Domain > app.eco-rng.us

More information on this domain is in AlienVault OTX

DNS Resolutions

Date	IP Address
2025-07-20	3.167.183.17 (ClassC)
2026-01-29	3.169.173.58 (ClassC)

HTTP/1.1 200 OKContent-Type: text/htmlContent-Length: 7726Connection: keep-aliveDate: Thu, 29 Jan 2026 02:47:34 GMTLast-Modified: Tue, 12 Aug 2025 02:13:28 GMTETag: 230ef80a2851199fe88762855738d7e0x-amz-server-side-encryption: AES256Cache-Control: no-cache, no-store, must-revalidateAccept-Ranges: bytesServer: AmazonS3X-Cache: Miss from cloudfrontVia: 1.1 11017c4db22106ac70e16ce75190a430.cloudfront.net (CloudFront)X-Amz-Cf-Pop: HIO52-P4X-Amz-Cf-Id: Bg8o4TlStslIXdnT_bSguZD-fNeekUoEoTFWxvAgwEPDWTNDAeRDMQ

!DOCTYPE html>html langen>head>    meta charsetUTF-8>    meta nameviewport contentwidthdevice-width, initial-scale1.0>    title>Navigator Preview Redirect/title>    style>        body {            font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, sans-serif;            max-width: 600px;            margin: 50px auto;            padding: 20px;            line-height: 1.6;        }        .container {            background: #f8f9fa;            border-radius: 8px;            padding: 30px;            border: 1px solid #e9ecef;        }        .form-group {            margin-bottom: 20px;        }        label {            display: block;            margin-bottom: 5px;            font-weight: 500;        }        inputtypenumber {            width: 100%;            padding: 10px;            border: 1px solid #ddd;            border-radius: 4px;            font-size: 16px;        }        button {            background: #007bff;            color: white;            border: none;            padding: 12px 24px;            border-radius: 4px;            cursor: pointer;            font-size: 16px;        }        button:hover {            background: #0056b3;        }        .info {            background: #e7f3ff;            border: 1px solid #b3d9ff;            border-radius: 4px;            padding: 15px;            margin-bottom: 20px;        }        .error {            background: #f8d7da;            border: 1px solid #f5c6cb;            border-radius: 4px;            padding: 15px;            margin-bottom: 20px;            color: #721c24;        }    /style>/head>body>    div classcontainer>        h1>Navigator Preview Redirect/h1>                div classinfo>            p>strong>How to use:/strong>/p>            ul>                li>Enter a PR number to redirect to that specific preview/li>                li>Or use the URL format: code>https://preview.eco-rng.us?pr62/code>/li>            /ul>        /div>        form idredirectForm>            div classform-group>                label forprNumber>PR Number:/label>                input typenumber idprNumber namepr placeholdere.g., 62 required>            /div>            button typesubmit>Go to Preview/button>        /form>        div iderror classerror styledisplay: none;>/div>    /div>    script>        // Check for PR parameter in URL        const urlParams  new URLSearchParams(window.location.search);        const prParam  urlParams.get(pr);                if (prParam) {            // Redirect immediately if PR parameter is present            const targetUrl  `https://pr-${prParam}.eco-rng.us${window.location.pathname}${window.location.search.replace(?pr + prParam, )}`;            window.location.href  targetUrl;        }        // Auto-detect PR from Microsoft Entra ID redirect         // Microsoft auth redirects to /login with state/code parameters        const currentPath  window.location.pathname;        const hashParams  new URLSearchParams(window.location.hash.slice(1));        const stateParam  urlParams.get(state) || hashParams.get(state);        const codeParam  urlParams.get(code) || hashParams.get(code);                if (currentPath  /login && (stateParam || codeParam)) {            // This is likely a Microsoft Entra ID redirect            console.log(Microsoft auth redirect detected);                        // First, try to get the original PR from sessionStorage or localStorage (set by the PR site)            const originalPR  sessionStorage.getItem(originalPR) || localStorage.getItem(preview_pr);                        if (originalPR) {                console.log(`Found original PR ${originalPR} in sessionStorage, redirecting...`);                // Redirect back to the original PR with the full auth response                const targetUrl  `https://pr-${originalPR}.eco-rng.us/login${window.location.search}${window.location.hash}`;                window.location.href  targetUrl;                return;            }                        // Fallback: try to extract PR from the referrer URL            const referrer  document.referrer;            console.log(Referrer:, referrer);                        if (referrer) {                // Check if referrer is from a PR site                const prMatch  referrer.match(/pr-(\d+)\.eco-rng\.us/);                if (prMatch) {                    const prNumber  prMatch1;                    console.log(`Extracted PR ${prNumber} from referrer, redirecting...`);                    // Redirect back with full auth response                    const targetUrl  `https://pr-${prNumber}.eco-rng.us/login${window.location.search}${window.location.hash}`;                    window.location.href  targetUrl;                    return;                }                                // Check if we came from Microsoft login                if (referrer.includes(login.microsoftonline.com)) {                    // Show a message asking for PR number                    document.querySelector(.info).innerHTML  `                        p>strong>Microsoft Authentication Completed:/strong>/p>                        ul>                            li>Authentication was successful/li>                            li>Please enter the PR number for the preview you were trying to access/li>                            li>You will be redirected with your authentication/li>                        /ul>                    `;                                        // Pre-populate with a recent PR if available                    const recentPR  localStorage.getItem(lastUsedPR);                    if (recentPR) {                        document.getElementById(prNumber).value  recentPR;                    }                }            }        }        // Handle form submission        document.getElementById(redirectForm).addEventListener(submit, function(e) {            e.preventDefault();                        const prNumber  document.getElementById(prNumber).value;            const errorDiv  document.getElementById(error);                        if (!prNumber || prNumber  1) {                errorDiv.textContent  Please enter a valid PR number.;                errorDiv.style.display  block;                return;            }                        // Store the PR number for future reference            localStorage.setItem(lastUsedPR, prNumber);                        // Check if we have auth code/state to pass along            const hasAuthCode  stateParam || codeParam;            let targetUrl;                        if (hasAuthCode) {                // Include auth parameters when redirecting                targetUrl  `https://pr-${prNumber}.eco-rng.us/login${window.location.search}${window.location.hash}`;                console.log(`Redirecting to PR ${prNumber} with auth code`);            } else {                // Regular redirect without auth                targetUrl  `https://pr-${prNumber}.eco-rng.us${window.location.pathname}`;                console.log(`Redirecting to PR ${prNumber}`);            }                        window.location.href  targetUrl;        });        // Clear error when user starts typing        document.getElementById(prNumber).addEventListener(input, function() {            document.getElementById(error).style.display  none;        });    /script>/body>/html>

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > app.eco-rng.us

Is this malicious?

DNS Resolutions

Port 80

Port 443