mail.celooo.ragzmarsha.biz.id Open in urlscan Pro
104.21.18.243 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://mail.celooo.ragzmarsha.biz.id/
Submission: On November 24 via api (November 24th 2023, 3:59:10 pm UTC) from US — Scanned from US

Summary HTTP 5 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 104.21.18.243, located in and belongs to CLOUDFLARENET, US. The main domain is mail.celooo.ragzmarsha.biz.id.

This is the only time mail.celooo.ragzmarsha.biz.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	104.21.18.243 104.21.18.243	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:807::200a	15169 (GOOGLE) (GOOGLE)
3 4	137.184.25.53 137.184.25.53	() ()
5	4

3 104.21.18.243 (None, )

ASN13335 (CLOUDFLARENET, US)

mail.celooo.ragzmarsha.biz.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:807::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 137.184.25.53 (None, ) 3 redirects

ASN- ()

labs.nikrowell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nikrowell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	nikrowell.com 3 redirects labs.nikrowell.com nikrowell.com	723 B
3	ragzmarsha.biz.id mail.celooo.ragzmarsha.biz.id	581 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	909 B
5	3

	Domain	Requested by
3	mail.celooo.ragzmarsha.biz.id	mail.celooo.ragzmarsha.biz.id
2	nikrowell.com	1 redirects
2	labs.nikrowell.com	2 redirects
1	fonts.googleapis.com	mail.celooo.ragzmarsha.biz.id
5	4

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://mail.celooo.ragzmarsha.biz.id/
Frame ID: B43F2C8028A3C15C852EB83F5C106A3E
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

[_] YO_R _IT_ I_ NO_ _AFE _+_KURRXD WAS HERE

Page Statistics

5
Requests

0 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

581 kB
Transfer

717 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

http://labs.nikrowell.com/lightsandmotion/ultraviolet/images/logo.png HTTP 301
https://labs.nikrowell.com/lightsandmotion/ultraviolet/images/logo.png HTTP 301
http://nikrowell.com/lightsandmotion/ultraviolet/images/logo.png HTTP 301
https://nikrowell.com/lightsandmotion/ultraviolet/images/logo.png

5 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
mail.celooo.ragzmarsha.biz.id/ 54 KB
9 KB 1655ms
1324ms Document
text/html 104.21.18.243
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mail.celooo.ragzmarsha.biz.id/
Protocol: HTTP/1.1
Server: 104.21.18.243 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7b0301903dae082bd071826477ebf66a93b3b9ff8d169c3f10487a9bdc87351

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 82b2db5d3eba8ce2-EWR
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 24 Nov 2023 15:59:04 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2iUvnPdASUv7wSuxqWrDM5ziVHaA7Ri8Qe9oGeq78%2Fjv7nCc09E6XbvqePfZfcnnhct3ug4MWwEXL5SDqwDfI99HifJqV%2BIkehfvBjxJNM9x6YMPaU%2B2jKuVJdp8aja%2FNAZgqQ9IrNPYrBd3ZfVHHA%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK css
fonts.googleapis.com/ 389 B
909 B 22ms
18ms Stylesheet
text/css 2607:f8b0:4006:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Satisfy

Requested by

Host: mail.celooo.ragzmarsha.biz.id
URL: http://mail.celooo.ragzmarsha.biz.id/

Protocol

HTTP/1.1

Server

2607:f8b0:4006:807::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1f622de427cfa6827bd915fdd0d0d63b47b7d214bffbb96b046c2dbc95980586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://mail.celooo.ragzmarsha.biz.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 24 Nov 2023 15:59:05 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Fri, 24 Nov 2023 15:59:05 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 24 Nov 2023 15:59:05 GMT

GET
H/1.1 200
OK kucing.gif
mail.celooo.ragzmarsha.biz.id/ 571 KB
572 KB 1984ms
1984ms Image
image/gif 104.21.18.243
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://mail.celooo.ragzmarsha.biz.id/kucing.gif
Requested by: Host: mail.celooo.ragzmarsha.biz.id
URL: http://mail.celooo.ragzmarsha.biz.id/
Protocol: HTTP/1.1
Server: 104.21.18.243 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 953146fdf8eca85d1981cfc29d045ed9cbf3ea3be6d7da3a33e9e52bce2f42ea

Request headers

accept-language: en-US,en;q=0.9
Referer: http://mail.celooo.ragzmarsha.biz.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 24 Nov 2023 15:59:07 GMT
CF-Cache-Status: MISS
Last-Modified: Sun, 03 Sep 2023 12:51:48 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ebhHL1x%2FAJjDKpMrEpXwq81jhLkEinjhoNRShmxHIrElxqDvGoO4WTh3tWHDw%2FkPX4nwRcwcoIjTa27yLQ%2Fw8rv%2BNfxdv5%2BeB5GPUlotgqVneHf1dNe04wcmmjzwbpheHeGvJj5pwXIwiGFWaGzAaw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Cache-Control: max-age=14400
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 82b2db6c8ab98ce2-EWR
alt-svc: h3=":443"; ma=86400
Content-Length: 584599

GET
H/1.1 206
Partial Content a1.mp3
mail.celooo.ragzmarsha.biz.id/ 90 KB
0 947ms
946ms Media
audio/mpeg 104.21.18.243
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://mail.celooo.ragzmarsha.biz.id/a1.mp3
Requested by: Host: mail.celooo.ragzmarsha.biz.id
URL: http://mail.celooo.ragzmarsha.biz.id/
Protocol: HTTP/1.1
Server: 104.21.18.243 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: http://mail.celooo.ragzmarsha.biz.id/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 24 Nov 2023 15:59:06 GMT
CF-Cache-Status: MISS
Last-Modified: Sat, 23 Apr 2022 06:50:36 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lm7NV7MzMJo3tHvgZlaZU0Qx8j%2FXw%2B%2BBPSGySLxBFb3bHxzIVk0GX9ZjMH6qUWpPjYNC60UPqo8j1jNSYUUn2t8serhcm4Q%2BZTrGbtjsCZd48Xepy0BrdjSUAEc6MRA%2FQOqpr822cxo1gddXBzD15w%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: audio/mpeg
Content-Range: bytes 0-969383/969384
Cache-Control: max-age=14400
Connection: keep-alive
CF-RAY: 82b2db6cbaae17f1-EWR
alt-svc: h3=":443"; ma=86400
Content-Length: 969384

GET
DATA 200
OK truncated
/ 382 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 354 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77fc7e2cee3f1b71326ab2d9e121017b176205d0c8bbb013dfe7ebfccb2c5cab

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

404

logo.png
nikrowell.com/lightsandmotion/ultraviolet/images/
Redirect Chain

http://labs.nikrowell.com/lightsandmotion/ultraviolet/images/logo.png
https://labs.nikrowell.com/lightsandmotion/ultraviolet/images/logo.png
http://nikrowell.com/lightsandmotion/ultraviolet/images/logo.png
https://nikrowell.com/lightsandmotion/ultraviolet/images/logo.png

0
0

20ms
18ms

Image
text/html

137.184.25.53

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nikrowell.com/lightsandmotion/ultraviolet/images/logo.png
Protocol: H2
Server: 137.184.25.53 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: http://mail.celooo.ragzmarsha.biz.id/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Redirect headers

Location: https://nikrowell.com/lightsandmotion/ultraviolet/images/logo.png
Date: Fri, 24 Nov 2023 15:59:09 GMT
Cache-Control: public, max-age=31536000
Server: nginx
Connection: keep-alive
Content-Length: 162
Content-Type: text/html

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nikrowell.com/lightsandmotion/ultraviolet/images/logo.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
labs.nikrowell.com
mail.celooo.ragzmarsha.biz.id
nikrowell.com
104.21.18.243
137.184.25.53
2607:f8b0:4006:807::200a
1f622de427cfa6827bd915fdd0d0d63b47b7d214bffbb96b046c2dbc95980586
6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82
77fc7e2cee3f1b71326ab2d9e121017b176205d0c8bbb013dfe7ebfccb2c5cab
953146fdf8eca85d1981cfc29d045ed9cbf3ea3be6d7da3a33e9e52bce2f42ea
b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88
b7b0301903dae082bd071826477ebf66a93b3b9ff8d169c3f10487a9bdc87351
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

mail.celooo.ragzmarsha.biz.id Open in urlscan Pro 104.21.18.243 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

0 %HTTPS

33 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

581 kBTransfer

717 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

mail.celooo.ragzmarsha.biz.id Open in urlscan Pro
104.21.18.243 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

581 kB
Transfer

717 kB
Size

0
Cookies

5 HTTP transactions
3 data transactions