ventilator.herokuapp.com Open in urlscan Pro
52.49.203.214 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ventilator.herokuapp.com/
Submission: On March 20 via manual (March 20th 2020, 1:04:46 pm UTC) from PL

Summary HTTP 11 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 52.49.203.214, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is ventilator.herokuapp.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on April 19th 2017. Valid for: 3 years.

This is the only time ventilator.herokuapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
9	52.49.203.214 52.49.203.214	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:1200:1b:3d9:cc80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	54.82.251.206 54.82.251.206	14618 (AMAZON-AES) (AMAZON-AES)
11	3

9 52.49.203.214 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-203-214.eu-west-1.compute.amazonaws.com

ventilator.herokuapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:1200:1b:3d9:cc80:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.usefathom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.82.251.206 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-251-206.compute-1.amazonaws.com

img3.usefathom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	herokuapp.com ventilator.herokuapp.com	1 MB
2	usefathom.com cdn.usefathom.com img3.usefathom.com	2 KB
11	2

	Domain	Requested by
9	ventilator.herokuapp.com	ventilator.herokuapp.com
1	img3.usefathom.com	ventilator.herokuapp.com
1	cdn.usefathom.com	ventilator.herokuapp.com
11	3

This site contains links to these domains. Also see Links.

Domain
www.gov.uk
www.nationalarchives.gov.uk

Subject Issuer	Validity	Valid
*.herokuapp.com DigiCert SHA2 High Assurance Server CA	`2017-04-19` - `2020-06-22`	3 years	crt.sh
*.usefathom.com Amazon	`2020-01-16` - `2021-02-16`	a year	crt.sh
usefathom.com Amazon	`2019-08-14` - `2020-09-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ventilator.herokuapp.com/
Frame ID: D611C369AC9E29E8D8B4752CFDF7F17A
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Erlang (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /^Cowboy$/i

Cowboy (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

headers server /^Cowboy$/i

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /tracker\.js/i

Page Statistics

11
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

1108 kB
Transfer

1106 kB
Size

2
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gov.uk/
Title: Home

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
Title: Open Government Licence v3.0

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-government-licensing-framework/crown-copyright/
Title: © Crown copyright

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response ventilator.herokuapp.com/	78 KB 78 KB	224ms 98ms	Document text/html	52.49.203.214 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ventilator.herokuapp.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.49.203.214 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-203-214.eu-west-1.compute.amazonaws.com Software Cowboy / Express Resource Hash `cd50ab8616f7c73f3f001fa0ef3b839277bba622e355b693ced19bdb4ae1ec1f` Request headers Host ventilator.herokuapp.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers Server Cowboy Connection keep-alive X-Powered-By Express Set-Cookie seen_cookie_message=yes; Max-Age=2419200; Path=/; Expires=Fri, 17 Apr 2020 13:04:28 GMT; HttpOnly govuk-prototype-kit-56656e74696c61746f72204368616c6c656e6765205175657374696f6e73=s%3AudxZlaSSKKMuZApaiFYj3DeUNLrYHxHm.eVGkLeFWyINW27%2Fage2q3VEeLaOjfSouvMDHtLC7K0A; Path=/; Expires=Fri, 20 Mar 2020 17:04:28 GMT; HttpOnly; Secure X-Robots-Tag noindex Content-Type text/html; charset=utf-8 Content-Length 79515 Etag W/"1369b-QdcKt9QHQN5ju4bDjGs2lngd2dU" Date Fri, 20 Mar 2020 13:04:28 GMT Via 1.1 vegur
GET H/1.1	200 OK	application.css ventilator.herokuapp.com/public/stylesheets/	600 KB 600 KB	79ms 45ms	Stylesheet text/css	52.49.203.214 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ventilator.herokuapp.com/public/stylesheets/application.css Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.49.203.214 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-203-214.eu-west-1.compute.amazonaws.com Software Cowboy / Express Resource Hash `158a2bd1aab87ad8afc55a153fe0dcd2c302f5300bd909517990a23c2e427c68` Request headers Referer https://ventilator.herokuapp.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Fri, 20 Mar 2020 13:04:28 GMT Via 1.1 vegur Etag W/"95f87-170f2312158" Last-Modified Thu, 19 Mar 2020 09:47:51 GMT Server Cowboy X-Powered-By Express Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 614279
GET H/1.1	200 OK	jquery-1.11.3.js Show response ventilator.herokuapp.com/public/javascripts/	278 KB 278 KB	87ms 44ms	Script application/javascript	52.49.203.214 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ventilator.herokuapp.com/public/javascripts/jquery-1.11.3.js Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.49.203.214 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-203-214.eu-west-1.compute.amazonaws.com Software Cowboy / Express Resource Hash `3b6f944997a9fdd21ac4254b95a963dd0182eececb1750e78a859a4de1ee0886` Request headers Referer https://ventilator.herokuapp.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Fri, 20 Mar 2020 13:04:28 GMT Via 1.1 vegur Etag W/"456ff-170f2312158" Last-Modified Thu, 19 Mar 2020 09:47:51 GMT Server Cowboy X-Powered-By Express Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 284415
GET H/1.1	200 OK	all.js Show response ventilator.herokuapp.com/extension-assets/govuk-frontend/govuk/	80 KB 81 KB	119ms 45ms	Script application/javascript	52.49.203.214 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ventilator.herokuapp.com/extension-assets/govuk-frontend/govuk/all.js Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.49.203.214 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-203-214.eu-west-1.compute.amazonaws.com Software Cowboy / Express Resource Hash `bcade9ca60febc64f361b92f505a4630f9769b0a15ffc596eeb582a8ed4996fd` Request headers Referer https://ventilator.herokuapp.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Fri, 20 Mar 2020 13:04:28 GMT Via 1.1 vegur Etag W/"1414a-7438674ba0" Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server Cowboy X-Powered-By Express Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 82250
GET H/1.1	200 OK	application.js Show response ventilator.herokuapp.com/public/javascripts/	248 B 585 B	119ms 43ms	Script application/javascript	52.49.203.214 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ventilator.herokuapp.com/public/javascripts/application.js Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.49.203.214 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-203-214.eu-west-1.compute.amazonaws.com Software Cowboy / Express Resource Hash `c94808499128801fc15e6c213d07cdfbf428e4056b55c42322865def96b7e8f4` Request headers Referer https://ventilator.herokuapp.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Fri, 20 Mar 2020 13:04:28 GMT Via 1.1 vegur Etag W/"f8-170f2312158" Last-Modified Thu, 19 Mar 2020 09:47:51 GMT Server Cowboy X-Powered-By Express Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 248
GET H/1.1	200 OK	auto-store-data.js Show response ventilator.herokuapp.com/public/javascripts/	742 B 1 KB	120ms 44ms	Script application/javascript	52.49.203.214 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ventilator.herokuapp.com/public/javascripts/auto-store-data.js Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.49.203.214 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-203-214.eu-west-1.compute.amazonaws.com Software Cowboy / Express Resource Hash `dae18fec9b6096b415595e580bcdf87c02c8b941d6e6340252d7f03f067c241d` Request headers Referer https://ventilator.herokuapp.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Fri, 20 Mar 2020 13:04:28 GMT Via 1.1 vegur Etag W/"2e6-170f2312158" Last-Modified Thu, 19 Mar 2020 09:47:51 GMT Server Cowboy X-Powered-By Express Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 742
GET H/1.1	200 OK	light-94a07e06a1-v2.woff2 ventilator.herokuapp.com/govuk/assets/fonts/	33 KB 33 KB	71ms 71ms	Font application/font-woff2	52.49.203.214 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ventilator.herokuapp.com/govuk/assets/fonts/light-94a07e06a1-v2.woff2 Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.49.203.214 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-203-214.eu-west-1.compute.amazonaws.com Software Cowboy / Express Resource Hash `eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0` Request headers Referer https://ventilator.herokuapp.com/public/stylesheets/application.css Origin https://ventilator.herokuapp.com Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 20 Mar 2020 13:04:28 GMT Via 1.1 vegur Etag W/"8266-7438674ba0" Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server Cowboy X-Powered-By Express Content-Type application/font-woff2 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 33382
GET H/1.1	200 OK	govuk-crest.png ventilator.herokuapp.com/govuk/assets/images/	4 KB 4 KB	44ms 43ms	Image image/png	52.49.203.214 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ventilator.herokuapp.com/govuk/assets/images/govuk-crest.png Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.49.203.214 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-203-214.eu-west-1.compute.amazonaws.com Software Cowboy / Express Resource Hash `bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b` Request headers Referer https://ventilator.herokuapp.com/public/stylesheets/application.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 20 Mar 2020 13:04:28 GMT Via 1.1 vegur Etag W/"e00-7438674ba0" Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server Cowboy X-Powered-By Express Content-Type image/png Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 3584
GET H/1.1	200 OK	bold-b542beb274-v2.woff2 ventilator.herokuapp.com/govuk/assets/fonts/	31 KB 31 KB	44ms 44ms	Font application/font-woff2	52.49.203.214 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ventilator.herokuapp.com/govuk/assets/fonts/bold-b542beb274-v2.woff2 Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.49.203.214 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-203-214.eu-west-1.compute.amazonaws.com Software Cowboy / Express Resource Hash `06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47` Request headers Referer https://ventilator.herokuapp.com/public/stylesheets/application.css Origin https://ventilator.herokuapp.com Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 20 Mar 2020 13:04:28 GMT Via 1.1 vegur Etag W/"7af8-7438674ba0" Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server Cowboy X-Powered-By Express Content-Type application/font-woff2 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 31480
GET H2	200	tracker.js Show response cdn.usefathom.com/	3 KB 1 KB	42ms 6ms	Script application/javascript	2600:9000:2057:1200:1b:3d9:cc80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.usefathom.com/tracker.js Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:2057:1200:1b:3d9:cc80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `08bd55d79b4be7bf8a0aff836120ff3a741084c09dbe850bf9eedd073c0b8b7d` Request headers Referer https://ventilator.herokuapp.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Fri, 20 Mar 2020 09:38:22 GMT content-encoding gzip last-modified Tue, 10 Mar 2020 14:20:36 GMT server AmazonS3 age 12367 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript status 200 x-amz-cf-pop FRA6-C1 x-amz-cf-id NC72mHwuf3JktXBqSrUrRNiBkSCQja3_TF27o9dnLZJUTxpZrE5PVg== via 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
GET H2	200	scooby img3.usefathom.com/collector/	43 B 246 B	509ms 289ms	Image image/gif	54.82.251.206 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://img3.usefathom.com/collector/scooby?p=%2F&h=https%3A%2F%2Fventilator.herokuapp.com&r=&sid=JIWVNBFI&tz=Europe%2FBerlin&dash=null Requested by Host: ventilator.herokuapp.com URL: https://ventilator.herokuapp.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.82.251.206 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-82-251-206.compute-1.amazonaws.com Software awselb/2.0 / Resource Hash `aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22` Request headers Referer https://ventilator.herokuapp.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers pragma no-cache date Fri, 20 Mar 2020 13:04:29 GMT x-vapor-base64-encode True server awselb/2.0 tk N content-type image/gif status 200 cache-control must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private content-length 43 expires Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ventilator.herokuapp.com/	1970-01-19 08:12:03	Name: govuk-prototype-kit-56656e74696c61746f72204368616c6c656e6765205175657374696f6e73 Value: s%3AudxZlaSSKKMuZApaiFYj3DeUNLrYHxHm.eVGkLeFWyINW27%2Fage2q3VEeLaOjfSouvMDHtLC7K0A
			ventilator.herokuapp.com/	1970-01-19 08:52:08	Name: seen_cookie_message Value: yes

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://ventilator.herokuapp.com/public/javascripts/application.js(Line 5) Message: GOV.UK Prototype Kit - do not use for production

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.usefathom.com
img3.usefathom.com
ventilator.herokuapp.com
2600:9000:2057:1200:1b:3d9:cc80:93a1
52.49.203.214
54.82.251.206
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
08bd55d79b4be7bf8a0aff836120ff3a741084c09dbe850bf9eedd073c0b8b7d
158a2bd1aab87ad8afc55a153fe0dcd2c302f5300bd909517990a23c2e427c68
3b6f944997a9fdd21ac4254b95a963dd0182eececb1750e78a859a4de1ee0886
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
bcade9ca60febc64f361b92f505a4630f9769b0a15ffc596eeb582a8ed4996fd
c94808499128801fc15e6c213d07cdfbf428e4056b55c42322865def96b7e8f4
cd50ab8616f7c73f3f001fa0ef3b839277bba622e355b693ced19bdb4ae1ec1f
dae18fec9b6096b415595e580bcdf87c02c8b941d6e6340252d7f03f067c241d
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0

ventilator.herokuapp.com Open in urlscan Pro 52.49.203.214 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

1108 kBTransfer

1106 kBSize

2 Cookies

3 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

ventilator.herokuapp.com Open in urlscan Pro
52.49.203.214 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

1108 kB
Transfer

1106 kB
Size

2
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!