www.ntradmin.com Open in urlscan Pro
82.112.109.1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.tinyurl.com/cs20181306
Effective URL:
https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428
Submission: On June 14 via manual (June 14th 2018, 2:14:13 pm UTC) from FR

Summary HTTP 8 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 82.112.109.1, located in United Kingdom and belongs to NTT-COMMUNICATIONS-2914 - NTT America, Inc., US. The main domain is www.ntradmin.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on January 5th 2018. Valid for: 2 years.

This is the only time www.ntradmin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	104.20.219.42 104.20.219.42	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	82.112.109.6 82.112.109.6	2914 (NTT-COMMU...) (NTT-COMMUNICATIONS-2914 - NTT America)
1	82.112.109.1 82.112.109.1	2914 (NTT-COMMU...) (NTT-COMMUNICATIONS-2914 - NTT America)
7	46.137.83.7 46.137.83.7	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
8	2

2 104.20.219.42 (San Francisco, United States) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.112.109.6 (United Kingdom) 1 redirects

ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US)
PTR: evl0300562-pip13.sys.ntt.eu

app.ntrglobal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.112.109.1 (United Kingdom)

ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US)
PTR: evl0300562-pip8.sys.ntt.eu

www.ntradmin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 46.137.83.7 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-46-137-83-7.eu-west-1.compute.amazonaws.com

www.ntrglobal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ntrglobal.com 1 redirects app.ntrglobal.com www.ntrglobal.com	19 KB
2	tinyurl.com 2 redirects www.tinyurl.com tinyurl.com	794 B
1	ntradmin.com www.ntradmin.com	2 KB
8	3

	Domain	Requested by
7	www.ntrglobal.com	www.ntradmin.com
1	www.ntradmin.com
1	app.ntrglobal.com	1 redirects
1	tinyurl.com	1 redirects
1	www.tinyurl.com	1 redirects
8	5

This site contains links to these domains. Also see Links.

Domain
www.ntrglobal.com

Subject Issuer	Validity	Valid
www.ntradmin.com Go Daddy Secure Certificate Authority - G2	`2018-01-05` - `2020-01-05`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428
Frame ID: 8CB73878FB00DFA827D4C1CC73C03E6B
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.tinyurl.com/cs20181306 HTTP 301
http://tinyurl.com/redirect.php?num=cs20181306 HTTP 301
https://app.ntrglobal.com/fr/code/20767428 HTTP 302
https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20... Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /IIS(?:\/([\d.]+))?/i

Page Statistics

8
Requests

13 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

2
IPs

3
Countries

20 kB
Transfer

20 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.ntrglobal.com/
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.tinyurl.com/cs20181306 HTTP 301
http://tinyurl.com/redirect.php?num=cs20181306 HTTP 301
https://app.ntrglobal.com/fr/code/20767428 HTTP 302
https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/ Redirect Chain http://www.tinyurl.com/cs20181306 http://tinyurl.com/redirect.php?num=cs20181306 https://app.ntrglobal.com/fr/code/20767428 https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428	4 KB 2 KB	662ms 326ms	Document text/html	82.112.109.1 NTT America
General Check archive.org Show headers Download Go to Full URL https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 82.112.109.1 , United Kingdom, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US), Reverse DNS evl0300562-pip8.sys.ntt.eu Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `cb34031b303a35cbfa36d6a1349d4852487f6e87eb87f97b80b013d83a09bb4b` Request headers Host www.ntradmin.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 8CB73878FB00DFA827D4C1CC73C03E6B Response headers Cache-Control private Content-Type text/html; charset=utf-8 Content-Encoding gzip Vary Accept-Encoding Server Microsoft-IIS/7.5 X-Powered-By ASP.NET Date Thu, 14 Jun 2018 14:14:01 GMT Content-Length 1695 Redirect headers Date Thu, 14 Jun 2018 14:14:04 GMT Server Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f Phusion_Passenger/3.0.21 mod_perl/2.0.8 Perl/v5.18.2 Location https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Content-Length 295 Keep-Alive timeout=15, max=100 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	sky-left-act.jpg www.ntrglobal.com/images/images_landingpages/	4 KB 4 KB	457ms 33ms	Image image/jpeg	46.137.83.7 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.ntrglobal.com/images/images_landingpages/sky-left-act.jpg Requested by Host: www.ntradmin.com URL: https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Protocol HTTP/1.1 Server 46.137.83.7 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-46-137-83-7.eu-west-1.compute.amazonaws.com Software Apache/2.2.27 (Amazon) / Resource Hash `71614a26df59aa2287c11f02bfa81d9d92a8d1c5409f8db47c08a889ee814fa4` Request headers Referer https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Thu, 14 Jun 2018 14:14:02 GMT Last-Modified Wed, 03 Aug 2011 07:01:40 GMT Server Apache/2.2.27 (Amazon) ETag "61bf4-f28-4a9946fa23d00" Content-Type image/jpeg Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3880 Expires Thu, 28 Jun 2018 14:14:02 GMT
GET H/1.1	200 OK	sky-logo-global-act.jpg www.ntrglobal.com/images/images_landingpages/	8 KB 9 KB	462ms 34ms	Image image/jpeg	46.137.83.7 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.ntrglobal.com/images/images_landingpages/sky-logo-global-act.jpg Requested by Host: www.ntradmin.com URL: https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Protocol HTTP/1.1 Server 46.137.83.7 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-46-137-83-7.eu-west-1.compute.amazonaws.com Software Apache/2.2.27 (Amazon) / Resource Hash `55cdddedda5dc113fda436675952a5cb6326131e185979ef26f379513046d3fa` Request headers Referer https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Thu, 14 Jun 2018 14:14:02 GMT Last-Modified Wed, 30 Nov 2016 08:42:34 GMT Server Apache/2.2.27 (Amazon) ETag "61bfb-213f-54280afb1182f" Content-Type image/jpeg Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 8511 Expires Thu, 28 Jun 2018 14:14:02 GMT
GET H/1.1	200 OK	sky-icon-act-empty.jpg www.ntrglobal.com/images/images_landingpages/	551 B 915 B	461ms 32ms	Image image/jpeg	46.137.83.7 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.ntrglobal.com/images/images_landingpages/sky-icon-act-empty.jpg Requested by Host: www.ntradmin.com URL: https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Protocol HTTP/1.1 Server 46.137.83.7 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-46-137-83-7.eu-west-1.compute.amazonaws.com Software Apache/2.2.27 (Amazon) / Resource Hash `4c9bb873e0306972584a4ecf570c811082afda447bc308e76b262f6734ef013c` Request headers Referer https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Thu, 14 Jun 2018 14:14:02 GMT Last-Modified Thu, 04 Aug 2011 12:01:20 GMT Server Apache/2.2.27 (Amazon) ETag "61bda-227-4a9acbd2aa400" Content-Type image/jpeg Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 551 Expires Thu, 28 Jun 2018 14:14:02 GMT
GET H/1.1	200 OK	sky-corner-left.gif www.ntrglobal.com/images/images_landingpages/	97 B 458 B	465ms 34ms	Image image/gif	46.137.83.7 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.ntrglobal.com/images/images_landingpages/sky-corner-left.gif Requested by Host: www.ntradmin.com URL: https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Protocol HTTP/1.1 Server 46.137.83.7 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-46-137-83-7.eu-west-1.compute.amazonaws.com Software Apache/2.2.27 (Amazon) / Resource Hash `32bfde462c562453ef29b492523a4e32bcba6d060871ea1bc4d4b73476ca6773` Request headers Referer https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Thu, 14 Jun 2018 14:14:02 GMT Last-Modified Wed, 03 Aug 2011 07:01:40 GMT Server Apache/2.2.27 (Amazon) ETag "61bd7-61-4a9946fa23d00" Content-Type image/gif Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 97 Expires Thu, 28 Jun 2018 14:14:02 GMT
GET H/1.1	200 OK	sky-corner-right.gif www.ntrglobal.com/images/images_landingpages/	99 B 460 B	471ms 34ms	Image image/gif	46.137.83.7 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.ntrglobal.com/images/images_landingpages/sky-corner-right.gif Requested by Host: www.ntradmin.com URL: https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Protocol HTTP/1.1 Server 46.137.83.7 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-46-137-83-7.eu-west-1.compute.amazonaws.com Software Apache/2.2.27 (Amazon) / Resource Hash `c234fdf8042141b4810e3f15a6c50c18333fbc8937dd6eee7b092e4efffc7c7b` Request headers Referer https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Thu, 14 Jun 2018 14:14:02 GMT Last-Modified Thu, 04 Aug 2011 12:01:20 GMT Server Apache/2.2.27 (Amazon) ETag "61bd8-63-4a9acbd2aa400" Content-Type image/gif Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 99 Expires Thu, 28 Jun 2018 14:14:02 GMT
GET H/1.1	200 OK	sky-right-1-activ.jpg www.ntrglobal.com/images/images_landingpages/	2 KB 2 KB	489ms 33ms	Image image/jpeg	46.137.83.7 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.ntrglobal.com/images/images_landingpages/sky-right-1-activ.jpg Requested by Host: www.ntradmin.com URL: https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Protocol HTTP/1.1 Server 46.137.83.7 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-46-137-83-7.eu-west-1.compute.amazonaws.com Software Apache/2.2.27 (Amazon) / Resource Hash `39617e851acbcb3badbb950b149878812488e6ad95bc4e777196da50c3d63d70` Request headers Referer https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Thu, 14 Jun 2018 14:14:02 GMT Last-Modified Wed, 03 Aug 2011 07:01:40 GMT Server Apache/2.2.27 (Amazon) ETag "61c16-878-4a9946fa23d00" Content-Type image/jpeg Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2168 Expires Thu, 28 Jun 2018 14:14:02 GMT
GET H/1.1	200 OK	sky-right-2.gif www.ntrglobal.com/images/images_landingpages/	1 KB 1 KB	449ms 33ms	Image image/gif	46.137.83.7 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.ntrglobal.com/images/images_landingpages/sky-right-2.gif Requested by Host: www.ntradmin.com URL: https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 Protocol HTTP/1.1 Server 46.137.83.7 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-46-137-83-7.eu-west-1.compute.amazonaws.com Software Apache/2.2.27 (Amazon) / Resource Hash `a6e948afe1d7ce58cb9255061b3a32d89b1c611578896bef3763b2ae40891875` Request headers Referer https://www.ntradmin.com/main2/ntradmin.web.services/remotecontrol/downloadclientexe/?lang=fr&code=20767428 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Thu, 14 Jun 2018 14:14:02 GMT Last-Modified Mon, 01 Aug 2011 07:21:06 GMT Server Apache/2.2.27 (Amazon) ETag "61c1a-46b-4a96c79733c80" Content-Type image/gif Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1131 Expires Thu, 28 Jun 2018 14:14:02 GMT

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getLocalTime

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.ntrglobal.com
tinyurl.com
www.ntradmin.com
www.ntrglobal.com
www.tinyurl.com
104.20.219.42
46.137.83.7
82.112.109.1
82.112.109.6
32bfde462c562453ef29b492523a4e32bcba6d060871ea1bc4d4b73476ca6773
39617e851acbcb3badbb950b149878812488e6ad95bc4e777196da50c3d63d70
4c9bb873e0306972584a4ecf570c811082afda447bc308e76b262f6734ef013c
55cdddedda5dc113fda436675952a5cb6326131e185979ef26f379513046d3fa
71614a26df59aa2287c11f02bfa81d9d92a8d1c5409f8db47c08a889ee814fa4
a6e948afe1d7ce58cb9255061b3a32d89b1c611578896bef3763b2ae40891875
c234fdf8042141b4810e3f15a6c50c18333fbc8937dd6eee7b092e4efffc7c7b
cb34031b303a35cbfa36d6a1349d4852487f6e87eb87f97b80b013d83a09bb4b

www.ntradmin.com Open in urlscan Pro 82.112.109.1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

13 %HTTPS

0 %IPv6

3 Domains

5 Subdomains

2 IPs

3 Countries

20 kBTransfer

20 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

Indicators

www.ntradmin.com Open in urlscan Pro
82.112.109.1 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

13 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

2
IPs

3
Countries

20 kB
Transfer

20 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions