media.csosa.gov
Open in
urlscan Pro
67.222.47.30
Malicious Activity!
Public Scan
Effective URL: https://media.csosa.gov/blog/wp-content/cache/maersk/d1c195302bbde28ee6873805b9dbb21d/o7ifouoc9&ok5=@@su=9w677e7m3ujkjr3...
Submission: On March 12 via manual from US
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on February 13th 2018. Valid for: a year.
This is the only time media.csosa.gov was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Maersk (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 5 | 67.222.47.30 67.222.47.30 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
6 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY - Fastly) | |
8 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 67-222-47-30.unifiedlayer.com
media.csosa.gov |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
imgur.com
i.imgur.com |
1 MB |
5 |
csosa.gov
3 redirects
media.csosa.gov |
50 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
6 | i.imgur.com |
media.csosa.gov
|
5 | media.csosa.gov |
3 redirects
media.csosa.gov
|
8 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
media.csosa.gov COMODO RSA Domain Validation Secure Server CA |
2018-02-13 - 2019-02-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://media.csosa.gov/blog/wp-content/cache/maersk/d1c195302bbde28ee6873805b9dbb21d/o7ifouoc9&ok5=@@su=9w677e7m3ujkjr3xe@lr6zer5xn3qimye$6m7&8b8rvrhypwvbm1a0tgxgjny5mdyty657h&xd4fb$b6%7Cx8ex0uwh&=f=5tjxsq%7Cy6i@=mcvgn1kkayja$es6x6q%7Cz82rx5p4ompbxkrllb6vap53%7C@92%7Cz5%7C87u6&=c150c%7Cl3q6&w2nl8rp50raz@&848ejsr=xsw2dzt=&om1ausz0srasnoztwebo4vm@so.php?login=jmantilla@ncl.com&.verify?service=mail&data:text/html;js6/main.jsp?sid=CAgbePXXjcVpfthPNgXXCcgDQZImqqTE&df=webmail126
Frame ID: CDF17A71ABCF62538C37F45E9F76017A
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://media.csosa.gov/blog/wp-content/cache/maersk/?login=jmantilla@ncl.com
HTTP 302
https://media.csosa.gov/blog/wp-content/cache/maersk/d1c195302bbde28ee6873805b9dbb21d?login=jmantill... HTTP 301
https://media.csosa.gov/blog/wp-content/cache/maersk/d1c195302bbde28ee6873805b9dbb21d/?login=jmantil... HTTP 302
https://media.csosa.gov/blog/wp-content/cache/maersk/d1c195302bbde28ee6873805b9dbb21d/o7ifouoc9&ok5=... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://media.csosa.gov/blog/wp-content/cache/maersk/?login=jmantilla@ncl.com
HTTP 302
https://media.csosa.gov/blog/wp-content/cache/maersk/d1c195302bbde28ee6873805b9dbb21d?login=jmantilla@ncl.com&.login?c=aHR0cDovL3d3dy5hcHBsZS5jb20vc2hvcHwxYW9zNGJjMzU3MDM3ZTc1NmQ3NGY4MTI3ZGZhMWNkNDBlNWZkNGY0MWNhZQ&r=SDHCD9JUYKX777H9KT9JT7JJTAPAXHFKH&s=aHR0cHM6Ly9zZWN1cmUyLnN0b3JlLmFwcGxlLmNvbS9zaG9wL2FjY291bnQvc2V0dXAvc3RhcnQ_c= HTTP 301
https://media.csosa.gov/blog/wp-content/cache/maersk/d1c195302bbde28ee6873805b9dbb21d/?login=jmantilla@ncl.com&.login?c=aHR0cDovL3d3dy5hcHBsZS5jb20vc2hvcHwxYW9zNGJjMzU3MDM3ZTc1NmQ3NGY4MTI3ZGZhMWNkNDBlNWZkNGY0MWNhZQ&r=SDHCD9JUYKX777H9KT9JT7JJTAPAXHFKH&s=aHR0cHM6Ly9zZWN1cmUyLnN0b3JlLmFwcGxlLmNvbS9zaG9wL2FjY291bnQvc2V0dXAvc3RhcnQ_c= HTTP 302
https://media.csosa.gov/blog/wp-content/cache/maersk/d1c195302bbde28ee6873805b9dbb21d/o7ifouoc9&ok5=@@su=9w677e7m3ujkjr3xe@lr6zer5xn3qimye$6m7&8b8rvrhypwvbm1a0tgxgjny5mdyty657h&xd4fb$b6%7Cx8ex0uwh&=f=5tjxsq%7Cy6i@=mcvgn1kkayja$es6x6q%7Cz82rx5p4ompbxkrllb6vap53%7C@92%7Cz5%7C87u6&=c150c%7Cl3q6&w2nl8rp50raz@&848ejsr=xsw2dzt=&om1ausz0srasnoztwebo4vm@so.php?login=jmantilla@ncl.com&.verify?service=mail&data:text/html;js6/main.jsp?sid=CAgbePXXjcVpfthPNgXXCcgDQZImqqTE&df=webmail126 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
o7ifouoc9&ok5=@@su=9w677e7m3ujkjr3xe@lr6zer5xn3qimye$6m7&8b8rvrhypwvbm1a0tgxgjny5mdyty657h&xd4fb$b6%7Cx8ex0uwh&=f=5tjxsq%7Cy6i@=mcvgn1kkayja$es6x6q%7Cz82rx5p4ompbxkrllb6vap53%7C@92%7Cz5%7C87u6&=c15...
media.csosa.gov/blog/wp-content/cache/maersk/d1c195302bbde28ee6873805b9dbb21d/ Redirect Chain
|
64 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
b6.jpg
i.imgur.com/iSktaNi.jpg./images/ |
594 KB 594 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jVGCBow.jpg
i.imgur.com/ |
137 KB 138 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
efg2UyP.jpg
i.imgur.com/ |
71 KB 71 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
P4heblb.jpg
i.imgur.com/ |
257 KB 257 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
IxrIQm0.jpg
i.imgur.com/ |
101 KB 102 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
cl0ey7e.jpg
i.imgur.com/ |
79 KB 80 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pattern.png
media.csosa.gov/blog/wp-content/cache/maersk/images/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Maersk (Transportation)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
media.csosa.gov/ | Name: PHPSESSID Value: k1lbhdk9juaqic0sk89n9hd8n4 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i.imgur.com
media.csosa.gov
151.101.112.193
67.222.47.30
2777bc74278aa72442707899f26c28a9e075b09dbbab6cd5edf9d1a93bb4f4f2
31991918c0dec8fe0ddccc26599b10d1092577b7b144e5f3921b9154221a92b3
367d0864d0351debf1853661701c1bdbad536a2ae6c6037d49be6845a266e494
4a29aa5cef0f97cb7e005c7e7bb210e294fe2d30e86c454768aadb3c6463691c
4cea85792ec7c35e40d195d550b5bf764308d922e2e780dc45c6dbea3ae736c5
6a886549c9d681c34da102683fca2a0a08d1b05130b359b46ff15e7f923f9db4
d597c3d708407da5ce18fa360eec0dd53ee51d1ff5eef23a75adb1645094cc7c
f55a20c37f4f0bc0a38dcc1fdd95988fda42ea6152442ae533c4e1e77830811f