storage-mailbox.securelogin.workers.dev

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 6 HTTP transactions. The main IP is 172.67.166.110, located in United States and belongs to CLOUDFLARENET, US. The main domain is storage-mailbox.securelogin.workers.dev.
TLS certificate: Issued by R3 on October 6th 2021. Valid for: 3 months.

This is the only time storage-mailbox.securelogin.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.241.186.140 35.241.186.140	15169 (GOOGLE) (GOOGLE)
1	172.67.166.110 172.67.166.110	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.16.175.42 69.16.175.42	33438 (HIGHWINDS2) (HIGHWINDS2)
1	104.18.11.207 104.18.11.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2.16.186.187 2.16.186.187	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	142.250.186.68 142.250.186.68	15169 (GOOGLE) (GOOGLE)
6	6

1 35.241.186.140 (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 140.186.241.35.bc.googleusercontent.com

xyt2i.mjt.lu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.166.110 (United States)

ASN13335 (CLOUDFLARENET, US)

storage-mailbox.securelogin.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN33438 (HIGHWINDS2, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.186.187 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-187.deploy.static.akamaitechnologies.com

www.logmein.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	logmein.com 1 redirects www.logmein.com	482 B
1	google.com www.google.com	2 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com	15 KB
1	jquery.com code.jquery.com	30 KB
1	workers.dev storage-mailbox.securelogin.workers.dev	3 KB
1	mjt.lu 1 redirects xyt2i.mjt.lu	152 B
6	6

	Domain	Requested by
2	www.logmein.com	1 redirects storage-mailbox.securelogin.workers.dev
1	www.google.com
1	stackpath.bootstrapcdn.com	storage-mailbox.securelogin.workers.dev
1	code.jquery.com	storage-mailbox.securelogin.workers.dev
1	storage-mailbox.securelogin.workers.dev
1	xyt2i.mjt.lu	1 redirects
6	6

This site contains no links.

Subject Issuer	Validity	Valid
*.securelogin.workers.dev R3	`2021-10-06` - `2022-01-04`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
gotomeeting.com DigiCert SHA2 Secure Server CA	`2021-08-30` - `2022-08-30`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh

This page contains 2 frames:

Primary Page: https://storage-mailbox.securelogin.workers.dev/
Frame ID: EC67E3F9790FFB0EDE377CA0653EB8A3
Requests: 4 HTTP requests in this frame

Frame: https://www.logmein.com/de
Frame ID: 41D509632B189D983F97B10E0ECA8B24
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MAILBOX STORAGE!

Page URL History Show full URLs

https://xyt2i.mjt.lu/lnk/AVkAAA9iavIAAAAIsFAAABTLbSEAAAAAd7gAAJJjABga0gBhZws5xuGGelhoRkGh3roSDjBB... HTTP 302
https://storage-mailbox.securelogin.workers.dev/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

49 kB
Transfer

142 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://xyt2i.mjt.lu/lnk/AVkAAA9iavIAAAAIsFAAABTLbSEAAAAAd7gAAJJjABga0gBhZws5xuGGelhoRkGh3roSDjBB3QAW_mw/1/7AYrBj-XoRdH-Y9PXfcAMg/aHR0cHM6Ly9zdG9yYWdlLW1haWxib3guc2VjdXJlbG9naW4ud29ya2Vycy5kZXYvI2t1cnQuc25vZGdyYXNzQGxvZ21laW4uY29t HTTP 302
https://storage-mailbox.securelogin.workers.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://www.logmein.com/ HTTP 302
https://www.logmein.com/de

6 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
storage-mailbox.securelogin.workers.dev/
Redirect Chain

https://xyt2i.mjt.lu/lnk/AVkAAA9iavIAAAAIsFAAABTLbSEAAAAAd7gAAJJjABga0gBhZws5xuGGelhoRkGh3roSDjBB3QAW_mw/1/7AYrBj-XoRdH-Y9PXfcAMg/aHR0cHM6Ly9zdG9yYWdlLW1haWxib3guc2VjdXJlbG9naW4ud29ya2Vycy5kZXYvI2t...
https://storage-mailbox.securelogin.workers.dev/

7 KB
3 KB

286ms
234ms

Document
text/html

172.67.166.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage-mailbox.securelogin.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.166.110 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2d39fe694af1354221079aa7b6968e142f65e517d69e147ef19668e7e8c877b

Request headers

:method: GET
:authority: storage-mailbox.securelogin.workers.dev
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 13 Oct 2021 23:21:12 GMT
content-type: text/html
cf-ray: 69dc4d8b2a5927bc-PRG
last-modified: Wed, 13 Oct 2021 15:53:19 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-id-2: aNMxkCDF3Ynsx8TCgZa1lgzarOck3KzhZ
x-amz-meta-src_last_modified_millis: 1634139975379
x-amz-request-id: 98b46d5e0b596978
x-amz-version-id: 4_z141d21fb81805e2e76c90718_f103909366958fae9_d20211013_m155319_c002_v0001162_t0005
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CqK6LCMUb6%2BeLZaGYaM9fumLj1msYU5cIJS7Vqo1x7dDrF%2BRVHPeu1dVJh5zn2A8nSTJAph9hylODGfd3NsmTNpVFcQlORkAwfVVTL19AVXt3%2FcvbjquHIP9U8%2Flv%2Br%2BpU5Ph7%2BMgDZWRx4TPbMG8aKQ2tTanvcGHPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

content-type: text/html; charset=utf-8
location: https://storage-mailbox.securelogin.workers.dev/#kurt.snodgrass@logmein.com
date: Wed, 13 Oct 2021 23:21:12 GMT
content-length: 98

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 26ms
9ms Script
application/javascript 69.16.175.42
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: storage-mailbox.securelogin.workers.dev
URL: https://storage-mailbox.securelogin.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://storage-mailbox.securelogin.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:21:12 GMT
content-encoding: gzip
last-modified: Mon, 20 Mar 2017 19:01:15 GMT
server: nginx
etag: W/"58d026fb-15283"
vary: Accept-Encoding
x-hw: 1634167272.dop154.fr8.t,1634167272.cds219.fr8.hn,1634167272.cds133.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30125

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
15 KB 32ms
15ms Script
application/javascript 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: storage-mailbox.securelogin.workers.dev
URL: https://storage-mailbox.securelogin.workers.dev/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://storage-mailbox.securelogin.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:21:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723, 718
age: 17719989
cdn-cachedat: 2021-03-11 11:57:52
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 48f4598378fe1b699fcee6ac68d6cc25
cf-ray: 69dc4d8cd9c35b62-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2

200

de
www.logmein.com/ Frame 41D5
Redirect Chain

https://www.logmein.com/
https://www.logmein.com/de

0
0

319ms
318ms

Document
text/html

2.16.186.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.logmein.com/de

Requested by

Host: storage-mailbox.securelogin.workers.dev
URL: https://storage-mailbox.securelogin.workers.dev/

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.187 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-187.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.logmein.com
:scheme: https
:path: /de
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://storage-mailbox.securelogin.workers.dev/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

content-type: text/html; charset=utf-8
set-cookie: logmein#lang=de; path=/ cciso=US; path=/ SC_ANALYTICS_GLOBAL_COOKIE=54b37f44f321468790164f2d19840193|False; expires=Sat, 11-Oct-2031 23:21:12 GMT; path=/; HttpOnly ASP.NET_SessionId=24rgopejtcekxw43jyk5cedh; path=/; HttpOnly; SameSite=Lax __ab_c9f85076-6209-486b-a78f-65615a2ae5d5=20e6d444-d452-46eb-a42b-b98d4abb55fa; expires=Sat, 13-Nov-2021 23:21:12 GMT; path=/; secure
request-context: appId=cid-v1:370e7b46-9a1e-4d3a-9bc9-cf450a068595
server-timing: origin; dur=230 edge; dur=23 cdn-cache; desc=MISS
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cleartype: on
viewport: width=device-width, initial-scale=1
x-ua-compatible: IE=edge,chrome=1
access-control-allow-headers: content-type
access-control-allow-origin: *
content-encoding: gzip
expires: Wed, 13 Oct 2021 23:21:12 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 13 Oct 2021 23:21:12 GMT
content-length: 23491

Redirect headers

location: /de
x-sfum-redirect: true
request-context: appId=cid-v1:370e7b46-9a1e-4d3a-9bc9-cf450a068595
access-control-allow-origin: *
access-control-allow-headers: content-type
x-ua-compatible: IE=edge,chrome=1
viewport: width=device-width, initial-scale=1
cleartype: on
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 0
expires: Wed, 13 Oct 2021 23:21:12 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 13 Oct 2021 23:21:12 GMT
set-cookie: logmein#lang=de; path=/
server-timing: cdn-cache; desc=MISS edge; dur=23 origin; dur=11

GET
H2 200 favicons
www.google.com/s2/ 506 B
2 KB 422ms
400ms Image
image/png 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/s2/favicons?domain=https://www.logmein.com

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

ESF /

Resource Hash

41ee0e142224c1c36afe95ded9407ba26272f62b0354767fbff9666ee30dac1c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /s2/_/FaviconHttp/cspreport, script-src 'report-sample' 'nonce-Qc8gviM7TlztI67fG8ADng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /s2/_/FaviconHttp/cspreport;worker-src 'self', script-src 'nonce-Qc8gviM7TlztI67fG8ADng' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /s2/_/FaviconHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://storage-mailbox.securelogin.workers.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:21:12 GMT
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin; report-to="FaviconHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"FaviconHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/FaviconHttp/external"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /s2/_/FaviconHttp/cspreport, script-src 'report-sample' 'nonce-Qc8gviM7TlztI67fG8ADng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /s2/_/FaviconHttp/cspreport;worker-src 'self', script-src 'nonce-Qc8gviM7TlztI67fG8ADng' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /s2/_/FaviconHttp/cspreport
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Wed, 13 Oct 2021 23:21:12 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.google.com/	1970-01-20 02:19:38	Name: NID Value: 511=Qt5hF_DTG5wY2AGPUAGA1pV1SxnW3E7g44CzO6RSeUI8RGBv-LEd454S9VJJj9YUTWsxokdyRrNx1ytmhDZx_-PEuULyZoAk_MTABB2Pn1lWOeERgyv_CzXopguvT4RgRNzye9tkZ7yfcHh_2JmQ9h4sbHhSXYgvI0OygJ-aNRY

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.logmein.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
stackpath.bootstrapcdn.com
storage-mailbox.securelogin.workers.dev
www.google.com
www.logmein.com
xyt2i.mjt.lu
104.18.11.207
142.250.186.68
172.67.166.110
2.16.186.187
35.241.186.140
69.16.175.42
41ee0e142224c1c36afe95ded9407ba26272f62b0354767fbff9666ee30dac1c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2d39fe694af1354221079aa7b6968e142f65e517d69e147ef19668e7e8c877b

storage-mailbox.securelogin.workers.dev Open in urlscan Pro 172.67.166.110 Malicious Activity! Private Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

83 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

6 IPs

4 Countries

49 kBTransfer

142 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

storage-mailbox.securelogin.workers.dev Open in urlscan Pro
172.67.166.110 Malicious Activity! Private Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

49 kB
Transfer

142 kB
Size

1
Cookies

6 HTTP transactions
-1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!