mariposacare.powerappsportals.com
Open in
urlscan Pro
20.49.97.13
Malicious Activity!
Public Scan
Effective URL: https://mariposacare.powerappsportals.com/
Submission: On August 01 via manual from CA — Scanned from CA
Summary
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 06 on May 9th 2022. Valid for: a year.
This is the only time mariposacare.powerappsportals.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sharepoint (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 66.147.230.95 66.147.230.95 | 23535 (HOSTROCKET) (HOSTROCKET) | |
1 19 | 20.49.97.13 20.49.97.13 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
6 | 2620:1ec:bdf::40 2620:1ec:bdf::40 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
24 | 2 |
ASN23535 (HOSTROCKET, US)
PTR: dirapp50.directorysecure.com
www.approvedroofers.co.uk |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
mariposacare.powerappsportals.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
powerappsportals.com
1 redirects
mariposacare.powerappsportals.com |
781 KB |
6 |
powerapps.com
content.powerapps.com — Cisco Umbrella Rank: 6288 |
386 KB |
1 |
approvedroofers.co.uk
1 redirects
www.approvedroofers.co.uk |
421 B |
24 | 3 |
Domain | Requested by | |
---|---|---|
19 | mariposacare.powerappsportals.com |
1 redirects
mariposacare.powerappsportals.com
|
6 | content.powerapps.com |
mariposacare.powerappsportals.com
|
1 | www.approvedroofers.co.uk | 1 redirects |
24 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
spurious-brash-pipe.glitch.me |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.powerappsportals.com Microsoft Azure TLS Issuing CA 06 |
2022-05-09 - 2023-05-04 |
a year | crt.sh |
content.powerapps.com Microsoft Azure TLS Issuing CA 02 |
2022-07-11 - 2023-07-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mariposacare.powerappsportals.com/
Frame ID: 673A2BB3237D261C6F5D41858D8023E7
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Home · Starter PortalPage URL History Show full URLs
-
https://www.approvedroofers.co.uk/api/widget/html/get/banner-click?action=update&bid=18&clicks=&link=https://m...
HTTP 302
https://mariposacare.powerappsportals.com/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: VIEW DOCUMENT
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.approvedroofers.co.uk/api/widget/html/get/banner-click?action=update&bid=18&clicks=&link=https://mariposacare.powerappsportals.com/
HTTP 302
https://mariposacare.powerappsportals.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 22- https://mariposacare.powerappsportals.com/~/css/defaultpcfstyle.css HTTP 302
- https://mariposacare.powerappsportals.com/css/defaultpcfstyle.css
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
mariposacare.powerappsportals.com/ Redirect Chain
|
13 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getresourcemanager
mariposacare.powerappsportals.com/_resources/ |
27 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
mariposacare.powerappsportals.com/ |
156 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glyphicons-font-awesome-migrate.min.css
mariposacare.powerappsportals.com/css/ |
13 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preform.bundle-f186e819e1.css
content.powerapps.com/resource/powerappsportal/dist/ |
97 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme.css
mariposacare.powerappsportals.com/ |
60 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
portalbasictheme.css
mariposacare.powerappsportals.com/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bidirectional.css
mariposacare.powerappsportals.com/ |
50 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
offlinenotification.css
mariposacare.powerappsportals.com/css/ |
923 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.SP.png
mariposacare.powerappsportals.com/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preform.bundle-2c5735c41a.js
content.powerapps.com/resource/powerappsportal/dist/ |
496 KB 121 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prop-types.js
mariposacare.powerappsportals.com/js/pcf/ |
66 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fela.js
mariposacare.powerappsportals.com/js/pcf/ |
30 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fela-dom.js
mariposacare.powerappsportals.com/js/pcf/ |
30 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pcf.bundle-d5fa514165.js
content.powerapps.com/resource/powerappsportal/dist/ |
788 KB 157 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
react-fela.js
mariposacare.powerappsportals.com/js/pcf/ |
44 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fluentui-react.js
mariposacare.powerappsportals.com/js/pcf/ |
947 KB 355 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img1.png
mariposacare.powerappsportals.com/ |
222 KB 223 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loadPcfControls.js
mariposacare.powerappsportals.com/js/pcf/ |
19 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
postpreform.bundle-f4f91a6eb4.js
content.powerapps.com/resource/powerappsportal/dist/ |
199 KB 52 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.bundle-63b32aa50b.js
content.powerapps.com/resource/powerappsportal/dist/ |
256 KB 39 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default-1033.bundle-eda4e638fd.js
content.powerapps.com/resource/powerappsportal/dist/ |
361 B 822 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glyphicons-halflings-regular.woff2
mariposacare.powerappsportals.com/fonts/ |
18 KB 18 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
defaultpcfstyle.css
mariposacare.powerappsportals.com/css/ Redirect Chain
|
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sharepoint (Online)62 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| ResourceManager undefined| msViewportStyle object| Microsoft function| setHeight object| dateFormatConverter function| $ function| jQuery object| respond function| _ function| moment function| URI object| PropTypes function| __assign function| __rest object| Fela function| __spreadArray object| FelaDOM object| ComponentFramework object| __stylesheet__ object| __globalSettings__ object| __packages__ object| __themeState__ object| CustomControls object| React object| ReactDOM object| __React object| __ReactDOM function| requirejs function| loadAllPcfControlsOnPage object| ReactFela object| FluentUIReact number| __currentId__ function| validateLoginSession function| redirectToLogin object| q object| shell object| Handlebars boolean| PR_SHOULD_USE_CONTINUATION function| prettyPrintOne function| prettyPrint object| PR function| expandCollapse object| portal function| ConvertErrorstrtoLink function| base64DecodeUnicode function| scrollToAndFocusCapatch function| setCapatchFocus function| scrollToCapatchPosition object| postBackOnSubmit function| SubmitModal object| adx object| auth function| FacetedSearch function| GoToNewEditor9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.approvedroofers.co.uk/ | Name: sessionID5 Value: a5p06hd15gkf2dv2pntjceadd3 |
|
mariposacare.powerappsportals.com/ | Name: Dynamics365PortalAnalytics Value: PGhOj1UCSAVUts38LRmVPXDOiOGyMUF8vFaYGh8pU_-qJ8jcsSWNQLlAv1-PLBF_J1rTJW7TJPhERDK3rjHB-osvs2RwXxT-x0YTbDdVZ0Kym1BlT3cqeQn6-Xbc3SxdHLbRcHTP4yaEUCssdXnuNQ2 |
|
mariposacare.powerappsportals.com/ | Name: ASP.NET_SessionId Value: q4x3iwr2njdotkuiqebqtkvq |
|
.mariposacare.powerappsportals.com/ | Name: ARRAffinity Value: 57f50edab142603427eadd5424c9cf993fb3a63fd247d9cf62c2e7691a5b819d |
|
.mariposacare.powerappsportals.com/ | Name: ARRAffinitySameSite Value: 57f50edab142603427eadd5424c9cf993fb3a63fd247d9cf62c2e7691a5b819d |
|
mariposacare.powerappsportals.com/ | Name: timezoneoffset Value: 0 |
|
mariposacare.powerappsportals.com/ | Name: isDSTSupport Value: false |
|
mariposacare.powerappsportals.com/ | Name: isDSTObserved Value: false |
|
mariposacare.powerappsportals.com/ | Name: ContextLanguageCode Value: en-US |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
content.powerapps.com
mariposacare.powerappsportals.com
www.approvedroofers.co.uk
20.49.97.13
2620:1ec:bdf::40
66.147.230.95
00e2b1f7a0d00e3bca1df3ca87f410651b01cf4c6807a7021b1401c63e541490
0f6e0c9ea84214a678a7de128e82bae16a0f06221b0718aa3dae4bcc95c29adf
1d931e2d42455cb3c77bf48b7cdf347e7bc97253ad5ea491a0aa4d1fe6a55bbd
2070fcffefb64a1e7b163e157187b3f0b69d9c03ad8bb84edd13d7cb639ff20b
20a114e83a8605b12c679ad2547442960cbabb75bac2d3eb8b6cac53971dbe2e
228d55fc2cc9674673206fdd7ed8656c39d775c7edcc468372da07c071358107
3858534e336063c94ee1c39189549cc1032d9485e1f73699bb5c2edf1bf2fd5c
5423f185195f046d0f3893f674e072be43e47c6124dd6ccbe214e896b1944d43
6b8b7769f4f7bf0ca317e945791d0e030d8d40b2b32d543aaaae20bf05bfd04f
6c4d5b7620ce512b94e0478cc2fa9436c1c78346537b471862004be97509782d
6e8392975c87b11c6008a2140c5a011a9c052c63d995d4ed6b0514971654191b
6ecb3da4b4b5adae0b627fafbf31366a07c33c047452ee750822e34b14dd1fb2
7ce2a6072bfcfdf1aedecf58f7fcf1b46ca8fb11719dec63d81e842298990def
85f42a2a92dcf800b200c21c5c4a467564dddd8e13f96de0a3efdf9fca2abbe5
9f444df90a1415015b9b0b4138b9a17378ddbb106972bece3f4de9a07d80d1d7
c7ad93aa07ca3d1a7dfb1686de7442bd5c09084a3388bebd160855580692a180
cb78e990d1c8a980016c5a299e67781af0fa790354e54f31515f610949cf2819
d89540a9233a945b0ac87237112c93c9abae639d7f435c3e9321a8e124632c5c
e46f31d0597782e654ae9715bd22f3540488b636ba882c237680c926d978433e
ed518261972445f0ec39ea427d6d083ed69fffbc5e601d2b8f12cc659ef1d87e
f02ed401f2f535475b7e4a34ee6c660a3e1a930081f3dc1f135321ba8b2653a3
f0ed83aedb027db12397dabf86a2743b2e94a65c3edf2b2c84898ba1ca72e855
f4941b671257b6f6a3922c5d93616ec1e9b2a2845b486771370beb10879288f4
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c