![](/screenshots/45d90e7b-40e1-41e2-9daf-74cad71bbaec.png)
s3.amazonaws.com
Open in
urlscan Pro
52.216.62.56
Malicious Activity!
Public Scan
Effective URL: https://s3.amazonaws.com/appforest_uf/f1669843386161x170665582301068100/blue-index.html?websrc=e3mKfxPkPWCNG9UR1Z65LODBgM...
Submission: On December 23 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Amazon on April 1st 2022. Valid for: a year.
This is the only time s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 173.213.4.162 173.213.4.162 | 53316 (ASN-CHEET...) (ASN-CHEETA-MAIL) | |
1 3 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 52.216.62.56 52.216.62.56 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a02:26f0:350... 2a02:26f0:3500:594::356e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 74.208.255.201 74.208.255.201 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
26 | 9 |
ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
ASN20940 (AKAMAI-ASN1, NL)
c.s-microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 211 |
79 KB |
6 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 757 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2384 |
85 KB |
4 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381 |
123 KB |
4 |
s-microsoft.com
c.s-microsoft.com — Cisco Umbrella Rank: 10979 |
125 KB |
3 |
navalaifabricators.com
1 redirects
navalaifabricators.com |
13 KB |
2 |
amazonaws.com
s3.amazonaws.com |
39 KB |
2 |
hearstmags.com
2 redirects
l.e-mail.hearstmags.com |
1 KB |
1 |
ionos.com
mail.ionos.com — Cisco Umbrella Rank: 341986 Failed |
37 KB |
26 | 8 |
Domain | Requested by | |
---|---|---|
6 | cdnjs.cloudflare.com |
s3.amazonaws.com
|
4 | cdn.jsdelivr.net |
s3.amazonaws.com
|
4 | c.s-microsoft.com |
s3.amazonaws.com
|
4 | stackpath.bootstrapcdn.com |
s3.amazonaws.com
|
3 | navalaifabricators.com |
1 redirects
navalaifabricators.com
|
2 | maxcdn.bootstrapcdn.com |
s3.amazonaws.com
|
2 | s3.amazonaws.com |
navalaifabricators.com
s3.amazonaws.com |
2 | l.e-mail.hearstmags.com | 2 redirects |
1 | mail.ionos.com |
s3.amazonaws.com
|
26 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-07-05 - 2023-07-05 |
a year | crt.sh |
s3.amazonaws.com Amazon |
2022-04-01 - 2023-03-30 |
a year | crt.sh |
www.microsoft.com Microsoft Azure TLS Issuing CA 06 |
2022-10-04 - 2023-09-29 |
a year | crt.sh |
mail.ionos.com GeoTrust EV RSA CA 2018 |
2022-09-30 - 2023-10-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://s3.amazonaws.com/appforest_uf/f1669843386161x170665582301068100/blue-index.html?websrc=e3mKfxPkPWCNG9UR1Z65LODBgMj7kJpNTP1qkNS7CZaRfnZDgAR9KkpEerXHB9Bs4F8xO2u5yPjOsYT5EmA5PUnEZO10ilXqVc8Dpg8gIIY3aNcgQnTl3qcsZ64pxHEbYhcfeVuxAljzFF6S8QdwBRR53mlTBg148WXLmVov4baoBN8OU5nhShTDXprVXutmJh2H3vG6LC61Sat9TaLTsxG2BLR069RbjyAGOGfbf1iChu79jyOnrE0fbJG9sFL5dKHEb3mxseH1gbVbSfItHYkcGZwzLIL3n7iw8RDJl7CLdm&dispatch=371&id=428108
Frame ID: 41CAA2596BB74D7834E6F7504077E910
Requests: 28 HTTP requests in this frame
Screenshot
![](/screenshots/45d90e7b-40e1-41e2-9daf-74cad71bbaec.png)
Page Title
- MailPage URL History Show full URLs
-
http://l.e-mail.hearstmags.com/rts/go2.aspx?h=978467&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqK...
HTTP 302
https://l.e-mail.hearstmags.com/rts/go2.aspx?h=978467&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqK... HTTP 302
https://navalaifabricators.com//servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s+xesvHJIiPPK1FANuKCJ6GfA... HTTP 301
https://navalaifabricators.com/servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s+xesvHJIiPPK1FANuKCJ6GfAM... Page URL
- https://s3.amazonaws.com/appforest_uf/f1669843386161x170665582301068100/blue-index.html Page URL
- https://s3.amazonaws.com/appforest_uf/f1669843386161x170665582301068100/blue-index.html?websrc=e3mKfx... Page URL
Detected technologies
Detected patterns
- /wp-(?:content|includes)/
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
![](/vendor/wappa/icons/Lo-dash.png)
Detected patterns
- lodash.*\.js
![](/vendor/wappa/icons/Popper.png)
Detected patterns
- <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
- /popper\.js/([0-9.]+)
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://l.e-mail.hearstmags.com/rts/go2.aspx?h=978467&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK&x=navalaifabricators.com//servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s%2BxesvHJIiPPK1FANuKCJ6GfAMd48q1%2BzWokVctJ64uv0ACkt39%2Bs%3D|B2219DG3C|14.9700|i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK/jhgf
HTTP 302
https://l.e-mail.hearstmags.com/rts/go2.aspx?h=978467&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK&x=navalaifabricators.com//servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s%2BxesvHJIiPPK1FANuKCJ6GfAMd48q1%2BzWokVctJ64uv0ACkt39%2Bs%3D|B2219DG3C|14.9700|i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK/jhgf HTTP 302
https://navalaifabricators.com//servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s+xesvHJIiPPK1FANuKCJ6GfAMd48q1+zWokVctJ64uv0ACkt39+s=&cds_response_key=B2219DG3C&cds_misc_1=14.9700&cds_misc_30=used_to_make_last_paramater_pass_correctly?source=Engage&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK/jhgf HTTP 301
https://navalaifabricators.com/servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s+xesvHJIiPPK1FANuKCJ6GfAMd48q1+zWokVctJ64uv0ACkt39+s=&cds_response_key=B2219DG3C&cds_misc_1=14.9700&cds_misc_30=used_to_make_last_paramater_pass_correctly?source=Engage&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK/jhgf Page URL
- https://s3.amazonaws.com/appforest_uf/f1669843386161x170665582301068100/blue-index.html Page URL
- https://s3.amazonaws.com/appforest_uf/f1669843386161x170665582301068100/blue-index.html?websrc=e3mKfxPkPWCNG9UR1Z65LODBgMj7kJpNTP1qkNS7CZaRfnZDgAR9KkpEerXHB9Bs4F8xO2u5yPjOsYT5EmA5PUnEZO10ilXqVc8Dpg8gIIY3aNcgQnTl3qcsZ64pxHEbYhcfeVuxAljzFF6S8QdwBRR53mlTBg148WXLmVov4baoBN8OU5nhShTDXprVXutmJh2H3vG6LC61Sat9TaLTsxG2BLR069RbjyAGOGfbf1iChu79jyOnrE0fbJG9sFL5dKHEb3mxseH1gbVbSfItHYkcGZwzLIL3n7iw8RDJl7CLdm&dispatch=371&id=428108 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://l.e-mail.hearstmags.com/rts/go2.aspx?h=978467&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK&x=navalaifabricators.com//servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s%2BxesvHJIiPPK1FANuKCJ6GfAMd48q1%2BzWokVctJ64uv0ACkt39%2Bs%3D|B2219DG3C|14.9700|i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK/jhgf HTTP 302
- https://l.e-mail.hearstmags.com/rts/go2.aspx?h=978467&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK&x=navalaifabricators.com//servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s%2BxesvHJIiPPK1FANuKCJ6GfAMd48q1%2BzWokVctJ64uv0ACkt39%2Bs%3D|B2219DG3C|14.9700|i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK/jhgf HTTP 302
- https://navalaifabricators.com//servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s+xesvHJIiPPK1FANuKCJ6GfAMd48q1+zWokVctJ64uv0ACkt39+s=&cds_response_key=B2219DG3C&cds_misc_1=14.9700&cds_misc_30=used_to_make_last_paramater_pass_correctly?source=Engage&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK/jhgf HTTP 301
- https://navalaifabricators.com/servlet/EmailGateway?cds_fn=WpoZgJM8DlGgpmUaPhZtU0s+xesvHJIiPPK1FANuKCJ6GfAMd48q1+zWokVctJ64uv0ACkt39+s=&cds_response_key=B2219DG3C&cds_misc_1=14.9700&cds_misc_30=used_to_make_last_paramater_pass_correctly?source=Engage&tp=i-1NHD-Be-1R6O-Nox6H-1p-C3Uy6-1c-2ZJFn-Now0D-l8MQqKl3GC-1bm4QK/jhgf
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
EmailGateway
navalaifabricators.com/servlet/ Redirect Chain
|
33 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
wp-emoji-release.min.js
navalaifabricators.com/wp-includes/js/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blue-index.html
s3.amazonaws.com/appforest_uf/f1669843386161x170665582301068100/ |
19 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ |
33 KB 34 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue@2.6.12
cdn.jsdelivr.net/npm/ |
91 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ |
49 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lodash.min.js
cdn.jsdelivr.net/npm/lodash@4.17.21/ |
71 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/semibold/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
blue-index.html
s3.amazonaws.com/appforest_uf/f1669843386161x170665582301068100/ |
19 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
mail.ionos.com/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vue@2.6.12
cdn.jsdelivr.net/npm/ |
91 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ |
49 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lodash.min.js
cdn.jsdelivr.net/npm/lodash@4.17.21/ |
71 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ |
33 KB 34 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/semibold/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
mail.ionos.com/img/ |
36 KB 37 KB |
Image
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mail.ionos.com
- URL
- https://mail.ionos.com/img/favicon.ico
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| Vue function| $ function| jQuery function| Popper object| bootstrap function| _ function| axios string| MAIL_URL string| AUTH_LOADING_MESSAGE string| LOGIN_ERROR_MESSAGE string| LOGIN_SUCCESS_MESSAGE string| DEFAULT_SITE_TITLE string| DEFAULT_SITE_LOGO string| DEFAULT_SITE_FAVICON boolean| ALLOW_DYNAMIC_EMAIL_LOGO boolean| ENABLE_PASSWORD_VISIBILITY_TOGGLE object| favicon2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
l.e-mail.hearstmags.com/ | Name: ASP.NET_SessionId Value: hvqoxe4cbezvyx3mse3hhohc |
|
l.e-mail.hearstmags.com/ | Name: BIGipServercnv_ats_ssl_pool Value: !5/FnHwOLqmPipcV6OZXeE4ohk16Q6hEmw5t01rG4/jjx2ChUkKV6ATfwqKPJXGCCPkAJTCctqCv8yWY= |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.s-microsoft.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
l.e-mail.hearstmags.com
mail.ionos.com
maxcdn.bootstrapcdn.com
navalaifabricators.com
s3.amazonaws.com
stackpath.bootstrapcdn.com
mail.ionos.com
173.213.4.162
2606:4700::6810:5614
2606:4700::6811:190e
2606:4700::6812:acf
2606:4700::6812:bcf
2a02:26f0:3500:594::356e
2a06:98c1:3121::3
52.216.62.56
74.208.255.201
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1
29296ccacaa9ed35ed168fc51e36f54fd6f8db9c7786bbf38cc59a27229ba5c2
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
83a9c904fcd9ad30dc639d035dd997101bc2c0bb0948cb84deacf00d3d587f24
9ebcfbf81c3d5f9091755b45dbfa0a929754e217e694222fdbe98f6049aa6174
a9705dfc47c0763380d851ab1801be6f76019f6b67e40e9b873f8b4a0603f7a9
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e