mllsmail.lysafemai.com Open in urlscan Pro
45.133.200.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://winpstream.firebaseapp.com/
Effective URL:
https://mllsmail.lysafemai.com/
Submission: On July 30 via manual (July 30th 2020, 8:54:08 pm UTC) from US

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 45.133.200.3, located in Netherlands and belongs to INTERNET-IT, NL. The main domain is mllsmail.lysafemai.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 29th 2020. Valid for: 3 months.

This is the only time mllsmail.lysafemai.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	151.101.65.195 151.101.65.195	54113 (FASTLY) (FASTLY)
1	45.133.200.3 45.133.200.3	200313 (INTERNET-IT) (INTERNET-IT)
8	64.8.70.75 64.8.70.75	36271 (SYNACOR-C...) (SYNACOR-CLUSTER)
1	2600:9000:214... 2600:9000:214f:c200:12:2f25:e340:21	16509 (AMAZON-02) (AMAZON-02)
1 2	15.236.175.233 15.236.175.233	16509 (AMAZON-02) (AMAZON-02)
12	5

1 151.101.65.195 (United States)

ASN54113 (FASTLY, US)

winpstream.firebaseapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.133.200.3 (Netherlands)

ASN200313 (INTERNET-IT, NL)
PTR: cpanel-host.prohoster.info

mllsmail.lysafemai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 64.8.70.75 (United States)

ASN36271 (SYNACOR-CLUSTER, US)
PTR: auth-gateway.net

windstream.auth-gateway.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:c200:12:2f25:e340:21 (United States)

ASN16509 (AMAZON-02, US)

da4pli3l5vc0d.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.175.233 (Paris, France) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

synacor.112.2o7.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	auth-gateway.net windstream.auth-gateway.net	87 KB
2	2o7.net 1 redirects synacor.112.2o7.net	1 KB
1	cloudfront.net da4pli3l5vc0d.cloudfront.net	9 KB
1	lysafemai.com mllsmail.lysafemai.com	3 KB
1	firebaseapp.com winpstream.firebaseapp.com	564 B
12	5

	Domain	Requested by
8	windstream.auth-gateway.net	mllsmail.lysafemai.com
2	synacor.112.2o7.net	1 redirects mllsmail.lysafemai.com
1	da4pli3l5vc0d.cloudfront.net	mllsmail.lysafemai.com
1	mllsmail.lysafemai.com
1	winpstream.firebaseapp.com
12	5

This site contains links to these domains. Also see Links.

Domain
sam.windstream.com

Subject Issuer	Validity	Valid
firebaseapp.com GTS CA 1O1	`2019-10-28` - `2020-10-26`	a year	crt.sh
www.mllsmail.lysafemai.com Let's Encrypt Authority X3	`2020-07-29` - `2020-10-27`	3 months	crt.sh
*.auth-gateway.net DigiCert SHA2 High Assurance Server CA	`2019-09-26` - `2021-10-12`	2 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.112.2o7.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2021-04-27`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://mllsmail.lysafemai.com/
Frame ID: 7B22760AA601B492B38F4ABF38DFF8E9
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://winpstream.firebaseapp.com/ Page URL
https://mllsmail.lysafemai.com/ Page URL

Page Statistics

12
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

100 kB
Transfer

327 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://sam.windstream.com/selfcare/selfcare/SelfCareMain.jsp
Title: Trouble Logging In?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://winpstream.firebaseapp.com/ Page URL
https://mllsmail.lysafemai.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&pccr=true&vidn=2F9199B18515AE8C-40000945EB254CB4&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
winpstream.firebaseapp.com/ 322 B
564 B 466ms
333ms Document
text/html 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://winpstream.firebaseapp.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4e80d264bcfa749909e526db5f51684d71e2ef0ffdb4a2622d35b24f4818241b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: winpstream.firebaseapp.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
etag: "9b3793ce134f88e4f2ad67c9a70b7b49778090d38f1237f9aa6e1a9b118a299c"
last-modified: Wed, 29 Jul 2020 16:26:00 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Thu, 30 Jul 2020 20:53:53 GMT
x-served-by: cache-hhn4034-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1596142433.990598,VS0,VE284
vary: x-fh-requested-host, accept-encoding
content-length: 257

GET
H2 200 Primary Request / Show response
mllsmail.lysafemai.com/ 8 KB
3 KB 301ms
134ms Document
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

https://mllsmail.lysafemai.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.133.200.3 , Netherlands, ASN200313 (INTERNET-IT, NL),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx / PHP/5.6.40

Resource Hash

55ee90386d838d3d333e5066de93ac075190a85cd33d5d60490b8236d416dc3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: mllsmail.lysafemai.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://winpstream.firebaseapp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://winpstream.firebaseapp.com/

Response headers

status: 200
server: nginx
date: Thu, 30 Jul 2020 20:53:54 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=02udfoc7i87ia8mtmmj8bq2n42; path=/
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache-status: MISS
x-server-powered-by: Engintron
content-encoding: gzip

GET
H/1.1 200
OK modernizr.js Show response
windstream.auth-gateway.net/js/ 12 KB
6 KB 704ms
166ms Script
text/javascript 64.8.70.75
SYNACOR-CLUSTER

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/js/modernizr.js
Requested by: Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: fd413a60f3084fd9f633f1fcdf7ba4cb0a53f5eadc42ec0272d9a0fb9c439a50

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Apr 2020 18:51:11 GMT
Server: nginx
Age: 190
ETag: "3048-5a36cea9545c0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 256250204 251212128
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 5261

GET
H/1.1 200
OK jquery-1.11.1.min.js Show response
windstream.auth-gateway.net/js/ 94 KB
33 KB 844ms
305ms Script
text/javascript 64.8.70.75
SYNACOR-CLUSTER

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/js/jquery-1.11.1.min.js
Requested by: Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Apr 2020 18:51:11 GMT
Server: nginx
Age: 23
ETag: "1762a-5a36cea9545c0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 254489145 256151695
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 33225

GET
H/1.1 200
OK bootstrap.min.css
windstream.auth-gateway.net/bootstrap/3.3.5/css/ 120 KB
20 KB 825ms
296ms Stylesheet
text/css 64.8.70.75
SYNACOR-CLUSTER

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/bootstrap/3.3.5/css/bootstrap.min.css
Requested by: Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: 31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Apr 2020 18:51:10 GMT
Server: nginx
Age: 205
ETag: "1deac-5a36cea860380"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 679043916 676222752
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 19883

GET
H/1.1 200
OK bootstrap.min.js Show response
windstream.auth-gateway.net/bootstrap/3.3.5/js/ 36 KB
10 KB 706ms
167ms Script
text/javascript 64.8.70.75
SYNACOR-CLUSTER

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/bootstrap/3.3.5/js/bootstrap.min.js
Requested by: Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: 4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Apr 2020 18:51:10 GMT
Server: nginx
Age: 361
ETag: "8fd0-5a36cea860380"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 254206668 255112589
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 9745

GET
H/1.1 200
OK base.css
windstream.auth-gateway.net/css/default/ 15 KB
4 KB 691ms
163ms Stylesheet
text/css 64.8.70.75
SYNACOR-CLUSTER

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/css/default/base.css
Requested by: Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: 2f7eab63258fcd0d4fb4dac9c5f5a878ee5d5d877066b7de572a074cdd0c80a7

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Apr 2020 18:51:10 GMT
Server: nginx
Age: 554
ETag: "3d58-5a36cea860380"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 645339044 640712543
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3297

GET
H/1.1 200
OK base.js Show response
windstream.auth-gateway.net/js/default/ 3 KB
2 KB 857ms
165ms Script
text/javascript 64.8.70.75
SYNACOR-CLUSTER

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/js/default/base.js
Requested by: Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: cb7f7021668cfddfc0bbd9df21f751bc62c0b36436c5617c5d02b7008c80caa4

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Apr 2020 18:51:11 GMT
Server: nginx
Age: 108
ETag: "be4-5a36cea9545c0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 637168184 639523325
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 1166

GET
H/1.1 200
OK federated_login.css
windstream.auth-gateway.net/css/client/69248/ 429 B
652 B 702ms
166ms Stylesheet
text/css 64.8.70.75
SYNACOR-CLUSTER

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/css/client/69248/federated_login.css
Requested by: Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: c88ed6737ceaa447d0836432947fb7201e386b4541b7e31ff039a91d0f6cface

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Apr 2020 18:51:10 GMT
Server: nginx
Age: 220
ETag: "1ad-5a36cea860380"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 383455514 382738519
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 209

GET
H2 200 103e18120cef932f2d236263c11f1ea0b1cec3ff
da4pli3l5vc0d.cloudfront.net/10/3e/ 9 KB
9 KB 61ms
17ms Image
image/png 2600:9000:214f:c200:12:2f25:e340:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da4pli3l5vc0d.cloudfront.net/10/3e/103e18120cef932f2d236263c11f1ea0b1cec3ff
Requested by: Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:c200:12:2f25:e340:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache /
Resource Hash: 6b15ca565feb1b03c28e0596d15ad8999f6da88a05d359f2327dfda7f7aa7857

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 04:44:53 GMT
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
age: 14400542
x-cache: Hit from cloudfront
p3p: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
status: 200
content-length: 8781
last-modified: Wed, 06 Nov 2019 12:39:06 GMT
server: Apache
etag: "224d-596acd5ad49d7"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=365000000, immutable
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: 8WjEMfPes3qAdCCnw8ONy2JOlt74cbN3KaPtlO7LEdmTkzG9HaAOsw==

GET
H/1.1 200
OK s_code.js Show response
windstream.auth-gateway.net/saml/resources/omniture/ 30 KB
12 KB 177ms
177ms Script
text/javascript 64.8.70.75
SYNACOR-CLUSTER

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/saml/resources/omniture/s_code.js
Requested by: Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Jul 2020 19:29:03 GMT
Server: nginx
Age: 238
ETag: "7723-5aa57b40a3dc0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 640837837 647302696
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 12208

GET
H2

200

s03425018394092
synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/
Redirect Chain

https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmai...
https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&pccr=true&vidn=2F9199B18515AE8C-40000945EB254CB4&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&p...

43 B
293 B

64ms
63ms

Image
image/gif

15.236.175.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&pccr=true&vidn=2F9199B18515AE8C-40000945EB254CB4&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Requested by

Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mllsmail.lysafemai.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 20:53:55 GMT
x-content-type-options: nosniff
x-c: master-1315.Ia06625.M0-426
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 31 Jul 2020 20:53:55 GMT
server: jag
xserver: anedge-7447d85976-zsvrw
etag: 3427689779126697984-4614263885906967133
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 29 Jul 2020 20:53:55 GMT

Redirect headers

date: Thu, 30 Jul 2020 20:53:55 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
x-c: master-1315.Ia06625.M0-426
p3p: CP="This is not a P3P policy"
status: 302
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 31 Jul 2020 20:53:55 GMT
server: jag
xserver: anedge-7447d85976-ldvv6
content-type: text/plain;charset=utf-8
location: https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&pccr=true&vidn=2F9199B18515AE8C-40000945EB254CB4&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 29 Jul 2020 20:53:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.lysafemai.com/	1969-12-31 23:59:59	Name: s_sq Value: %5B%5BB%5D%5D
			.lysafemai.com/	1969-12-31 23:59:59	Name: s_cc Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

da4pli3l5vc0d.cloudfront.net
mllsmail.lysafemai.com
synacor.112.2o7.net
windstream.auth-gateway.net
winpstream.firebaseapp.com
15.236.175.233
151.101.65.195
2600:9000:214f:c200:12:2f25:e340:21
45.133.200.3
64.8.70.75
2f7eab63258fcd0d4fb4dac9c5f5a878ee5d5d877066b7de572a074cdd0c80a7
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
4e80d264bcfa749909e526db5f51684d71e2ef0ffdb4a2622d35b24f4818241b
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
55ee90386d838d3d333e5066de93ac075190a85cd33d5d60490b8236d416dc3b
6b15ca565feb1b03c28e0596d15ad8999f6da88a05d359f2327dfda7f7aa7857
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
c88ed6737ceaa447d0836432947fb7201e386b4541b7e31ff039a91d0f6cface
cb7f7021668cfddfc0bbd9df21f751bc62c0b36436c5617c5d02b7008c80caa4
f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd
fd413a60f3084fd9f633f1fcdf7ba4cb0a53f5eadc42ec0272d9a0fb9c439a50

mllsmail.lysafemai.com Open in urlscan Pro 45.133.200.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

12 Requests

100 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

100 kBTransfer

327 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

31 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

mllsmail.lysafemai.com Open in urlscan Pro
45.133.200.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

100 kB
Transfer

327 kB
Size

2
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!