www.doxo.com Open in urlscan Pro
3.208.76.160 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://doxo.cmail20.com/t/d-l-cuibkl-ttwuuhukh-r/
Effective URL:
https://www.doxo.com/info/ou-medicine?campaign_code=email&utm_medium=email&utm_campaign=DAILY_NonActivated_1m_Reminde...
Submission Tags: phishing malicious Search All
Submission: On January 14 via api (January 14th 2021, 6:11:56 pm UTC) from US

Summary HTTP 53 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 12 domains to perform 53 HTTP transactions. The main IP is 3.208.76.160, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.doxo.com.
TLS certificate: Issued by Amazon on November 21st 2020. Valid for: a year.

This is the only time www.doxo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.196.132.139 18.196.132.139	16509 (AMAZON-02) (AMAZON-02)
6	3.208.76.160 3.208.76.160	14618 (AMAZON-AES) (AMAZON-AES)
23	143.204.214.104 143.204.214.104	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.215.29 143.204.215.29	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
3	3.209.197.155 3.209.197.155	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:817::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
8	13.35.254.140 13.35.254.140	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
53	13

1 18.196.132.139 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-132-139.eu-central-1.compute.amazonaws.com

doxo.cmail20.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.208.76.160 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

www.doxo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 143.204.214.104 (Seattle, United States)

ASN16509 (AMAZON-02, US)

d3uk0evc20lbwv.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.29 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-29.fra53.r.cloudfront.net

cdn.heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.209.197.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-209-197-155.compute-1.amazonaws.com

heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 13.35.254.140 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-254-140.fra6.r.cloudfront.net

api.mapbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	cloudfront.net d3uk0evc20lbwv.cloudfront.net	519 KB
8	mapbox.com api.mapbox.com	296 KB
6	doxo.com www.doxo.com	36 KB
4	heapanalytics.com cdn.heapanalytics.com heapanalytics.com	41 KB
4	google-analytics.com www.google-analytics.com	20 KB
2	facebook.com www.facebook.com	515 B
2	facebook.net connect.facebook.net	93 KB
1	google.de www.google.de	505 B
1	google.com www.google.com	505 B
1	doubleclick.net stats.g.doubleclick.net	444 B
1	googletagmanager.com www.googletagmanager.com	43 KB
1	cmail20.com 1 redirects doxo.cmail20.com	688 B
53	12

	Domain	Requested by
23	d3uk0evc20lbwv.cloudfront.net	www.doxo.com d3uk0evc20lbwv.cloudfront.net
8	api.mapbox.com	d3uk0evc20lbwv.cloudfront.net
6	www.doxo.com	d3uk0evc20lbwv.cloudfront.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com d3uk0evc20lbwv.cloudfront.net www.doxo.com
3	heapanalytics.com	www.doxo.com
2	www.facebook.com	connect.facebook.net
2	connect.facebook.net	www.doxo.com connect.facebook.net
1	www.google.de	www.doxo.com
1	www.google.com	www.doxo.com
1	stats.g.doubleclick.net	d3uk0evc20lbwv.cloudfront.net
1	cdn.heapanalytics.com	www.doxo.com
1	www.googletagmanager.com	www.doxo.com
1	doxo.cmail20.com	1 redirects
53	13

This site contains links to these domains. Also see Links.

Domain
www.oumedicine.com
www.facebook.com
twitter.com
www.google.com
www.myoumedicine.com
support.doxo.com
doxo.io

Subject Issuer	Validity	Valid
www.doxo.com Amazon	`2020-11-21` - `2021-12-20`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
cdn.heapanalytics.com Amazon	`2020-09-24` - `2021-10-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
heapanalytics.com Amazon	`2020-12-24` - `2022-01-22`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
api.mapbox.com Amazon	`2020-03-05` - `2021-04-05`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.doxo.com/info/ou-medicine?campaign_code=email&utm_medium=email&utm_campaign=DAILY_NonActivated_1m_RemindersPayButton_PaymentOptions_Images_T&utm_content=DAILY_NonActivated_1m_RemindersPayButton_PaymentOptions_Images_T+CID_b39c98760552241458c2dc3b95421c62&utm_source=campaign%20monitor&utm_term=paying%20your%20ProviderName%20fallback%20bill
Frame ID: F52776BF4BE0CDA0904D6540B3007354
Requests: 53 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://doxo.cmail20.com/t/d-l-cuibkl-ttwuuhukh-r/ HTTP 302
https://www.doxo.com/info/ou-medicine?campaign_code=email&utm_medium=email&utm_campaign=DAILY_Non... Page URL

Page Statistics

53
Requests

100 %
HTTPS

54 %
IPv6

12
Domains

13
Subdomains

13
IPs

4
Countries

1050 kB
Transfer

2508 kB
Size

5
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://www.oumedicine.com/
Title: link oumedicine.com open_in_new

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OUMedicine/
Title: link Facebook open_in_new

Search URL Search Domain Scan URL

URL: https://twitter.com/OUMedicine
Title: link Twitter open_in_new

Search URL Search Domain Scan URL

URL: https://www.google.com/maps/search/?api=1&query=700%20NE%2013th%20St%20%26%20Lincoln%20Blvd%20%2C%20Oklahoma%20City%2C%20OK%2C%2073104
Title: HQ Address 700 NE 13th St & Lincoln Blvd Oklahoma City , OK 73104 open_in_new

Search URL Search Domain Scan URL

URL: https://www.myoumedicine.com/GEPOL/User/Login.aspx
Title: website

Search URL Search Domain Scan URL

URL: https://support.doxo.com/hc/en-us/categories/115000004833-doxo-for-Business
Title: See our FAQ pages

Search URL Search Domain Scan URL

URL: http://doxo.io/iphone
Title: iPhone

Search URL Search Domain Scan URL

URL: http://doxo.io/android
Title: Android

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://doxo.cmail20.com/t/d-l-cuibkl-ttwuuhukh-r/ HTTP 302
https://www.doxo.com/info/ou-medicine?campaign_code=email&utm_medium=email&utm_campaign=DAILY_NonActivated_1m_RemindersPayButton_PaymentOptions_Images_T&utm_content=DAILY_NonActivated_1m_RemindersPayButton_PaymentOptions_Images_T+CID_b39c98760552241458c2dc3b95421c62&utm_source=campaign%20monitor&utm_term=paying%20your%20ProviderName%20fallback%20bill Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set ou-medicine Show response
www.doxo.com/info/
Redirect Chain

https://doxo.cmail20.com/t/d-l-cuibkl-ttwuuhukh-r/
https://www.doxo.com/info/ou-medicine?campaign_code=email&utm_medium=email&utm_campaign=DAILY_NonActivated_1m_RemindersPayButton_PaymentOptions_Images_T&utm_content=DAILY_NonActivated_1m_RemindersP...

43 KB
9 KB

739ms
374ms

Document
text/html

3.208.76.160
AMAZON-AES

General

Domain/Path	Expires	Name / Value
.doxo.com/	1970-01-19 15:24:09	Name: _hp2_ses_props.3839637385 Value: %7B%22us%22%3A%22campaign%20monitor%22%2C%22um%22%3A%22email%22%2C%22ut%22%3A%22paying%20your%20ProviderName%20fallback%20bill%22%2C%22uc%22%3A%22DAILY_NonActivated_1m_RemindersPayButton_PaymentOptions_Images_T%20CID_b39c98760552241458c2dc3b95421c62%22%2C%22ua%22%3A%22DAILY_NonActivated_1m_RemindersPayButton_PaymentOptions_Images_T%22%2C%22ts%22%3A1610647898774%2C%22d%22%3A%22www.doxo.com%22%2C%22h%22%3A%22%2Finfo%2Fou-medicine%22%2C%22q%22%3A%22%3Fcampaign_code%3Demail%26utm_medium%3Demail%26utm_campaign%3DDAILY_NonActivated_1m_RemindersPayButton_PaymentOptions_Images_T%26utm_content%3DDAILY_NonActivated_1m_RemindersPayButton_PaymentOptions_Images_T%2520CID_b39c98760552241458c2dc3b95421c62%26utm_source%3Dcampaign%2520monitor%26utm_term%3Dpaying%2520your%2520ProviderName%2520fallback%2520bill%22%7D
.doxo.com/	1970-01-20 00:52:05	Name: _hp2_id.3839637385 Value: %7B%22userId%22%3A%227943442985743026%22%2C%22pageviewId%22%3A%228916727774149024%22%2C%22sessionId%22%3A%225347646012429163%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.doxo.com/	1970-01-19 15:24:07	Name: _gat_UA-9243928-1 Value: 1
.doxo.com/	1970-01-19 15:25:34	Name: _gid Value: GA1.2.1039673566.1610647899
.doxo.com/	1970-01-20 08:55:19	Name: _ga Value: GA1.2.78312622.1610647899

www.doxo.com Open in urlscan Pro 3.208.76.160 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

53 Requests

100 %HTTPS

54 %IPv6

12 Domains

13 Subdomains

13 IPs

4 Countries

1050 kBTransfer

2508 kBSize

5 Cookies

8 Outgoing links

Page URL History

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.doxo.com Open in urlscan Pro
3.208.76.160 Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

100 %
HTTPS

54 %
IPv6

12
Domains

13
Subdomains

13
IPs

4
Countries

1050 kB
Transfer

2508 kB
Size

5
Cookies

53 HTTP transactions
1 data transactions