mllsmail.lysafemai.com
Open in
urlscan Pro
45.133.200.3
Malicious Activity!
Public Scan
Effective URL: https://mllsmail.lysafemai.com/
Submission: On July 30 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 29th 2020. Valid for: 3 months.
This is the only time mllsmail.lysafemai.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 151.101.65.195 151.101.65.195 | 54113 (FASTLY) (FASTLY) | |
1 | 45.133.200.3 45.133.200.3 | 200313 (INTERNET-IT) (INTERNET-IT) | |
8 | 64.8.70.75 64.8.70.75 | 36271 (SYNACOR-C...) (SYNACOR-CLUSTER) | |
1 | 2600:9000:214... 2600:9000:214f:c200:12:2f25:e340:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 15.236.175.233 15.236.175.233 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 5 |
ASN200313 (INTERNET-IT, NL)
PTR: cpanel-host.prohoster.info
mllsmail.lysafemai.com |
ASN36271 (SYNACOR-CLUSTER, US)
PTR: auth-gateway.net
windstream.auth-gateway.net |
ASN16509 (AMAZON-02, US)
da4pli3l5vc0d.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
synacor.112.2o7.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
auth-gateway.net
windstream.auth-gateway.net |
87 KB |
2 |
2o7.net
1 redirects
synacor.112.2o7.net |
1 KB |
1 |
cloudfront.net
da4pli3l5vc0d.cloudfront.net |
9 KB |
1 |
lysafemai.com
mllsmail.lysafemai.com |
3 KB |
1 |
firebaseapp.com
winpstream.firebaseapp.com |
564 B |
12 | 5 |
Domain | Requested by | |
---|---|---|
8 | windstream.auth-gateway.net |
mllsmail.lysafemai.com
|
2 | synacor.112.2o7.net |
1 redirects
mllsmail.lysafemai.com
|
1 | da4pli3l5vc0d.cloudfront.net |
mllsmail.lysafemai.com
|
1 | mllsmail.lysafemai.com | |
1 | winpstream.firebaseapp.com | |
12 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
sam.windstream.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
firebaseapp.com GTS CA 1O1 |
2019-10-28 - 2020-10-26 |
a year | crt.sh |
www.mllsmail.lysafemai.com Let's Encrypt Authority X3 |
2020-07-29 - 2020-10-27 |
3 months | crt.sh |
*.auth-gateway.net DigiCert SHA2 High Assurance Server CA |
2019-09-26 - 2021-10-12 |
2 years | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2020-05-26 - 2021-04-21 |
a year | crt.sh |
*.112.2o7.net DigiCert SHA2 High Assurance Server CA |
2019-04-23 - 2021-04-27 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://mllsmail.lysafemai.com/
Frame ID: 7B22760AA601B492B38F4ABF38DFF8E9
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://winpstream.firebaseapp.com/ Page URL
- https://mllsmail.lysafemai.com/ Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Trouble Logging In?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://winpstream.firebaseapp.com/ Page URL
- https://mllsmail.lysafemai.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s03425018394092?AQB=1&pccr=true&vidn=2F9199B18515AE8C-40000945EB254CB4&ndh=1&t=30%2F6%2F2020%2022%3A53%3A55%204%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fmllsmail.lysafemai.com%2F&r=https%3A%2F%2Fwinpstream.firebaseapp.com%2F&cc=USD&c1=Windstream&c6=Federated%20Login&c7=7ff5572da2eb095da1890d39c671acb6&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
winpstream.firebaseapp.com/ |
322 B 564 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
mllsmail.lysafemai.com/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr.js
windstream.auth-gateway.net/js/ |
12 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.1.min.js
windstream.auth-gateway.net/js/ |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
windstream.auth-gateway.net/bootstrap/3.3.5/css/ |
120 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
windstream.auth-gateway.net/bootstrap/3.3.5/js/ |
36 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base.css
windstream.auth-gateway.net/css/default/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base.js
windstream.auth-gateway.net/js/default/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
federated_login.css
windstream.auth-gateway.net/css/client/69248/ |
429 B 652 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
103e18120cef932f2d236263c11f1ea0b1cec3ff
da4pli3l5vc0d.cloudfront.net/10/3e/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_code.js
windstream.auth-gateway.net/saml/resources/omniture/ |
30 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s03425018394092
synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/ Redirect Chain
|
43 B 293 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| html5 object| Modernizr function| yepnope function| $ function| jQuery object| jQuery111106507436220308331 function| toggleShowPassword function| showElement function| hideElement function| mouseOverToPopupRememberMe function| escapeHTML function| parseUri function| makeAjaxCall string| s_account object| s string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| s_i_synacor2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.lysafemai.com/ | Name: s_sq Value: %5B%5BB%5D%5D |
|
.lysafemai.com/ | Name: s_cc Value: true |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
da4pli3l5vc0d.cloudfront.net
mllsmail.lysafemai.com
synacor.112.2o7.net
windstream.auth-gateway.net
winpstream.firebaseapp.com
15.236.175.233
151.101.65.195
2600:9000:214f:c200:12:2f25:e340:21
45.133.200.3
64.8.70.75
2f7eab63258fcd0d4fb4dac9c5f5a878ee5d5d877066b7de572a074cdd0c80a7
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
4e80d264bcfa749909e526db5f51684d71e2ef0ffdb4a2622d35b24f4818241b
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
55ee90386d838d3d333e5066de93ac075190a85cd33d5d60490b8236d416dc3b
6b15ca565feb1b03c28e0596d15ad8999f6da88a05d359f2327dfda7f7aa7857
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
c88ed6737ceaa447d0836432947fb7201e386b4541b7e31ff039a91d0f6cface
cb7f7021668cfddfc0bbd9df21f751bc62c0b36436c5617c5d02b7008c80caa4
f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd
fd413a60f3084fd9f633f1fcdf7ba4cb0a53f5eadc42ec0272d9a0fb9c439a50