edm.focussend.com Open in urlscan Pro
47.111.18.198 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://image.idosend.com/t/zz?t=F1D91A5A-174C-4626-AFA8-2ACE6183F3FB&STARID=4354930-91024
Effective URL:
https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024
Submission: On January 10 via api (January 10th 2022, 3:55:03 am UTC) from SG — Scanned from DE

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 47.111.18.198, located in Hangzhou, China and belongs to CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is edm.focussend.com.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on February 4th 2021. Valid for: a year.

This is the only time edm.focussend.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 3	183.129.245.12 183.129.245.12	58461 (CT-HANGZH...) (CT-HANGZHOU-IDC No.288)
1	47.111.18.198 47.111.18.198	37963 (CNNIC-ALI...) (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.)
2	2

3 183.129.245.12 (China) 2 redirects

ASN58461 (CT-HANGZHOU-IDC No.288,Fu-chun Road, CN)

image.idosend.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.focussend.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.111.18.198 (Hangzhou, China)

ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN)

edm.focussend.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	focussend.com edm.focussend.com app.focussend.com	146 KB
2	idosend.com 2 redirects image.idosend.com	860 B
2	2

	Domain	Requested by
2	image.idosend.com	2 redirects
1	app.focussend.com	edm.focussend.com
1	edm.focussend.com
2	3

This site contains no links.

Subject Issuer	Validity	Valid
*.focussend.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-02-04` - `2022-02-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024
Frame ID: 795902AA3CDD1DA43EC0433B426CCE8A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Complaint

Page URL History Show full URLs

http://image.idosend.com/t/zz?t=F1D91A5A-174C-4626-AFA8-2ACE6183F3FB&STARID=4354930-91024 HTTP 302
http://image.idosend.com/t/ClickByGuid.ashx?t=F1D91A5A-174C-4626-AFA8-2ACE6183F3FB&STARID=4354930-91024 HTTP 302
https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024 Page URL

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

\.aspx?(?:$|\?)
<input[^>]+name="__VIEWSTATE

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

146 kB
Transfer

156 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://image.idosend.com/t/zz?t=F1D91A5A-174C-4626-AFA8-2ACE6183F3FB&STARID=4354930-91024 HTTP 302
http://image.idosend.com/t/ClickByGuid.ashx?t=F1D91A5A-174C-4626-AFA8-2ACE6183F3FB&STARID=4354930-91024 HTTP 302
https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request Complaint.aspx Show response edm.focussend.com/enfocussend/ Redirect Chain http://image.idosend.com/t/zz?t=F1D91A5A-174C-4626-AFA8-2ACE6183F3FB&STARID=4354930-91024 http://image.idosend.com/t/ClickByGuid.ashx?t=F1D91A5A-174C-4626-AFA8-2ACE6183F3FB&STARID=4354930-91024 https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024	3 KB 2 KB	650ms 211ms	Document text/html	47.111.18.198 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Full URL https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 47.111.18.198 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `8de9ce0c3e0c498793c6609be884b1a246ceffe28e0f7846e5bec9d44c18af0a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers cache-control private content-type text/html; charset=utf-8 content-encoding gzip vary Accept-Encoding server Microsoft-IIS/10.0 x-aspnet-version 2.0.50727 x-powered-by ASP.NET date Mon, 10 Jan 2022 03:54:58 GMT content-length 1379 Redirect headers Server nginx/1.20.1 Date Mon, 10 Jan 2022 03:54:58 GMT Content-Type text/html; charset=utf-8 Content-Length 185 Connection keep-alive Cache-Control private Location https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024 X-AspNet-Version 2.0.50727 X-Powered-By ASP.NET
GET H/1.1	200 OK	bgcontent2.jpg app.focussend.com/enfocussend/images/	153 KB 145 KB	988ms 500ms	Image image/jpeg	183.129.245.12 CT-HANGZHOU-IDC N...
General Check archive.org Show headers Download Go to Show image Full URL https://app.focussend.com/enfocussend/images/bgcontent2.jpg Requested by Host: edm.focussend.com URL: https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 183.129.245.12 , China, ASN58461 (CT-HANGZHOU-IDC No.288,Fu-chun Road, CN), Reverse DNS Software nginx/1.20.1 / ASP.NET Resource Hash `efbf6d97d7541ff44d184cd9f7bfa9df05360d42c63f52010c25170a54e33c7e` Request headers Accept-Language de-DE,de;q=0.9 Referer https://edm.focussend.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Mon, 10 Jan 2022 03:55:00 GMT Content-Encoding gzip ETag W/"0da1ab81ddd11:0" Last-Modified Thu, 14 Jul 2016 03:41:56 GMT Server nginx/1.20.1 X-Powered-By ASP.NET Vary Accept-Encoding Access-Control-Allow-Methods GET, POST,OPTIONS,PUT Content-Type image/jpeg Access-Control-Allow-Origin * Transfer-Encoding chunked Connection keep-alive Access-Control-Allow-Headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onsecuritypolicyviolation object| onslotchange

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			edm.focussend.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: fvcihqudylw24pq0t2e3scey

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024 Message: Mixed Content: The page at 'https://edm.focussend.com/enfocussend/Complaint.aspx?s=4354930-91024' was loaded over HTTPS, but requested an insecure element 'http://app.focussend.com/enfocussend/images/bgcontent2.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.focussend.com
edm.focussend.com
image.idosend.com
183.129.245.12
47.111.18.198
8de9ce0c3e0c498793c6609be884b1a246ceffe28e0f7846e5bec9d44c18af0a
efbf6d97d7541ff44d184cd9f7bfa9df05360d42c63f52010c25170a54e33c7e

edm.focussend.com Open in urlscan Pro 47.111.18.198 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

2 IPs

1 Countries

146 kBTransfer

156 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

edm.focussend.com Open in urlscan Pro
47.111.18.198 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

146 kB
Transfer

156 kB
Size

1
Cookies

2 HTTP transactions
0 data transactions