0/100

low Risk

akram.in.net

https://akram.in.net

172.67.173.109 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

11525 days

HTTP

200 · 17.1s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Redirect Chain (2 hops)

301https://akram.in.net/

301https://fb88.moda/

Visual Evidence

Zoom

Save

Domain Intelligence: in.net

Scanned 2 times since May 16, 2026, 02:35 PM UTC

ℹ Low (15)

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

igetused.to

Vendors

30/31

Status

partial

✓ yandex✓ isitphish✗ norton✓ polyswarm✓ brightcloud✓ openphish✓ avast✓ avg✓ kaspersky✓ bitdefender✓ eset✓ sophos✓ microsoft✓ chainpatrol✓ apwg✓ netcraft✓ cisa✓ virustotal✓ drweb✓ apple✓ emsisoft✓ urlquery✓ urlscan✓ phishreport✓ urlabuse✓ phishtank✓ spamhaus✓ mcafee✓ google✓ threatyeti✓ fortiguard

Registered-domain escalation

Submit in.net as the primary IOC, enriched with evidence from hostile subdomains like akram.in.net.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

igetused.to

Unknown

technology | ecommerce | finance | other · 6/3/2026

Summary

The final URL redirects to igetused.to from an initial domain akram.in.net. The page HTML is empty (no forms, no scripts), and the screenshot implies potential branding impersonation, but there is insufficient concrete evidence in the static content to confirm a credential-phishing flow. SSL cert is valid and shows a Google Trust Services issuer for the domain, but the final URL is distinct from the initial sender. The observed network activity includes a redirect chain and an API call to ipify.org, with no login forms detected in the static HTML. Visual impersonation indicators cannot be conclusively determined from the provided HTML alone; the screenshot may imply branding replication, which warrants cautious attention, but the current data does not prove credential harvesting on the scanned page itself.

Evidence Summary

▸Observed 1 capture stage(s); canonical stage is settled_render.

Capture

Stages: 1

Canonical: Settled Render

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 3

Hosts: 3

Domains: 3

Attack Techniques (2)

Redirect chain from akram.in.net to igetused.toUse of a different final URL from the initial host (potential brand impersonation signal in visuals)

Indicators of Compromise (0)

No specific IOCs identified in source

Risk AssessmentUsed in abuse reports

The scan data indicates a domain redirect chain and potential visual impersonation signals in the screenshot, but there is no concrete evidence of credential collection or phishing form submission on the final page as served. The HTML is empty of forms and the static analysis shows only 3 resources loaded with a redirect to a different brand domain, suggesting possible branding or hosting for a redirect/landing page rather than direct credential harvesting. Given the presence of a redirect chain and the final site being a distinct brand, this warrants monitoring and further verification rather than immediate takedown, unless additional signals (e.g., phishing UI or credential capture) are discovered. Recommend monitoring and further verification with additional dynamic analysis to confirm the intent.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence