mail.itesapanama.com Open in urlscan Pro
207.45.183.67 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
Submission: On November 22 via manual (November 22nd 2021, 4:27:10 pm UTC) from DE — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 13 HTTP transactions. The main IP is 207.45.183.67, located in United States and belongs to ASACENET1, US. The main domain is mail.itesapanama.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 1st 2021. Valid for: 3 months.

This is the only time mail.itesapanama.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aramex (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
9	207.45.183.67 207.45.183.67	22878 (ASACENET1) (ASACENET1)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	20.150.84.228 20.150.84.228	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
13	5

9 207.45.183.67 (United States)

ASN22878 (ASACENET1, US)
PTR: newiron.acenet.us

mail.itesapanama.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.150.84.228 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dotcomaramexprod.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	itesapanama.com mail.itesapanama.com	58 KB
2	gstatic.com fonts.gstatic.com	91 KB
1	windows.net dotcomaramexprod.blob.core.windows.net	277 KB
1	googleapis.com fonts.googleapis.com	1009 B
13	4

	Domain	Requested by
9	mail.itesapanama.com	mail.itesapanama.com
2	fonts.gstatic.com	fonts.googleapis.com
1	dotcomaramexprod.blob.core.windows.net	mail.itesapanama.com
1	fonts.googleapis.com	mail.itesapanama.com
13	4

This site contains no links.

Subject Issuer	Validity	Valid
mail.itesapanama.com cPanel, Inc. Certification Authority	`2021-10-01` - `2021-12-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2021-09-05` - `2022-09-05`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
Frame ID: 80E0661C7E654BB87AC0173DCB4D7B3F
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

426 kB
Transfer

698 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/ 31 KB
8 KB 1626ms
1378ms Document
text/html 207.45.183.67
ASACENET1

General

Check archive.org

Show headers Download Go to

Full URL

https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.45.183.67 , United States, ASN22878 (ASACENET1, US),

Reverse DNS

newiron.acenet.us

Software

Apache / PHP/5.6.40

Resource Hash

36c5fe41598046ef0137339b81214c8973a3af4878550cfe6b15510e08ddc824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Mon, 22 Nov 2021 16:27:04 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Cache-Control: max-age=2592000
Expires: Wed, 22 Dec 2021 16:27:04 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Content-Length: 7497
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK bootstrap.css
mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/ 153 KB
22 KB 111ms
110ms Stylesheet
text/css 207.45.183.67
ASACENET1

General

Check archive.org

Show headers Download Go to

Full URL

https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/bootstrap.css

Requested by

Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.45.183.67 , United States, ASN22878 (ASACENET1, US),

Reverse DNS

newiron.acenet.us

Software

Apache /

Resource Hash

8dea60613527493a203ad04631277050ebbc4d8f853d39503129774de29585db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:27:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Nov 2021 06:27:06 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 22459
Expires: Wed, 22 Dec 2021 16:27:05 GMT

GET
H/1.1 200
OK validationEngine.css
mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/ 3 KB
1 KB 311ms
105ms Stylesheet
text/css 207.45.183.67
ASACENET1

General

Check archive.org

Show headers Download Go to

Full URL

https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/validationEngine.css

Requested by

Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.45.183.67 , United States, ASN22878 (ASACENET1, US),

Reverse DNS

newiron.acenet.us

Software

Apache /

Resource Hash

cd363d0f8425d6b271c14ee5d6a8d693c3aa1323b64979b69c69d26661927303

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:27:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Nov 2021 06:27:06 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 781
Expires: Wed, 22 Dec 2021 16:27:05 GMT

GET
H/1.1 200
OK flaticon.css
mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/ 1 KB
862 B 311ms
104ms Stylesheet
text/css 207.45.183.67
ASACENET1

General

Check archive.org

Show headers Download Go to

Full URL

https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/flaticon.css

Requested by

Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.45.183.67 , United States, ASN22878 (ASACENET1, US),

Reverse DNS

newiron.acenet.us

Software

Apache /

Resource Hash

2650ffdcb2bf4147d062825fee353bd86e80c1f1c22c0b29ea856fdd3213e0a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:27:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Nov 2021 06:27:06 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 446
Expires: Wed, 22 Dec 2021 16:27:05 GMT

GET
H/1.1 200
OK fontawesome-all.css
mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/ 43 KB
8 KB 314ms
105ms Stylesheet
text/css 207.45.183.67
ASACENET1

General

Check archive.org

Show headers Download Go to

Full URL

https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/fontawesome-all.css

Requested by

Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.45.183.67 , United States, ASN22878 (ASACENET1, US),

Reverse DNS

newiron.acenet.us

Software

Apache /

Resource Hash

fbcf47d8acbcf1519e54c265a8d902f014e5960eddb07b119ec18261090d39c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:27:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Nov 2021 06:27:06 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 8278
Expires: Wed, 22 Dec 2021 16:27:05 GMT

GET
H/1.1 200
OK new-style-common-screen.css
mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/ 68 KB
10 KB 316ms
107ms Stylesheet
text/css 207.45.183.67
ASACENET1

General

Check archive.org

Show headers Download Go to

Full URL

https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/new-style-common-screen.css

Requested by

Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.45.183.67 , United States, ASN22878 (ASACENET1, US),

Reverse DNS

newiron.acenet.us

Software

Apache /

Resource Hash

f1c6c30238f7197f211cccdbbe6d3515d2c5fe59770cbbf223081c4908894422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:27:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Nov 2021 06:27:06 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9557
Expires: Wed, 22 Dec 2021 16:27:05 GMT

GET
H/1.1 200
OK common-dynamic.css
mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/ 1 KB
907 B 315ms
106ms Stylesheet
text/css 207.45.183.67
ASACENET1

General

Check archive.org

Show headers Download Go to

Full URL

https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/common-dynamic.css

Requested by

Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.45.183.67 , United States, ASN22878 (ASACENET1, US),

Reverse DNS

newiron.acenet.us

Software

Apache /

Resource Hash

9fc0ad407579219e2a97589fd553e40058d09ae10cddab13483ac3f5b6c67938

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:27:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Nov 2021 06:27:06 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 491
Expires: Wed, 22 Dec 2021 16:27:05 GMT

GET
H/1.1 200
OK translateelement.css
mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/ 20 KB
4 KB 318ms
105ms Stylesheet
text/css 207.45.183.67
ASACENET1

General

Check archive.org

Show headers Download Go to

Full URL

https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/translateelement.css

Requested by

Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.45.183.67 , United States, ASN22878 (ASACENET1, US),

Reverse DNS

newiron.acenet.us

Software

Apache /

Resource Hash

73bab8c19cdd51be819e226666e3e2185cca7b5cd7e84838d4ddfab65d8a9e10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:27:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Nov 2021 06:27:06 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3754
Expires: Wed, 22 Dec 2021 16:27:05 GMT

GET
H/1.1 200
OK aramex-logo.svg
mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/ 7 KB
3 KB 105ms
105ms Image
image/svg+xml 207.45.183.67
ASACENET1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/aramex-logo.svg

Requested by

Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

207.45.183.67 , United States, ASN22878 (ASACENET1, US),

Reverse DNS

newiron.acenet.us

Software

Apache /

Resource Hash

e0447aa04943d0d047baf922ce6f286da4e50d62113aa19505f75705a9a46773

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 16:27:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Nov 2021 06:27:06 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Content-Type: image/svg+xml
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2271
Expires: Wed, 22 Dec 2021 16:27:05 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1009 B 38ms
16ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700

Requested by

Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/index_fichiers/new-style-common-screen.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 16:27:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Nov 2021 16:27:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Nov 2021 16:27:05 GMT

GET
H/1.1 200
OK ontime-delivery34d65d88b3f2659d9310ff0000e7fe0c.jpg
dotcomaramexprod.blob.core.windows.net/default/images/default-source/default-album/ 276 KB
277 KB 387ms
51ms Image
image/jpeg 20.150.84.228
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dotcomaramexprod.blob.core.windows.net/default/images/default-source/default-album/ontime-delivery34d65d88b3f2659d9310ff0000e7fe0c.jpg
Requested by: Host: mail.itesapanama.com
URL: https://mail.itesapanama.com/wp-content/plugins/astra-sites/-/Aramux/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.150.84.228 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b4058e856498418ae11d5615c81391019a2010158a4396c63e516465ade89bfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mail.itesapanama.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 22 Nov 2021 16:27:05 GMT
Last-Modified: Sun, 23 Jul 2017 13:58:44 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: "0x8D4D1D2EE7CBE8F"
Content-Type: image/jpeg
x-ms-request-id: 97954d4c-101e-000c-1bbd-dfae8b000000
Cache-Control: public, max-age=31536000
x-ms-version: 2014-02-14
Accept-Ranges: bytes
Content-Length: 282711
x-ms-lease-state: available

GET
DATA 200
OK truncated
/ 549 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e298029630a2994690144a756709a06f8b3ed902440096ac7aec5b4cea285014

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ 46 KB
46 KB 39ms
17ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mail.itesapanama.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 527041
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 16 Nov 2022 14:03:04 GMT

GET
H2 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ 44 KB
45 KB 29ms
7ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mail.itesapanama.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 587388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 15 Nov 2022 21:17:17 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aramex (Transportation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dotcomaramexprod.blob.core.windows.net
fonts.googleapis.com
fonts.gstatic.com
mail.itesapanama.com
20.150.84.228
207.45.183.67
2a00:1450:4001:811::200a
2a00:1450:4001:831::2003
089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9
1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3
2650ffdcb2bf4147d062825fee353bd86e80c1f1c22c0b29ea856fdd3213e0a3
36c5fe41598046ef0137339b81214c8973a3af4878550cfe6b15510e08ddc824
73bab8c19cdd51be819e226666e3e2185cca7b5cd7e84838d4ddfab65d8a9e10
8dea60613527493a203ad04631277050ebbc4d8f853d39503129774de29585db
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
9fc0ad407579219e2a97589fd553e40058d09ae10cddab13483ac3f5b6c67938
b4058e856498418ae11d5615c81391019a2010158a4396c63e516465ade89bfa
cd363d0f8425d6b271c14ee5d6a8d693c3aa1323b64979b69c69d26661927303
e0447aa04943d0d047baf922ce6f286da4e50d62113aa19505f75705a9a46773
e298029630a2994690144a756709a06f8b3ed902440096ac7aec5b4cea285014
f1c6c30238f7197f211cccdbbe6d3515d2c5fe59770cbbf223081c4908894422
fbcf47d8acbcf1519e54c265a8d902f014e5960eddb07b119ec18261090d39c5

mail.itesapanama.com Open in urlscan Pro 207.45.183.67 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

13 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

426 kBTransfer

698 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

mail.itesapanama.com Open in urlscan Pro
207.45.183.67 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

426 kB
Transfer

698 kB
Size

0
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!