evernotei.com
Open in
urlscan Pro
216.224.120.234
Malicious Activity!
Public Scan
Effective URL: http://evernotei.com/index.html
Submission Tags: phishing malicious Search All
Submission: On November 25 via api from JP — Scanned from JP
Summary
This is the only time evernotei.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Evernote (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 17 | 216.224.120.234 216.224.120.234 | 18779 (EGIHOSTING) (EGIHOSTING) | |
15 | 2 |
ASN18779 (EGIHOSTING, US)
PTR: j120-234.sjc1.ethr.net
evernotei.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
evernotei.com
2 redirects
evernotei.com |
316 KB |
15 | 1 |
Domain | Requested by | |
---|---|---|
17 | evernotei.com |
2 redirects
evernotei.com
|
15 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://evernotei.com/index.html
Frame ID: 59B8A91806697DEE97F29332265FE79E
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
evernoteEvernotePage URL History Show full URLs
-
http://evernotei.com/
HTTP 302
http://evernotei.com/php/api/jump.php HTTP 302
http://evernotei.com/index.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://evernotei.com/
HTTP 302
http://evernotei.com/php/api/jump.php HTTP 302
http://evernotei.com/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
evernotei.com/ Redirect Chain
|
1 KB 829 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.f7472ed4.css
evernotei.com/css/ |
192 B 470 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-vendors.8140bef9.css
evernotei.com/css/ |
209 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.a25b4227.js
evernotei.com/js/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-vendors.6b35c49d.js
evernotei.com/js/ |
849 KB 228 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-61dfc278.176f6625.css
evernotei.com/css/ |
0 799 B |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-7aa1154e.611474ec.css
evernotei.com/css/ |
0 2 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-2cc4e2f8.7e9a8186.js
evernotei.com/js/ |
0 8 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-61dfc278.46e86fff.js
evernotei.com/js/ |
0 6 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-7aa1154e.33103704.js
evernotei.com/js/ |
0 10 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bb6ce0ce7affff91989d4aab2ba9fa53.bb6ce0ce.png
evernotei.com/img/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-2cc4e2f8.7e9a8186.js
evernotei.com/js/ |
20 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-61dfc278.176f6625.css
evernotei.com/css/ |
1 KB 799 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chunk-61dfc278.46e86fff.js
evernotei.com/js/ |
11 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
709 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apple-logo_20.158083a3.svg
evernotei.com/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Evernote (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| webpackJsonp1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
evernotei.com/ | Name: PHPSESSID Value: j0ef67b42299mkni0b4mpmamt1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
evernotei.com
216.224.120.234
18efc22630bf839003226ea2c8d1cf179fd09a5a1f84cdfde85e3dd8e1e2b398
1b73c97163cb503d41d76353af612acc8b25e232958ead4fd3e014e3939879a1
2d20a81acfdbb621178ba64bddbb16cdc9c19d15dfdd82a82aefc15fe3626f44
5d618e5f81b5b1e4090207558374777e69c7960bd4f7e2cf9c9450f31e0b7c84
7d940e7534da5aecd9cd19b8257668cab0de44eaef21f9890cfc4b80b569ebfc
83c8a2664fa49a0b7e07e4ee16b427c9f5be36eb00bf4244606d0ab707db57f2
a19d40f0edb0ce4144dff58c4c116872ecd8314e342135e7f0f0022ccb1afe69
b0883d4796d831481bde21ef72ca6472edbcaeafb9376bc38d3909e00020cd23
b145829e76a38de5cc21da3a4df369f209b5b33ad1cda731de407ecb41dd31bb
c377eac8fbeb5cf07ed8b5f7cb188cee769a92fe3cc0b6dc0b706394578e6be0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2d397a977f0dca0383bb73497b4dd9d43b78bf857e4809745e47ba368adccc1