mllsmail.lysafemai.com Open in urlscan Pro
45.133.200.3  Malicious Activity! Public Scan

Submitted URL: https://winpstream.firebaseapp.com/
Effective URL: https://mllsmail.lysafemai.com/
Submission: On July 30 via manual from US

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 45.133.200.3, located in Netherlands and belongs to INTERNET-IT, NL. The main domain is mllsmail.lysafemai.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 29th 2020. Valid for: 3 months.
This is the only time mllsmail.lysafemai.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

IP Address AS Autonomous System
1 151.101.65.195 54113 (FASTLY)
1 45.133.200.3 200313 (INTERNET-IT)
8 64.8.70.75 36271 (SYNACOR-C...)
1 2600:9000:214... 16509 (AMAZON-02)
1 2 15.236.175.233 16509 (AMAZON-02)
12 5
Domain Requested by
8 windstream.auth-gateway.net mllsmail.lysafemai.com
2 synacor.112.2o7.net 1 redirects mllsmail.lysafemai.com
1 da4pli3l5vc0d.cloudfront.net mllsmail.lysafemai.com
1 mllsmail.lysafemai.com
1 winpstream.firebaseapp.com
12 5

This site contains links to these domains. Also see Links.

Domain
sam.windstream.com
Subject Issuer Validity Valid
firebaseapp.com
GTS CA 1O1
2019-10-28 -
2020-10-26
a year crt.sh
www.mllsmail.lysafemai.com
Let's Encrypt Authority X3
2020-07-29 -
2020-10-27
3 months crt.sh
*.auth-gateway.net
DigiCert SHA2 High Assurance Server CA
2019-09-26 -
2021-10-12
2 years crt.sh
*.cloudfront.net
DigiCert Global CA G2
2020-05-26 -
2021-04-21
a year crt.sh
*.112.2o7.net
DigiCert SHA2 High Assurance Server CA
2019-04-23 -
2021-04-27
2 years crt.sh

This page contains 1 frames:

Primary Page: https://mllsmail.lysafemai.com/
Frame ID: 7B22760AA601B492B38F4ABF38DFF8E9
Requests: 12 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://winpstream.firebaseapp.com/ Page URL
  2. https://mllsmail.lysafemai.com/ Page URL

Page Statistics

12
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

100 kB
Transfer

327 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://winpstream.firebaseapp.com/ Page URL
  2. https://mllsmail.lysafemai.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
  • https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&pccr=true&vidn=2F9199B18515AE8C-40000945EB254CB4&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
winpstream.firebaseapp.com/
322 B
564 B
Document
General
Full URL
https://winpstream.firebaseapp.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4e80d264bcfa749909e526db5f51684d71e2ef0ffdb4a2622d35b24f4818241b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
winpstream.firebaseapp.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
cache-control
max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
etag
"9b3793ce134f88e4f2ad67c9a70b7b49778090d38f1237f9aa6e1a9b118a299c"
last-modified
Wed, 29 Jul 2020 16:26:00 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
accept-ranges
bytes
date
Thu, 30 Jul 2020 20:53:53 GMT
x-served-by
cache-hhn4034-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1596142433.990598,VS0,VE284
vary
x-fh-requested-host, accept-encoding
content-length
257
Primary Request /
mllsmail.lysafemai.com/
8 KB
3 KB
Document
General
Full URL
https://mllsmail.lysafemai.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.133.200.3 , Netherlands, ASN200313 (INTERNET-IT, NL),
Reverse DNS
cpanel-host.prohoster.info
Software
nginx / PHP/5.6.40
Resource Hash
55ee90386d838d3d333e5066de93ac075190a85cd33d5d60490b8236d416dc3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
mllsmail.lysafemai.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://winpstream.firebaseapp.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://winpstream.firebaseapp.com/

Response headers

status
200
server
nginx
date
Thu, 30 Jul 2020 20:53:54 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/5.6.40
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=02udfoc7i87ia8mtmmj8bq2n42; path=/
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-nginx-cache-status
MISS
x-server-powered-by
Engintron
content-encoding
gzip
modernizr.js
windstream.auth-gateway.net/js/
12 KB
6 KB
Script
General
Full URL
https://windstream.auth-gateway.net/js/modernizr.js
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth-gateway.net
Software
nginx /
Resource Hash
fd413a60f3084fd9f633f1fcdf7ba4cb0a53f5eadc42ec0272d9a0fb9c439a50

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Apr 2020 18:51:11 GMT
Server
nginx
Age
190
ETag
"3048-5a36cea9545c0"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
256250204 251212128
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
5261
jquery-1.11.1.min.js
windstream.auth-gateway.net/js/
94 KB
33 KB
Script
General
Full URL
https://windstream.auth-gateway.net/js/jquery-1.11.1.min.js
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth-gateway.net
Software
nginx /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Apr 2020 18:51:11 GMT
Server
nginx
Age
23
ETag
"1762a-5a36cea9545c0"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
254489145 256151695
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
33225
bootstrap.min.css
windstream.auth-gateway.net/bootstrap/3.3.5/css/
120 KB
20 KB
Stylesheet
General
Full URL
https://windstream.auth-gateway.net/bootstrap/3.3.5/css/bootstrap.min.css
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth-gateway.net
Software
nginx /
Resource Hash
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Apr 2020 18:51:10 GMT
Server
nginx
Age
205
ETag
"1deac-5a36cea860380"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
679043916 676222752
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
19883
bootstrap.min.js
windstream.auth-gateway.net/bootstrap/3.3.5/js/
36 KB
10 KB
Script
General
Full URL
https://windstream.auth-gateway.net/bootstrap/3.3.5/js/bootstrap.min.js
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth-gateway.net
Software
nginx /
Resource Hash
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Apr 2020 18:51:10 GMT
Server
nginx
Age
361
ETag
"8fd0-5a36cea860380"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
254206668 255112589
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
9745
base.css
windstream.auth-gateway.net/css/default/
15 KB
4 KB
Stylesheet
General
Full URL
https://windstream.auth-gateway.net/css/default/base.css
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth-gateway.net
Software
nginx /
Resource Hash
2f7eab63258fcd0d4fb4dac9c5f5a878ee5d5d877066b7de572a074cdd0c80a7

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Apr 2020 18:51:10 GMT
Server
nginx
Age
554
ETag
"3d58-5a36cea860380"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
645339044 640712543
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
3297
base.js
windstream.auth-gateway.net/js/default/
3 KB
2 KB
Script
General
Full URL
https://windstream.auth-gateway.net/js/default/base.js
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth-gateway.net
Software
nginx /
Resource Hash
cb7f7021668cfddfc0bbd9df21f751bc62c0b36436c5617c5d02b7008c80caa4

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Apr 2020 18:51:11 GMT
Server
nginx
Age
108
ETag
"be4-5a36cea9545c0"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
637168184 639523325
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
1166
federated_login.css
windstream.auth-gateway.net/css/client/69248/
429 B
652 B
Stylesheet
General
Full URL
https://windstream.auth-gateway.net/css/client/69248/federated_login.css
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth-gateway.net
Software
nginx /
Resource Hash
c88ed6737ceaa447d0836432947fb7201e386b4541b7e31ff039a91d0f6cface

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Apr 2020 18:51:10 GMT
Server
nginx
Age
220
ETag
"1ad-5a36cea860380"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
383455514 382738519
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
209
103e18120cef932f2d236263c11f1ea0b1cec3ff
da4pli3l5vc0d.cloudfront.net/10/3e/
9 KB
9 KB
Image
General
Full URL
https://da4pli3l5vc0d.cloudfront.net/10/3e/103e18120cef932f2d236263c11f1ea0b1cec3ff
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:c200:12:2f25:e340:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
6b15ca565feb1b03c28e0596d15ad8999f6da88a05d359f2327dfda7f7aa7857

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 15 Feb 2020 04:44:53 GMT
via
1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
age
14400542
x-cache
Hit from cloudfront
p3p
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
status
200
content-length
8781
last-modified
Wed, 06 Nov 2019 12:39:06 GMT
server
Apache
etag
"224d-596acd5ad49d7"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=365000000, immutable
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
x-amz-cf-id
8WjEMfPes3qAdCCnw8ONy2JOlt74cbN3KaPtlO7LEdmTkzG9HaAOsw==
s_code.js
windstream.auth-gateway.net/saml/resources/omniture/
30 KB
12 KB
Script
General
Full URL
https://windstream.auth-gateway.net/saml/resources/omniture/s_code.js
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth-gateway.net
Software
nginx /
Resource Hash
f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 30 Jul 2020 20:53:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 Jul 2020 19:29:03 GMT
Server
nginx
Age
238
ETag
"7723-5aa57b40a3dc0"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
640837837 647302696
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
12208
s03425018394092
synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/
Redirect Chain
  • https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmai...
  • https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&pccr=true&vidn=2F9199B18515AE8C-40000945EB254CB4&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&p...
43 B
293 B
Image
General
Full URL
https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&pccr=true&vidn=2F9199B18515AE8C-40000945EB254CB4&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: mllsmail.lysafemai.com
URL: https://mllsmail.lysafemai.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mllsmail.lysafemai.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 30 Jul 2020 20:53:55 GMT
x-content-type-options
nosniff
x-c
master-1315.Ia06625.M0-426
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 31 Jul 2020 20:53:55 GMT
server
jag
xserver
anedge-7447d85976-zsvrw
etag
3427689779126697984-4614263885906967133
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Wed, 29 Jul 2020 20:53:55 GMT

Redirect headers

date
Thu, 30 Jul 2020 20:53:55 GMT
x-content-type-options
nosniff
access-control-allow-origin
*
x-c
master-1315.Ia06625.M0-426
p3p
CP="This is not a P3P policy"
status
302
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 31 Jul 2020 20:53:55 GMT
server
jag
xserver
anedge-7447d85976-ldvv6
content-type
text/plain;charset=utf-8
location
https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&pccr=true&vidn=2F9199B18515AE8C-40000945EB254CB4&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Wed, 29 Jul 2020 20:53:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| html5 object| Modernizr function| yepnope function| $ function| jQuery object| jQuery111106507436220308331 function| toggleShowPassword function| showElement function| hideElement function| mouseOverToPopupRememberMe function| escapeHTML function| parseUri function| makeAjaxCall string| s_account object| s string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| s_i_synacor

2 Cookies

Domain/Path Name / Value
.lysafemai.com/ Name: s_sq
Value: %5B%5BB%5D%5D
.lysafemai.com/ Name: s_cc
Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload