contentsharing.net
Open in
urlscan Pro
209.18.65.220
Public Scan
Effective URL: https://contentsharing.net/actions/email_web_version.cfm?ep=EjP0w6uAlFFRz4HAzsQ5Z18SfLERELDd7GZG7pzBtEo85i8k_8C4hxCQROTZ1iM...
Submission Tags: phishing malicious Search All
Submission: On September 29 via api from US
Summary
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on June 8th 2020. Valid for: 2 years.
This is the only time contentsharing.net was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 209.18.65.223 209.18.65.223 | 14492 (DATAPIPE) (DATAPIPE) | |
1 | 209.18.65.220 209.18.65.220 | 14492 (DATAPIPE) (DATAPIPE) | |
6 | 2600:9000:21f... 2600:9000:21f3:e00:e:f35:f040:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 209.18.75.130 209.18.75.130 | 14492 (DATAPIPE) (DATAPIPE) | |
8 | 3 |
ASN16509 (AMAZON-02, US)
maassets.higherlogic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
higherlogic.com
maassets.higherlogic.com |
122 KB |
1 |
magnetmail.net
images.magnetmail.net |
427 B |
1 |
contentsharing.net
contentsharing.net |
29 KB |
1 |
magnetmail1.net
1 redirects
www.magnetmail1.net |
1 KB |
1 |
pharmavoice.com
1 redirects
send.pharmavoice.com |
986 B |
8 | 5 |
Domain | Requested by | |
---|---|---|
6 | maassets.higherlogic.com |
contentsharing.net
|
1 | images.magnetmail.net |
contentsharing.net
|
1 | contentsharing.net | |
1 | www.magnetmail1.net | 1 redirects |
1 | send.pharmavoice.com | 1 redirects |
8 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
send.pharmavoice.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
contentsharing.net AlphaSSL CA - SHA256 - G2 |
2020-06-08 - 2022-06-09 |
2 years | crt.sh |
*.higherlogic.com AlphaSSL CA - SHA256 - G2 |
2020-06-17 - 2022-06-18 |
2 years | crt.sh |
*.magnetmail.net GeoTrust RSA CA 2018 |
2018-01-12 - 2021-03-12 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://contentsharing.net/actions/email_web_version.cfm?ep=EjP0w6uAlFFRz4HAzsQ5Z18SfLERELDd7GZG7pzBtEo85i8k_8C4hxCQROTZ1iMnCUsGdNbIcUB7hVkEfcO67lPGR_jsb_tPNeNiAFMCw7iB1gB1UX1k5aG1r8pNPR2J
Frame ID: 37A80105EB8DD5544471742D179E27D7
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://send.pharmavoice.com/link.cfm?r=0AEMDXCsHmpgdT_7ovF6Bg~~&pe=qsGXLTxv2ERZfFyeBVDuK1dTzldlMkYJ_v_Cf...
HTTP 302
http://www.magnetmail1.net/createcookieJovel.cfm?mm_messageid=19302786&mm_userid=PharmaV_9&mm_recipient... HTTP 302
https://contentsharing.net/actions/email_web_version.cfm?ep=EjP0w6uAlFFRz4HAzsQ5Z18SfLERELDd7GZG7pzBtEo... Page URL
Detected technologies
CFML (Programming Languages) ExpandDetected patterns
- url /\.cfm(?:$|\?)/i
Adobe ColdFusion (Web Frameworks) Expand
Detected patterns
- url /\.cfm(?:$|\?)/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: https://www.facebook.com/girltraveltours
Search URL Search Domain Scan URL
Title: https://www.girltraveltours.com/virtual-tours
Search URL Search Domain Scan URL
Title: unsubscribe here
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://send.pharmavoice.com/link.cfm?r=0AEMDXCsHmpgdT_7ovF6Bg~~&pe=qsGXLTxv2ERZfFyeBVDuK1dTzldlMkYJ_v_CftMJEpzTtoXRJ7EccA8OBsUpV-Ifl23oLVyNvzj8JbXE4Fubfg~~&t=VD0FzQaLmzifTcD-wW1aZQ~~
HTTP 302
http://www.magnetmail1.net/createcookieJovel.cfm?mm_messageid=19302786&mm_userid=PharmaV_9&mm_recipientid=4696329900&mm_traceurlid=159720458&mm_link=https://contentsharing.net/actions/email_web_version.cfm?ep=EjP0w6uAlFFRz4HAzsQ5Z18SfLERELDd7GZG7pzBtEo85i8k_8C4hxCQROTZ1iMnCUsGdNbIcUB7hVkEfcO67lPGR_jsb_tPNeNiAFMCw7iB1gB1UX1k5aG1r8pNPR2J HTTP 302
https://contentsharing.net/actions/email_web_version.cfm?ep=EjP0w6uAlFFRz4HAzsQ5Z18SfLERELDd7GZG7pzBtEo85i8k_8C4hxCQROTZ1iMnCUsGdNbIcUB7hVkEfcO67lPGR_jsb_tPNeNiAFMCw7iB1gB1UX1k5aG1r8pNPR2J Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
email_web_version.cfm
contentsharing.net/actions/ Redirect Chain
|
28 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
travel-only_1693416.jpg
maassets.higherlogic.com/image/PharmaV_9/ |
6 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
futuretours_600w_1693476.jpg
maassets.higherlogic.com/image/PharmaV_9/ |
105 KB 105 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
travel--logo-small_1693481.jpg
maassets.higherlogic.com/image/PharmaV_9/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FB_1693492.jpg
maassets.higherlogic.com/image/PharmaV_9/ |
858 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IG_1693496.jpg
maassets.higherlogic.com/image/PharmaV_9/ |
892 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
YT_1693498.jpg
maassets.higherlogic.com/image/PharmaV_9/ |
770 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IssueAlert_arrow.gif
images.magnetmail.net/images/clients/PharmaV/IssueAlert/ |
64 B 427 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
contentsharing.net/ | Name: JSESSIONID Value: 9864B19483474D5A7456334632144B56.cfusion |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=86400 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
contentsharing.net
images.magnetmail.net
maassets.higherlogic.com
send.pharmavoice.com
www.magnetmail1.net
209.18.65.220
209.18.65.223
209.18.75.130
2600:9000:21f3:e00:e:f35:f040:93a1
18d73838287090716af081642088b3c35a78d7400d85764b2340cc8d9af40034
266210e005be36a99ab65138a12dbc7e5001d79a7d192376d566c05a0546a4bb
2b3f4e08e546699cb043d197df53af5600b1cba59360258af1eb1b164f4fea96
3014680dbca4104dc6cc5ef5609de7a87a60a332c4381246d28ede398b58b2d3
32b255e49c5bc8a8092c016716118a443756d73bfd6ace1e3cad5d5a39a3916b
7092707d29da91a9ddace246515747abc80ad7d3250284d7b22615ca9469fb41
9e990cd276026d3896faab80355b6c37f318cb02f48a88e4e9d1887c096e0c32
c85a7c1dce6822197c9c528f4849022092b5577717d750aa16eac9bae63d418f