app.sendx.io
Open in
urlscan Pro
34.200.203.49
Malicious Activity!
Public Scan
Submission: On November 25 via manual from US
Summary
TLS certificate: Issued by Amazon on July 25th 2020. Valid for: a year.
This is the only time app.sendx.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 34.200.203.49 34.200.203.49 | 14618 (AMAZON-AES) (AMAZON-AES) | |
7 | 2600:9000:206... 2600:9000:206f:3000:2:af8b:1480:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 13.225.73.31 13.225.73.31 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.227.219.70 13.227.219.70 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::2003 | 15169 (GOOGLE) (GOOGLE) | |
14 | 7 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-203-49.compute-1.amazonaws.com
app.sendx.io |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-31.fra2.r.cloudfront.net
d15k2d11r6t6rl.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-70.ams54.r.cloudfront.net
d2fi4ri5dhpqd1.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
sendx.io
app.sendx.io cdn.sendx.io |
234 KB |
2 |
cloudfront.net
d15k2d11r6t6rl.cloudfront.net d2fi4ri5dhpqd1.cloudfront.net |
8 KB |
1 |
gstatic.com
fonts.gstatic.com |
31 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
3 KB |
14 | 4 |
Domain | Requested by | |
---|---|---|
7 | cdn.sendx.io |
app.sendx.io
cdn.sendx.io |
3 | app.sendx.io |
cdn.sendx.io
app.sendx.io |
1 | fonts.gstatic.com |
cdn.sendx.io
|
1 | d2fi4ri5dhpqd1.cloudfront.net | |
1 | d15k2d11r6t6rl.cloudfront.net | |
1 | cdnjs.cloudflare.com |
cdn.sendx.io
|
14 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
sendx.io |
bhpropertyweb.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.sendx.io Amazon |
2020-07-25 - 2021-08-25 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2020-05-26 - 2021-04-21 |
a year | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-11-03 - 2021-01-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://app.sendx.io/form/GEOZ8z1stPFfBq3iwuOVCx/subscribe
Frame ID: 94E5589AD65053116F820784CBEA3F17
Requests: 15 HTTP requests in this frame
Screenshot
Detected technologies
Lua (Programming Languages) ExpandDetected patterns
- headers server /openresty(?:\/([\d.]+))?/i
animate.css (Web Frameworks) Expand
Detected patterns
- html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Mustache (JavaScript Frameworks) Expand
Detected patterns
- script /mustache(?:\.min)?\.js/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: SendX
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
subscribe
app.sendx.io/form/GEOZ8z1stPFfBq3iwuOVCx/ |
96 KB 60 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bS5IKBY2XnOjb5gifdRR7S.js
cdn.sendx.io/prod/ |
355 KB 145 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mustache.min.js
cdnjs.cloudflare.com/ajax/libs/mustache.js/3.0.1/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cleanslate.min.css
cdn.sendx.io/prod/css/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.min.css
cdn.sendx.io/prod/css/ |
56 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Arimo.css
cdn.sendx.io/fonts/ |
223 B 656 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Francois%20One.css
cdn.sendx.io/fonts/ |
258 B 700 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PT%20Sans%20Narrow.css
cdn.sendx.io/fonts/ |
251 B 692 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PT%20Sans.css
cdn.sendx.io/fonts/ |
223 B 664 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GEOZ8z1stPFfBq3iwuOVCx
app.sendx.io/api/v1/js/track/form/impression/ |
82 B 572 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
d15k2d11r6t6rl.cloudfront.net/public/users/Integrators/840f4477-2071-4b5b-a7c9-79cd553fea12/bS5IKBY2XnOjb5gifdRR7S/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.png
d2fi4ri5dhpqd1.cloudfront.net/public/resources/defaultrows/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
subscribe
app.sendx.io/form/GEOZ8z1stPFfBq3iwuOVCx/ |
19 KB 19 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
P5sMzZCDf9_T_10ZxCQ.ttf
fonts.gstatic.com/s/arimo/v11/ |
49 KB 31 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _formData object| _scq object| _scs object| _sendxConfig number| _sendxInstances function| SendXLukesLazyLoader object| _sendx string| data object| qparams undefined| cid undefined| tid object| Mustache function| SendX_8342809152 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
app.sendx.io/ | Name: lang Value: en-US |
|
app.sendx.io/ | Name: sendx_sess Value: 5780f83189243fd94a938dfad15fb488 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.sendx.io
cdn.sendx.io
cdnjs.cloudflare.com
d15k2d11r6t6rl.cloudfront.net
d2fi4ri5dhpqd1.cloudfront.net
fonts.gstatic.com
13.225.73.31
13.227.219.70
2600:9000:206f:3000:2:af8b:1480:93a1
2606:4700::6810:125e
2a00:1450:4001:814::2003
34.200.203.49
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1bb643c7451a152a9085a3ce93ec0a7568ad774e538cd7eec724e5064c16b75f
1d12cb248aa500dc28b99afbdb79961dd9cc64318de27c19f2e2108d438c8eb1
5590ac38a4230c96a31c19d874ce00bcb6d2b219d13dc882f0155432ac43c5c3
5a97bb371d01a1b2ab821a1d24046a734f558ddebd78baf9e1af36a19da80d38
6789688a6ad8a349c2d6ca37cb81317258e83bb455e1329e8098dcbccab619db
76d0da79bba2cc625bb3a624d6f478784d2440ee6ff8189db56f180d061fd8df
8964eaabfdb399568ea0a04ee0ce2396656bb8a40541bda7811640350dd43f94
8a745f9aae8f1e8d1dd8344526a21888fff88188573a6e098bb8ec77795c21bc
b2b873fedd063ab995199af21b6e0c543c850d8669bd41f6f9d9c9f056e91a2d
c4a24372572e336039c3c85dfaa6d1a397a5ead055d514591749aaf24a23d900
c53cd1749183aa230d84582dcf3f6b78d313fefbeceec5d21da2f87d078d8046
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e516bbcc6bda92ae3e84ac14f21ab81295e9b9f2657ea2eb143f421f850e1221
ed14a30056564b7b45a2f41d062c9f887ef41c186318ceba5319010d55e92d0f