nitrox-preprod.avensia.com Open in urlscan Pro
172.64.153.250 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://nitrox-preprod.avensia.com/
Effective URL:
https://nitrox-preprod.avensia.com/en-us
Submission Tags: phishingrod
Submission: On July 06 via api (July 6th 2024, 6:54:42 am UTC) from DE — Scanned from DE

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 172.64.153.250, located in San Francisco, United States and belongs to CLOUDFLARENET, US. The main domain is nitrox-preprod.avensia.com.
TLS certificate: Issued by WE1 on July 5th 2024. Valid for: 3 months.

This is the only time nitrox-preprod.avensia.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
2 4	172.64.153.250 172.64.153.250		13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	1

4 172.64.153.250 (San Francisco, United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

nitrox-preprod.avensia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	avensia.com 2 redirects nitrox-preprod.avensia.com	5 KB
2	1

	Domain	Requested by
4	nitrox-preprod.avensia.com	2 redirects
2	1

This site contains no links.

Subject Issuer	Validity	Valid
nitrox-preprod.avensia.com WE1	`2024-07-05` - `2024-10-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://nitrox-preprod.avensia.com/en-us
Frame ID: 21512AAA007DAA0658C8D0E330B893B8
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://nitrox-preprod.avensia.com/ HTTP 302
https://nitrox-preprod.avensia.com/en-US HTTP 301
https://nitrox-preprod.avensia.com/en-us Page URL

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

4 kB
Transfer

16 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://nitrox-preprod.avensia.com/ HTTP 302
https://nitrox-preprod.avensia.com/en-US HTTP 301
https://nitrox-preprod.avensia.com/en-us Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request en-us Show response nitrox-preprod.avensia.com/ Redirect Chain https://nitrox-preprod.avensia.com/ https://nitrox-preprod.avensia.com/en-US https://nitrox-preprod.avensia.com/en-us	850 B 543 B	130ms 130ms	Document text/html	172.64.153.250 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nitrox-preprod.avensia.com/en-us Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.153.250 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `57b8f66d832e8b5b100b35a50e19f6c2155cd54b862c7992514e19ca3ddad3ce` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control no-store, must-revalidate, no-cache cf-cache-status DYNAMIC cf-ray 89edaf42af926977-FRA content-encoding gzip content-type text/html date Sat, 06 Jul 2024 06:54:38 GMT expires Fri, 05 Jul 2024 06:54:38 GMT request-context appId=cid-v1:44fff107-9a2c-4263-af44-4405e72fe3b5 server cloudflare vary Accept-Encoding x-actual-url https://nitrox-preprod.avensia.com/en-us x-instance-id b44ce390f7bb2eb0c4b12aa7687e1d769d1d29bf8ab63b034120a2606203044e x-robots-tag noindex, nofollow x-server-version 2.0.1 Redirect headers cache-control no-cache cf-cache-status DYNAMIC cf-ray 89edaf41ced86977-FRA content-type text/html date Sat, 06 Jul 2024 06:54:38 GMT expires Fri, 05 Jul 2024 06:54:38 GMT location https://nitrox-preprod.avensia.com:443/en-us request-context appId=cid-v1:44fff107-9a2c-4263-af44-4405e72fe3b5 server cloudflare vary Accept-Encoding x-actual-url https://nitrox-preprod.avensia.com/en-US x-instance-id b44ce390f7bb2eb0c4b12aa7687e1d769d1d29bf8ab63b034120a2606203044e x-robots-tag noindex, nofollow x-server-version 2.0.1
GET H2	200	favicon.ico nitrox-preprod.avensia.com/	15 KB 3 KB	167ms 167ms	Other image/x-icon	172.64.153.250 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nitrox-preprod.avensia.com/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.153.250 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `73785cdc7358f6f826bac4772296f582d8bf32b88b41618f6e13919e62c6f062` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nitrox-preprod.avensia.com/en-us Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires Sat, 13 Jul 2024 06:54:38 GMT date Sat, 06 Jul 2024 06:54:38 GMT content-encoding gzip cf-cache-status MISS last-modified Sat, 06 Jul 2024 06:54:38 GMT server cloudflare vary Accept-Encoding content-type image/x-icon cache-control public, max-age=604800 x-robots-tag noindex, nofollow cf-ray 89edaf43b8456977-FRA request-context appId=cid-v1:44fff107-9a2c-4263-af44-4405e72fe3b5

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nitrox-preprod.avensia.com/	1970-01-20 21:50:52	Name: TiPMix Value: 17.856232240361102
.nitrox-preprod.avensia.com/	1970-01-20 21:50:52	Name: x-ms-routing-name Value: self
nitrox-preprod.avensia.com/	1970-01-21 07:26:48	Name: Culture Value: en-US
.nitrox-preprod.avensia.com/	1969-12-31 23:59:59	Name: ARRAffinity Value: b44ce390f7bb2eb0c4b12aa7687e1d769d1d29bf8ab63b034120a2606203044e
.nitrox-preprod.avensia.com/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: b44ce390f7bb2eb0c4b12aa7687e1d769d1d29bf8ab63b034120a2606203044e
nitrox-preprod.avensia.com/	1970-01-21 06:36:24	Name: EPiServer_Commerce_AnonymousId Value: e55d73e9-abc4-4db7-aef8-db7e6c5d1486

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nitrox-preprod.avensia.com
172.64.153.250
57b8f66d832e8b5b100b35a50e19f6c2155cd54b862c7992514e19ca3ddad3ce
73785cdc7358f6f826bac4772296f582d8bf32b88b41618f6e13919e62c6f062

nitrox-preprod.avensia.com Open in urlscan Pro 172.64.153.250 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

4 kBTransfer

16 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

6 Cookies

Indicators

nitrox-preprod.avensia.com Open in urlscan Pro
172.64.153.250 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

4 kB
Transfer

16 kB
Size

6
Cookies

2 HTTP transactions
0 data transactions