ejgroups.co.uk - urlscan.io

Summary

This website contacted 5 IPs in 4 countries across 7 domains to perform 6 HTTP transactions. The main IP is 162.215.226.7, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is ejgroups.co.uk.

This is the only time ejgroups.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	162.215.226.7 162.215.226.7	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 1	162.248.247.98 162.248.247.98	31863 (DACEN-2) (DACEN-2)
1	104.18.3.35 104.18.3.35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	54.77.133.128 54.77.133.128	16509 (AMAZON-02) (AMAZON-02)
1 2	18.173.233.101 18.173.233.101	16509 (AMAZON-02) (AMAZON-02)
1 2	194.26.192.93 194.26.192.93	210558 (SERVICES-...) (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK)
1 3	104.17.3.184 104.17.3.184	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	5

1 162.215.226.7 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-215-226-7.unifiedlayer.com

ejgroups.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.248.247.98 (United States) 1 redirects

ASN31863 (DACEN-2, US)
PTR: svr03.resilientdns.com

obdfaultsdiagnostics.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.3.35 (None, )

ASN13335 (CLOUDFLARENET, US)

pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.133.128 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-133-128.eu-west-1.compute.amazonaws.com

www.netjetseurope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.173.233.101 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-173-233-101.dus51.r.cloudfront.net

www.netjets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 194.26.192.93 (Oude Meer, Netherlands) 1 redirects

ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE)
PTR: 194.26.192.93.powered.by.rdp.sh

yellowtelecomms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.3.184 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 5770	11 KB
2	yellowtelecomms.com 1 redirects yellowtelecomms.com	4 KB
2	netjets.com 1 redirects www.netjets.com — Cisco Umbrella Rank: 834049	250 B
1	netjetseurope.com 1 redirects www.netjetseurope.com	85 B
1	r2.dev pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev	1 KB
1	obdfaultsdiagnostics.co.uk 1 redirects obdfaultsdiagnostics.co.uk	122 B
1	ejgroups.co.uk ejgroups.co.uk	546 B
6	7

	Domain	Requested by
3	challenges.cloudflare.com	1 redirects yellowtelecomms.com challenges.cloudflare.com
2	yellowtelecomms.com	1 redirects ejgroups.co.uk
2	www.netjets.com	1 redirects pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev
1	www.netjetseurope.com	1 redirects
1	pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev	ejgroups.co.uk
1	obdfaultsdiagnostics.co.uk	1 redirects
1	ejgroups.co.uk
6	7

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2023-10-11` - `2024-01-09`	3 months	crt.sh
yellowtelecomms.com R3	`2023-11-07` - `2024-02-05`	3 months	crt.sh
challenges.cloudflare.com Cloudflare Inc ECC CA-3	`2023-08-18` - `2024-08-17`	a year	crt.sh

This page contains 3 frames:

Primary Page: http://ejgroups.co.uk/
Frame ID: 3C2C3A810688A8A89399A02E56B3F741
Requests: 1 HTTP requests in this frame

Frame: https://yellowtelecomms.com/?uoxpeyml=3e0a48de386d9944b5e38328dfe695b643117c1df69f3a21a9d2806feaf5a8565a901bc225ba83380e23171713d27b6d211337150fda4c20609db23c4925798a
Frame ID: 8A4A94488E9D237E72517FC6D86D2651
Requests: 4 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6rikw/0x4AAAAAAANs_2ux1bpigG6E/auto/normal
Frame ID: 21E3DB3FA410C73311E070A5D5BC68F1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

6
Requests

50 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

5
IPs

4
Countries

16 kB
Transfer

41 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://obdfaultsdiagnostics.co.uk/ew.PDF HTTP 301
https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html

Request Chain 1

https://www.netjetseurope.com/images/nj_logo.gif HTTP 301
https://www.netjets.com/ HTTP 301
https://www.netjets.com/it-it/

Request Chain 2

https://yellowtelecomms.com/?uoxpeyml HTTP 302
https://yellowtelecomms.com/?uoxpeyml=3e0a48de386d9944b5e38328dfe695b643117c1df69f3a21a9d2806feaf5a8565a901bc225ba83380e23171713d27b6d211337150fda4c20609db23c4925798a

Request Chain 3

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
https://challenges.cloudflare.com/turnstile/v0/b/56d3063b/api.js?onload=onloadTurnstileCallback

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
ejgroups.co.uk/ 345 B
546 B 1281ms
400ms Document
text/html 162.215.226.7
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

http://ejgroups.co.uk/

Protocol

HTTP/1.1

Server

162.215.226.7 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-215-226-7.unifiedlayer.com

Software

nginx /

Resource Hash

ad5fe757b7e1d8ec3017a6ceca5b0ba5944872aa3d04af50bfa5934e7387e236

Security Headers

Name	Value
X-Frame-Options	GOFORIT

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/html; charset=utf-8
Date: Tue, 05 Dec 2023 09:07:03 GMT
Server: nginx
Transfer-Encoding: chunked
X-Frame-Options: GOFORIT

GET
H/1.1

200
OK

DF.html Show response
pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/ Frame 8A4A
Redirect Chain

https://obdfaultsdiagnostics.co.uk/ew.PDF
https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html

4 KB
1 KB

412ms
304ms

Document
text/html

104.18.3.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html
Requested by: Host: ejgroups.co.uk
URL: http://ejgroups.co.uk/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34bc41b7f70bfa8a34b1b1fb8123d41a3c31b8f0d8a8b9e2cf960d092155939b

Request headers

Referer: http://ejgroups.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

CF-RAY: 830b2301bfb2bb00-MXP
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 05 Dec 2023 09:07:04 GMT
ETag: W/"471f668d7d62c75a1b47a3bbdb1ba9a2"
Last-Modified: Mon, 27 Nov 2023 07:22:46 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

content-length: 267
content-type: text/html; charset=iso-8859-1
date: Tue, 05 Dec 2023 09:07:04 GMT
location: https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html
server: Apache

GET
H2

200

/
www.netjets.com/it-it/ Frame 8A4A
Redirect Chain

https://www.netjetseurope.com/images/nj_logo.gif
https://www.netjets.com/
https://www.netjets.com/it-it/

0
0

537ms
536ms

Image
text/html

18.173.233.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.netjets.com/it-it/
Requested by: Host: pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev
URL: https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html
Protocol: H2
Server: 18.173.233.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-233-101.dus51.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Redirect headers

date: Tue, 05 Dec 2023 09:07:05 GMT
via: 1.1 fffeeadd9939f8749b5df669fcf4e936.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: DUS51-P3
x-cache: Miss from cloudfront
location: /it-it/
cache-control: max-age=3600
content-length: 0
x-amz-cf-id: hsKKpuE0NvI4BhgaOyipPIS14P8eynSl12m4iE8k5HLIFkYQ5aqLFQ==

GET
H/1.1

200
OK

/ Show response
yellowtelecomms.com/ Frame 8A4A
Redirect Chain

https://yellowtelecomms.com/?uoxpeyml
https://yellowtelecomms.com/?uoxpeyml=3e0a48de386d9944b5e38328dfe695b643117c1df69f3a21a9d2806feaf5a8565a901bc225ba83380e23171713d27b6d211337150fda4c20609db23c4925798a

3 KB
3 KB

58ms
58ms

Document
text/html

194.26.192.93
SERVICES-1337-GMB...

General

Check archive.org

Show headers Download Go to

Full URL: https://yellowtelecomms.com/?uoxpeyml=3e0a48de386d9944b5e38328dfe695b643117c1df69f3a21a9d2806feaf5a8565a901bc225ba83380e23171713d27b6d211337150fda4c20609db23c4925798a
Requested by: Host: ejgroups.co.uk
URL: http://ejgroups.co.uk/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 194.26.192.93 Oude Meer, Netherlands, ASN210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK, DE),
Reverse DNS: 194.26.192.93.powered.by.rdp.sh
Software: /
Resource Hash: 9d6e8891ca7d9a729d80a53d22e3bf442406d132a523781723a34da430fbe941

Request headers

Referer: https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/html;charset=UTF-8
Date: Tue, 05 Dec 2023 09:07:06 GMT
Keep-Alive: timeout=5
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Date: Tue, 05 Dec 2023 09:07:06 GMT
Keep-Alive: timeout=5
Transfer-Encoding: chunked
location: /?uoxpeyml=3e0a48de386d9944b5e38328dfe695b643117c1df69f3a21a9d2806feaf5a8565a901bc225ba83380e23171713d27b6d211337150fda4c20609db23c4925798a

GET
H2

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/b/56d3063b/ Frame 8A4A
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
https://challenges.cloudflare.com/turnstile/v0/b/56d3063b/api.js?onload=onloadTurnstileCallback

33 KB
11 KB

60ms
60ms

Script
application/javascript

104.17.3.184
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/56d3063b/api.js?onload=onloadTurnstileCallback
Requested by: Host: yellowtelecomms.com
URL: https://yellowtelecomms.com/?uoxpeyml=3e0a48de386d9944b5e38328dfe695b643117c1df69f3a21a9d2806feaf5a8565a901bc225ba83380e23171713d27b6d211337150fda4c20609db23c4925798a
Protocol: H2
Server: 104.17.3.184 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acbe221d9bb71e85d0a3b52a7a9d44ee4669ab664186b32d0c737a2be62681e7

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://yellowtelecomms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 09:07:06 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 830b230ed9125a3d-MXP
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 05 Dec 2023 09:07:06 GMT
server: cloudflare
vary: accept-encoding
location: /turnstile/v0/b/56d3063b/api.js?onload=onloadTurnstileCallback
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 830b230e78be5a3d-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 200 normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6rikw/0x4AAAAAAANs_2ux1bpigG6E/auto/ Frame 21E3 0
0 51ms
50ms Document
text/html 104.17.3.184
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6rikw/0x4AAAAAAANs_2ux1bpigG6E/auto/normal

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

104.17.3.184 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'

Request headers

Referer: https://yellowtelecomms.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 830b230f59914c63-MXP
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 09:07:06 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			yellowtelecomms.com/	1969-12-31 23:59:59	Name: qPdM Value: i9dZdR1zZU30
			yellowtelecomms.com/	1969-12-31 23:59:59	Name: qPdM.sig Value: p-vzkimFMyGcWfZPJYV5Tr745KQ

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html Message: Mixed Content: The page at 'https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html' was loaded over HTTPS, but requested an insecure element 'http://www.netjetseurope.com/images/nj_logo.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html(Line 60) Message: Mixed Content: The page at 'https://pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev/DF.html' was loaded over HTTPS, but requested an insecure element 'http://www.netjetseurope.com/images/nj_logo.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	GOFORIT

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
ejgroups.co.uk
obdfaultsdiagnostics.co.uk
pub-d3b8779b6cea4c6da93cad6c6b20f620.r2.dev
www.netjets.com
www.netjetseurope.com
yellowtelecomms.com
104.17.3.184
104.18.3.35
162.215.226.7
162.248.247.98
18.173.233.101
194.26.192.93
54.77.133.128
34bc41b7f70bfa8a34b1b1fb8123d41a3c31b8f0d8a8b9e2cf960d092155939b
9d6e8891ca7d9a729d80a53d22e3bf442406d132a523781723a34da430fbe941
acbe221d9bb71e85d0a3b52a7a9d44ee4669ab664186b32d0c737a2be62681e7
ad5fe757b7e1d8ec3017a6ceca5b0ba5944872aa3d04af50bfa5934e7387e236
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

ejgroups.co.uk Open in urlscan Pro 162.215.226.7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

6 Requests

50 %HTTPS

0 %IPv6

7 Domains

7 Subdomains

5 IPs

4 Countries

16 kBTransfer

41 kBSize

2 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

2 Cookies

2 Console Messages

Security Headers

Indicators

ejgroups.co.uk Open in urlscan Pro
162.215.226.7 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

50 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

5
IPs

4
Countries

16 kB
Transfer

41 kB
Size

2
Cookies

6 HTTP transactions
0 data transactions