	3.7.142.54 3.7.142.54	16509 (AMAZON-02) (AMAZON-02)
1	3.111.178.60 3.111.178.60	16509 (AMAZON-02) (AMAZON-02)
2	52.216.33.200 52.216.33.200	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
7	6

1 3.7.142.54 (Mumbai, India)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-7-142-54.ap-south-1.compute.amazonaws.com

geidea.ref-r.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.111.178.60 (Mumbai, India)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-111-178-60.ap-south-1.compute.amazonaws.com

www.ref-r.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.216.33.200 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 56 ajax.googleapis.com — Cisco Umbrella Rank: 419	34 KB
2	amazonaws.com s3.amazonaws.com	87 KB
2	ref-r.com geidea.ref-r.com www.ref-r.com — Cisco Umbrella Rank: 33365	4 KB
0	cloudfront.net Failed d11yp7khhhspcr.cloudfront.net Failed
7	4

	Domain	Requested by
2	s3.amazonaws.com	geidea.ref-r.com www.ref-r.com
1	ajax.googleapis.com	www.ref-r.com
1	fonts.googleapis.com	www.ref-r.com
1	www.ref-r.com	geidea.ref-r.com
1	geidea.ref-r.com
0	d11yp7khhhspcr.cloudfront.net Failed	www.ref-r.com
7	6

This site contains links to these domains. Also see Links.

Domain
www.invitereferrals.com

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon RSA 2048 M01	`2023-07-10` - `2024-06-21`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://geidea.ref-r.com/
Frame ID: FD9BD9EB4BE13D4CE3E6925DA616A95F
Requests: 2 HTTP requests in this frame

Frame: http://www.ref-r.com/campaign_user/p?brandid=49167&campaignid=29976&widget=popup
Frame ID: 13F7E9CC8FFD3341778622A0CDB54E61
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

geidea - Customer Referral Program Software

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

57 %
HTTPS

40 %
IPv6

4
Domains

6
Subdomains

6
IPs

3
Countries

125 kB
Transfer

190 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.invitereferrals.com/?utm_source=49167&utm_medium=ir_powered_by&utm_campaign=campaign_page&ss=49167&company=geidea
Title: Referral Marketing Powered By

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
geidea.ref-r.com/ 3 KB
2 KB 316ms
150ms Document
text/html 3.7.142.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://geidea.ref-r.com/

Protocol

HTTP/1.1

Server

3.7.142.54 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-7-142-54.ap-south-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cb6b073819123925bd88f88ebafd29fbfd118dea78e41ef116b7aa2cabbd8fae

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Sep 2023 12:22:10 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK p Show response
www.ref-r.com/campaign_user/ Frame 13F7 2 KB
2 KB 538ms
361ms Document
text/html 3.111.178.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ref-r.com/campaign_user/p?brandid=49167&campaignid=29976&widget=popup

Requested by

Host: geidea.ref-r.com
URL: http://geidea.ref-r.com/

Protocol

HTTP/1.1

Server

3.111.178.60 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-111-178-60.ap-south-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9db651fa2b7681d94b74daaaf247beab4cc8504ba2f21990cc9dbd06ab5842ab

Security Headers

Name	Value
Content-Security-Policy	default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline';
Strict-Transport-Security	max-age=3600
X-Xss-Protection	1; mode=block

Request headers

Referer: http://geidea.ref-r.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline';
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Sep 2023 12:22:11 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
strict-transport-security: max-age=3600

GET
H/1.1 200
OK invitereferrals-refer-and-earn.jpg
s3.amazonaws.com/tagnpin/static/ 57 KB
57 KB 463ms
181ms Image
image/jpeg 52.216.33.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/tagnpin/static/invitereferrals-refer-and-earn.jpg
Requested by: Host: geidea.ref-r.com
URL: http://geidea.ref-r.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.33.200 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 5bbef4076b6765af33a0bc394d83dac61b948c2396e7ed5d0bdbfd87264938be

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://geidea.ref-r.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Wed, 13 Sep 2023 12:22:12 GMT
Last-Modified: Mon, 09 Nov 2015 05:44:00 GMT
Server: AmazonS3
x-amz-request-id: 40DB99X0MHRC3WKQ
ETag: "b9028be0776dd5c2c30a51d83a8f353d"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 57981
x-amz-id-2: c1Zq/EFFayvNKxdqt4co3R9s/9IE5v4rakYDT3CzhQSfqv3qrurUCkjpL3KNCDQtXBVs9kcELFY=

GET
H2 200 css
fonts.googleapis.com/ Frame 13F7 4 KB
947 B 384ms
35ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:400,500,600,700&display=swap

Requested by

Host: www.ref-r.com
URL: http://www.ref-r.com/campaign_user/p?brandid=49167&campaignid=29976&widget=popup

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aef306d8dc297f057d650b2e03a3c79b8f8aa29aeaa9f7f19b4f4a5c5d3e88f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ref-r.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 13 Sep 2023 12:22:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 11:09:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 13 Sep 2023 12:22:11 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.2/ Frame 13F7 94 KB
33 KB 375ms
26ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js

Requested by

Host: www.ref-r.com
URL: http://www.ref-r.com/campaign_user/p?brandid=49167&campaignid=29976&widget=popup

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ref-r.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 00:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 217028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33495
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Sep 2024 00:05:03 GMT

GET
H/1.1 200
OK invitereferrals-campaign-hold.gif
s3.amazonaws.com/tagnpin/static/ Frame 13F7 30 KB
30 KB 139ms
136ms Image
image/gif 52.216.33.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/tagnpin/static/invitereferrals-campaign-hold.gif
Requested by: Host: www.ref-r.com
URL: http://www.ref-r.com/campaign_user/p?brandid=49167&campaignid=29976&widget=popup
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.33.200 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: aa44e009f56f39dd0e3d5fe7776a7a194696d47e024d9f0e5b6f1e623dc82da0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ref-r.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36

Response headers

Date: Wed, 13 Sep 2023 12:22:12 GMT
Last-Modified: Sat, 08 Sep 2018 12:26:41 GMT
Server: AmazonS3
x-amz-request-id: 40DEA58453B01846
ETag: "615ea685f1cb586d2eb842aca1da2629"
Content-Type: image/gif
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 30634
x-amz-id-2: gx9+EZU77LRSS3R4dioc2YjPD7UZsYUi1nvo/y7L7adWl0lLZ7dE7tbBtMTr1tGnICRR4n+luW8=

GET style.css
d11yp7khhhspcr.cloudfront.net/css/users/theme_v1/ Frame 13F7 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d11yp7khhhspcr.cloudfront.net
URL: http://d11yp7khhhspcr.cloudfront.net/css/users/theme_v1/style.css

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: http://www.ref-r.com/campaign_user/p?brandid=49167&campaignid=29976&widget=popup(Line 7) Message: Refused to load the image 'http://d11yp7khhhspcr.cloudfront.net/images/site/campaigns/site/invite-referrals-fevicon.png' because it violates the following Content Security Policy directive: "default-src https:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: http://www.ref-r.com/campaign_user/p?brandid=49167&campaignid=29976&widget=popup(Line 13) Message: Refused to load the stylesheet 'http://d11yp7khhhspcr.cloudfront.net/css/users/theme_v1/style.css' because it violates the following Content Security Policy directive: "style-src https: 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
d11yp7khhhspcr.cloudfront.net
fonts.googleapis.com
geidea.ref-r.com
s3.amazonaws.com
www.ref-r.com
d11yp7khhhspcr.cloudfront.net
2a00:1450:4001:80f::200a
2a00:1450:4001:810::200a
3.111.178.60
3.7.142.54
52.216.33.200
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
5bbef4076b6765af33a0bc394d83dac61b948c2396e7ed5d0bdbfd87264938be
9db651fa2b7681d94b74daaaf247beab4cc8504ba2f21990cc9dbd06ab5842ab
aa44e009f56f39dd0e3d5fe7776a7a194696d47e024d9f0e5b6f1e623dc82da0
aef306d8dc297f057d650b2e03a3c79b8f8aa29aeaa9f7f19b4f4a5c5d3e88f1
cb6b073819123925bd88f88ebafd29fbfd118dea78e41ef116b7aa2cabbd8fae

geidea.ref-r.com Open in urlscan Pro 3.7.142.54 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

57 %HTTPS

40 %IPv6

4 Domains

6 Subdomains

6 IPs

3 Countries

125 kBTransfer

190 kBSize

0 Cookies

1 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

geidea.ref-r.com Open in urlscan Pro
3.7.142.54 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

57 %
HTTPS

40 %
IPv6

4
Domains

6
Subdomains

6
IPs

3
Countries

125 kB
Transfer

190 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions