api.getblueshift.com Open in urlscan Pro
52.26.233.188 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://api.getblueshift.com/click&redir=https%3A%2F%2Firanianproduct.com%2Fcypher%2Fnew%2Fauth%2FusQYU%2Fam5lbWV0aHlAcHBpLmNh
Submission: On October 26 via manual (October 26th 2023, 8:33:15 pm UTC) from US — Scanned from DE

Summary HTTP 3 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 52.26.233.188, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is api.getblueshift.com. The Cisco Umbrella rank of the primary domain is 13186.
TLS certificate: Issued by Amazon RSA 2048 M02 on March 9th 2023. Valid for: a year.

This is the only time api.getblueshift.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.26.233.188 52.26.233.188	16509 (AMAZON-02) (AMAZON-02)
1	65.9.95.83 65.9.95.83	16509 (AMAZON-02) (AMAZON-02)
3	3

1 52.26.233.188 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-26-233-188.us-west-2.compute.amazonaws.com

api.getblueshift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-83.prg50.r.cloudfront.net

cdn.getblueshift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	getblueshift.com api.getblueshift.com — Cisco Umbrella Rank: 13186 cdn.getblueshift.com — Cisco Umbrella Rank: 14242	17 KB
0	googleapis.com Failed fonts.googleapis.com Failed
3	2

	Domain	Requested by
1	cdn.getblueshift.com	api.getblueshift.com
1	api.getblueshift.com
0	fonts.googleapis.com Failed	client
3	3

This site contains no links.

Subject Issuer	Validity	Valid
*.getblueshift.com Amazon RSA 2048 M02	`2023-03-09` - `2024-04-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://api.getblueshift.com/click&redir=https%3A%2F%2Firanianproduct.com%2Fcypher%2Fnew%2Fauth%2FusQYU%2Fam5lbWV0aHlAcHBpLmNh
Frame ID: 4341A584444916742C1AD8DFFA22F152
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

3
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

17 kB
Transfer

17 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	404	Primary Request click&redir=https%3A%2F%2Firanianproduct.com%2Fcypher%2Fnew%2Fauth%2FusQYU%2Fam5lbWV0aHlAcHBpLmNh Show response api.getblueshift.com/	894 B 697 B	713ms 228ms	Document text/html	52.26.233.188 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.getblueshift.com/click&redir=https%3A%2F%2Firanianproduct.com%2Fcypher%2Fnew%2Fauth%2FusQYU%2Fam5lbWV0aHlAcHBpLmNh Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.26.233.188 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-26-233-188.us-west-2.compute.amazonaws.com Software / Resource Hash `f2091892a0ece70758274f5124126b894cdbc38a402c76ceccffff0b7ba2d1b2` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-type text/html; charset=utf-8 date Thu, 26 Oct 2023 20:33:10 GMT vary Accept-Encoding x-request-id 842406cd-4f91-41dd-bb2d-f37b494c925d x-runtime 0.002060
GET H/1.1	200 OK	blueshift_2.png cdn.getblueshift.com/pictures/	16 KB 16 KB	1353ms 1201ms	Image image/png	65.9.95.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.getblueshift.com/pictures/blueshift_2.png Requested by Host: api.getblueshift.com URL: https://api.getblueshift.com/click&redir=https%3A%2F%2Firanianproduct.com%2Fcypher%2Fnew%2Fauth%2FusQYU%2Fam5lbWV0aHlAcHBpLmNh Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 65.9.95.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-95-83.prg50.r.cloudfront.net Software AmazonS3 / Resource Hash `11aa0dfc1008466aac1ff17a0e7eaa70ef1ed40d7241f1f44e65462c1cab1c60` Request headers accept-language de-DE,de;q=0.9 Referer https://api.getblueshift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Thu, 26 Oct 2023 20:33:12 GMT Via 1.1 d33f640b9793fb0553cc6dbe55988068.cloudfront.net (CloudFront) Last-Modified Mon, 08 Aug 2022 06:43:42 GMT Server AmazonS3 X-Amz-Cf-Pop PRG50-C1 ETag "5a3212d8356895725a63137f768a9443" X-Cache Miss from cloudfront Content-Type image/png Cache-Control max-age=604800,stale-while-revalidate=86400 Connection keep-alive Accept-Ranges bytes Content-Length 16155 X-Amz-Cf-Id NWZXhbvDR8i8pAFP2Vh1UDrakFvPDkCsZJH-9QJ12lZlQ0eHZz9Ffw==
GET		css fonts.googleapis.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.getblueshift.com/click&redir=https%3A%2F%2Firanianproduct.com%2Fcypher%2Fnew%2Fauth%2FusQYU%2Fam5lbWV0aHlAcHBpLmNh Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://api.getblueshift.com/click&redir=https%3A%2F%2Firanianproduct.com%2Fcypher%2Fnew%2Fauth%2FusQYU%2Fam5lbWV0aHlAcHBpLmNh(Line 30) Message: Mixed Content: The page at 'https://api.getblueshift.com/click&redir=https%3A%2F%2Firanianproduct.com%2Fcypher%2Fnew%2Fauth%2FusQYU%2Fam5lbWV0aHlAcHBpLmNh' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.getblueshift.com
cdn.getblueshift.com
fonts.googleapis.com
fonts.googleapis.com
52.26.233.188
65.9.95.83
11aa0dfc1008466aac1ff17a0e7eaa70ef1ed40d7241f1f44e65462c1cab1c60
f2091892a0ece70758274f5124126b894cdbc38a402c76ceccffff0b7ba2d1b2

api.getblueshift.com Open in urlscan Pro 52.26.233.188 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

3 Requests

67 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

1 Countries

17 kBTransfer

17 kBSize

0 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

api.getblueshift.com Open in urlscan Pro
52.26.233.188 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

17 kB
Transfer

17 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions