promotions.everis-ntt.com

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 195.53.53.74, located in Mahon, Spain and belongs to TELEFONICA_DE_ESPANA, ES. The main domain is promotions.everis-ntt.com.

This is the only time promotions.everis-ntt.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.123.16 167.89.123.16	11377 (SENDGRID) (SENDGRID)
1	195.53.53.74 195.53.53.74	3352 (TELEFONIC...) (TELEFONICA_DE_ESPANA)
2	51.136.48.140 51.136.48.140	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:fe80:101... 2a02:fe80:1010::16	30148 (SUCURI-SEC) (SUCURI-SEC)
4	3

1 167.89.123.16 (Chicago, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net

u22019203.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.53.53.74 (Mahon, Spain)

ASN3352 (TELEFONICA_DE_ESPANA, ES)

promotions.everis-ntt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.136.48.140 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

adfsprod40.everis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fe80:1010::16 (United States)

ASN30148 (SUCURI-SEC, US)

secureservercdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	everis.com adfsprod40.everis.com	209 KB
1	secureservercdn.net secureservercdn.net — Cisco Umbrella Rank: 17269	566 KB
1	everis-ntt.com promotions.everis-ntt.com	1 KB
1	sendgrid.net 1 redirects u22019203.ct.sendgrid.net	247 B
4	4

	Domain	Requested by
2	adfsprod40.everis.com	promotions.everis-ntt.com
1	secureservercdn.net	promotions.everis-ntt.com
1	promotions.everis-ntt.com
1	u22019203.ct.sendgrid.net	1 redirects
4	4

This site contains no links.

Subject Issuer	Validity	Valid
adfsprod40.everis.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-14` - `2022-06-22`	a year	crt.sh
secureservercdn.net Starfield Secure Certificate Authority - G2	`2021-05-27` - `2022-06-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://promotions.everis-ntt.com/?rid=e1VB2TY
Frame ID: 1A652C00CBB0B6E404B521B28DE45BDC
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

https://u22019203.ct.sendgrid.net/ls/click?upn=yXU74Z47jjUSwUPfluCGwYnSMhyWyRiWh8czW62SO95KVG39OseMBVwgpgbKFDq... HTTP 302
http://promotions.everis-ntt.com/?rid=e1VB2TY Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

4
Requests

75 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

776 kB
Transfer

776 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u22019203.ct.sendgrid.net/ls/click?upn=yXU74Z47jjUSwUPfluCGwYnSMhyWyRiWh8czW62SO95KVG39OseMBVwgpgbKFDqw4-2FQ-2BtLHTIFQSIjHdaBXs3w-3D-3DG8rs_2t-2FpJkyR2katwYwGgKhfTX9mSBM8g5tIlSIYelKXwuVTZZMNBy-2BX97VRPuay4EwwQW0EececoLqsTwfxs5WwiO-2FqbijqK6wvZbABMJ3k9PRGK1ZfOuCX4rrZOl64MAzmWecPPKR1J3YG4d98pSZ1EnvHrwtRQaFi0ToVGD8YiVmG-2FJQokNYfaOxMCTPwBl6ed-2F-2BJWhnyQj3MrnNsObTgd25iJAHCi8cE2rpCPKVvzdys-2F91CLx2HSTvlZ0Kl3bJ5 HTTP 302
http://promotions.everis-ntt.com/?rid=e1VB2TY Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
promotions.everis-ntt.com/
Redirect Chain

https://u22019203.ct.sendgrid.net/ls/click?upn=yXU74Z47jjUSwUPfluCGwYnSMhyWyRiWh8czW62SO95KVG39OseMBVwgpgbKFDqw4-2FQ-2BtLHTIFQSIjHdaBXs3w-3D-3DG8rs_2t-2FpJkyR2katwYwGgKhfTX9mSBM8g5tIlSIYelKXwuVTZZM...
http://promotions.everis-ntt.com/?rid=e1VB2TY

3 KB
1 KB

666ms
274ms

Document
text/html

195.53.53.74
TELEFONICA_DE_ESPANA

General

Check archive.org

Show headers Download Go to

Full URL: http://promotions.everis-ntt.com/?rid=e1VB2TY
Protocol: HTTP/1.1
Server: 195.53.53.74 Mahon, Spain, ASN3352 (TELEFONICA_DE_ESPANA, ES),
Reverse DNS
Software: /
Resource Hash: 61f5da255cb7ffcf1d1526139820eba0241dd347ae5762a979f2001cd1ffaca6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-Server: gophish
Date: Mon, 24 Jan 2022 08:30:53 GMT
Content-Length: 1155

Redirect headers

Server: nginx
Date: Mon, 24 Jan 2022 08:30:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 67
Connection: keep-alive
Location: http://promotions.everis-ntt.com?rid=e1VB2TY
X-Robots-Tag: noindex, nofollow

GET
H/1.1 200
OK style.css
adfsprod40.everis.com/adfs/portal/css/ 22 KB
22 KB 109ms
40ms Stylesheet
text/css 51.136.48.140
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://adfsprod40.everis.com/adfs/portal/css/style.css?id=341562E0634F29D004DCB868F8C7616763EA0427B0D093999B67942DCED59602
Requested by: Host: promotions.everis-ntt.com
URL: http://promotions.everis-ntt.com/?rid=e1VB2TY
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.136.48.140 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 943e4825fb7374202ff5fd6fdc9b186490356806d4502254efab5f3a69a304f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 08:30:52 GMT
Expires: Wed, 23 Feb 2022 08:30:53 GMT
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag: 316ED5A97F2AF598F2B9A3DA81F120DBB49B0FD8446750607F249DD1C279D1F5
Content-Length: 22301
Content-Type: text/css

GET
H2 200 NTTD_Logo.jpg
secureservercdn.net/45.40.145.151/9e6.f60.myftpupload.com/wp-content/uploads/2018/09/ 565 KB
566 KB 44ms
13ms Image
image/jpeg 2a02:fe80:1010::16
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secureservercdn.net/45.40.145.151/9e6.f60.myftpupload.com/wp-content/uploads/2018/09/NTTD_Logo.jpg?time=1638447021

Requested by

Host: promotions.everis-ntt.com
URL: http://promotions.everis-ntt.com/?rid=e1VB2TY

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::16 , United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

Software

nginx /

Resource Hash

0543edea4462fc30a9be3690df1bebb17145439e96ce7398d5b0f5ed8b2fbaf1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=300, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-cacheable: YES
x-backend: local
age: 256160
x-cache: cached
x-sucuri-cache: HIT
content-length: 578398
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Sep 2018 23:59:27 GMT
server: nginx
date: Mon, 24 Jan 2022 08:30:53 GMT
strict-transport-security: max-age=300, max-age=31536000; includeSubDomains
content-type: image/jpeg
x-cache-hit: HIT
cache-control: max-age=315360000
x-sucuri-id: 19016
etag: "8d35e-576f73ed995c0"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK illustration.jpg
adfsprod40.everis.com/adfs/portal/illustration/ 186 KB
187 KB 65ms
64ms Image
image/jpg 51.136.48.140
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adfsprod40.everis.com/adfs/portal/illustration/illustration.jpg?id=3FBE6B4B7691FEE74B99E31299D49709F760BA95B0373FDA362364853BCB3C8C
Requested by: Host: promotions.everis-ntt.com
URL: http://promotions.everis-ntt.com/?rid=e1VB2TY
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.136.48.140 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 7fb4322b933a8695a9daa809921406445f0d3307d36db6fba794ab2fbbc794d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://promotions.everis-ntt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 08:30:53 GMT
Expires: Wed, 23 Feb 2022 08:30:53 GMT
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag: 7FB4322B933A8695A9DAA809921406445F0D3307D36DB6FBA794AB2FBBC794D3
Content-Length: 190953
Content-Type: image/jpg

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adfsprod40.everis.com
promotions.everis-ntt.com
secureservercdn.net
u22019203.ct.sendgrid.net
167.89.123.16
195.53.53.74
2a02:fe80:1010::16
51.136.48.140
0543edea4462fc30a9be3690df1bebb17145439e96ce7398d5b0f5ed8b2fbaf1
61f5da255cb7ffcf1d1526139820eba0241dd347ae5762a979f2001cd1ffaca6
7fb4322b933a8695a9daa809921406445f0d3307d36db6fba794ab2fbbc794d3
943e4825fb7374202ff5fd6fdc9b186490356806d4502254efab5f3a69a304f8

promotions.everis-ntt.com Open in urlscan Pro 195.53.53.74 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

75 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

776 kBTransfer

776 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

promotions.everis-ntt.com Open in urlscan Pro
195.53.53.74 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

776 kB
Transfer

776 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions