incoming-fax.myportfolio.com Open in urlscan Pro
151.101.64.119 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u8907542.ct.sendgrid.net/ls/click?upn=3oX6I08Kb-2BXkZY5wiJMndKCa8kypyMImMKxvMqPIY8mpmiZlmaS0gvv0ESS8tG5ITEgFfFuPIhCKSR0Ni...
Effective URL:
https://incoming-fax.myportfolio.com/
Submission: On May 31 via manual (May 31st 2022, 3:52:51 pm UTC) from US — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 13 HTTP transactions. The main IP is 151.101.64.119, located in United States and belongs to FASTLY, US. The main domain is incoming-fax.myportfolio.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on April 12th 2022. Valid for: a year.

This is the only time incoming-fax.myportfolio.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.115.121 167.89.115.121	11377 (SENDGRID) (SENDGRID)
1	23.23.138.147 23.23.138.147	14618 (AMAZON-AES) (AMAZON-AES)
4	151.101.64.119 151.101.64.119	54113 (FASTLY) (FASTLY)
2	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
3	2a02:26f0:350... 2a02:26f0:3500:16::215:148f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	162.247.243.146 162.247.243.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	8

1 167.89.115.121 (Herndon, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x121.outbound-mail.sendgrid.net

u8907542.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.23.138.147 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-138-147.compute-1.amazonaws.com

magenta-impossible-lute.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.64.119 (United States)

ASN54113 (FASTLY, US)

incoming-fax.myportfolio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

cdn.myportfolio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:16::215:148f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	myportfolio.com incoming-fax.myportfolio.com cdn.myportfolio.com — Cisco Umbrella Rank: 134338	942 KB
4	typekit.net use.typekit.net — Cisco Umbrella Rank: 483 p.typekit.net — Cisco Umbrella Rank: 613	42 KB
1	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 346	1 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 347	14 KB
1	glitch.me magenta-impossible-lute.glitch.me	7 KB
1	sendgrid.net 1 redirects u8907542.ct.sendgrid.net	254 B
13	6

	Domain	Requested by
4	incoming-fax.myportfolio.com	magenta-impossible-lute.glitch.me incoming-fax.myportfolio.com
3	use.typekit.net	incoming-fax.myportfolio.com
2	cdn.myportfolio.com	incoming-fax.myportfolio.com cdn.myportfolio.com
1	bam-cell.nr-data.net	js-agent.newrelic.com
1	p.typekit.net
1	js-agent.newrelic.com	incoming-fax.myportfolio.com
1	magenta-impossible-lute.glitch.me
1	u8907542.ct.sendgrid.net	1 redirects
13	8

This site contains no links.

Subject Issuer	Validity	Valid
glitch.com Amazon	`2022-02-01` - `2023-03-02`	a year	crt.sh
*.myportfolio.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-12` - `2023-05-13`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://incoming-fax.myportfolio.com/
Frame ID: 19795B4FEF9D4B51957263D7B90A937F
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FAX

Page URL History Show full URLs

https://u8907542.ct.sendgrid.net/ls/click?upn=3oX6I08Kb-2BXkZY5wiJMndKCa8kypyMImMKxvMqPIY8mpmiZlmaS0gvv0ESS8t... HTTP 302
https://magenta-impossible-lute.glitch.me/1992.html Page URL
https://incoming-fax.myportfolio.com/ Page URL

Page Statistics

13
Requests

100 %
HTTPS

25 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

1007 kB
Transfer

1038 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u8907542.ct.sendgrid.net/ls/click?upn=3oX6I08Kb-2BXkZY5wiJMndKCa8kypyMImMKxvMqPIY8mpmiZlmaS0gvv0ESS8tG5ITEgFfFuPIhCKSR0NiGYJzA-3D-3D8Slu_oeEKVhJhjOhj4zuloiT3z9pwn10JgApxRdUSebSAMrZuwIac0fyafE1t-2Fn52zfb58ooPXQc3ZZv4D04yRbT4Idr8L8gt2QvrhqTTqZIBfZkR3SArISDYpdKOcLg3shMoGwXYwyomUWWTOzrSy1bw1JURLdzJ051W2NM2wFUAj0K3DDXdZsxaCP2s7ogfaYZedDuzKRZ6CzMGhGO7s5uR3E1OQp9Fr3WjQ812NE46bqU-3D HTTP 302
https://magenta-impossible-lute.glitch.me/1992.html Page URL
https://incoming-fax.myportfolio.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://u8907542.ct.sendgrid.net/ls/click?upn=3oX6I08Kb-2BXkZY5wiJMndKCa8kypyMImMKxvMqPIY8mpmiZlmaS0gvv0ESS8tG5ITEgFfFuPIhCKSR0NiGYJzA-3D-3D8Slu_oeEKVhJhjOhj4zuloiT3z9pwn10JgApxRdUSebSAMrZuwIac0fyafE1t-2Fn52zfb58ooPXQc3ZZv4D04yRbT4Idr8L8gt2QvrhqTTqZIBfZkR3SArISDYpdKOcLg3shMoGwXYwyomUWWTOzrSy1bw1JURLdzJ051W2NM2wFUAj0K3DDXdZsxaCP2s7ogfaYZedDuzKRZ6CzMGhGO7s5uR3E1OQp9Fr3WjQ812NE46bqU-3D HTTP 302
https://magenta-impossible-lute.glitch.me/1992.html

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

1992.html Show response
magenta-impossible-lute.glitch.me/
Redirect Chain

https://u8907542.ct.sendgrid.net/ls/click?upn=3oX6I08Kb-2BXkZY5wiJMndKCa8kypyMImMKxvMqPIY8mpmiZlmaS0gvv0ESS8tG5ITEgFfFuPIhCKSR0NiGYJzA-3D-3D8Slu_oeEKVhJhjOhj4zuloiT3z9pwn10JgApxRdUSebSAMrZuwIac0fya...
https://magenta-impossible-lute.glitch.me/1992.html

7 KB
7 KB

369ms
162ms

Document
text/html

23.23.138.147
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://magenta-impossible-lute.glitch.me/1992.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.138.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-138-147.compute-1.amazonaws.com
Software: /
Resource Hash: fe1693f5d38234eb3f45442bb27f6b73c9227158ad18d4161b70583bca1b3d73

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=0
content-length: 6707
content-type: text/html; charset=utf-8
date: Tue, 31 May 2022 15:52:47 GMT
etag: W/"1a33-18107c32ee8"
last-modified: Fri, 27 May 2022 23:04:01 GMT
vary: Origin

Redirect headers

Connection: keep-alive
Content-Length: 74
Content-Type: text/html; charset=utf-8
Date: Tue, 31 May 2022 15:52:46 GMT
Location: https://magenta-impossible-lute.glitch.me/1992.html
Server: nginx
X-Robots-Tag: noindex, nofollow

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cfb365099ae602f8e7994580e16d7cdc2349275b0b7e70fd283bf21905813b00

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 Primary Request / Show response
incoming-fax.myportfolio.com/ 15 KB
15 KB 39ms
9ms Document
text/html 151.101.64.119
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://incoming-fax.myportfolio.com/

Requested by

Host: magenta-impossible-lute.glitch.me
URL: https://magenta-impossible-lute.glitch.me/1992.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.119 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

adobe /

Resource Hash

f51a210c1fbca6d1992bcc97300273c0c4537a0b90958ccecf199ecbb2be24dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://magenta-impossible-lute.glitch.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4856
cache-control: s-maxage=31536000
content-length: 14899
content-type: text/html; charset=utf-8
date: Tue, 31 May 2022 15:52:47 GMT
server: adobe
vary: Accept-Language, Accept-Encoding,Fastly-SSL, X-Use-Renderer
via: 1.1 varnish
x-app-name: Pro2-Renderer
x-cache: HIT
x-cache-hits: 1
x-content-type-options: nosniff
x-locale: de_de
x-robots-tag: noindex
x-served-by: cache-hhn4058-HHN
x-timer: S1654012367.140768,VS0,VE1
x-trace-id: VncEclY4cccCXJJZ3uNMRByojcU
x-xss-protection: 1; mode=block

GET
H2 200 main.css
incoming-fax.myportfolio.com/dist/css/ 11 KB
11 KB 8ms
7ms Stylesheet
text/css 151.101.64.119
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://incoming-fax.myportfolio.com/dist/css/main.css

Requested by

Host: incoming-fax.myportfolio.com
URL: https://incoming-fax.myportfolio.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.119 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

adobe /

Resource Hash

009a029a1fbe7ec1821f8884761847d0c4857770dc9aefe51c13ff36c9ac6fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://incoming-fax.myportfolio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 15:52:47 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 1251
x-cache: HIT
content-length: 11553
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4058-HHN
last-modified: Thu, 19 May 2022 01:04:30 GMT
server: adobe
x-timer: S1654012367.154186,VS0,VE1
etag: "6285979e-2d21"
vary: Fastly-SSL, X-Use-Renderer
content-type: text/css
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 77ab20b1a594dae11484d9fbbcf392bf1653692118.css
cdn.myportfolio.com/c4eff628-7766-450d-b037-bd0f466386c1/ 78 KB
78 KB 36ms
6ms Stylesheet
text/css 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.myportfolio.com/c4eff628-7766-450d-b037-bd0f466386c1/77ab20b1a594dae11484d9fbbcf392bf1653692118.css?h=946f04f92fd0d96019ca98636ff6d473

Requested by

Host: incoming-fax.myportfolio.com
URL: https://incoming-fax.myportfolio.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

adobe /

Resource Hash

eb8a8febab4ba720d8daa4ec344bae0bc08462f2733d7ce143d71dedf20fe756

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://incoming-fax.myportfolio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 15:52:47 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 5225
x-cache: HIT
cross-origin-resource-policy: cross-origin
vary: Origin
content-length: 79901
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4041-HHN
x-trace-id: 61HalR6oXJb0Y+lv0NKM2ululHo
last-modified: Sun, 27 Apr 2014 08:34:36 UTC
server: adobe
x-timer: S1654012367.183571,VS0,VE0
etag: 4d3b82200f103f1ad477a4cb7d4985dd
strict-transport-security: max-age=300
content-type: text/css;charset=UTF-8
access-control-allow-origin: *
expires: Fri, 01 Jul 2022 00:25:42 +0000
cache-control: max-age=2628000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 B9mSgM2bUlJHekf6iRjH4H4lW4bTtUvKAHzhP1Xzou9fenwgfHYEBsJzwD9oFDIDWhjoFDiy5Q4qweFRwRwojDMuFRJhwQscwhs8wQMowRZyZcjuFhbkwhI-mkG0dW83da4XZcNC-Av0jhNlOfG0SY4zwKuh-AmaOcuoSeNkieZzde8zOcFzdPUlpWgzS1scdhUTd... Show response
use.typekit.net/ik/ 16 KB
7 KB 43ms
6ms Script
text/javascript 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/ik/B9mSgM2bUlJHekf6iRjH4H4lW4bTtUvKAHzhP1Xzou9fenwgfHYEBsJzwD9oFDIDWhjoFDiy5Q4qweFRwRwojDMuFRJhwQscwhs8wQMowRZyZcjuFhbkwhI-mkG0dW83da4XZcNC-Av0jhNlOfG0SY4zwKuh-AmaOcuoSeNkieZzde8zOcFzdPUlpWgzS1scdhUTdkoRdhXCSY4zwKuh-AmaOcuoSeNkieZzde8zOcFzdPJIjcT3ZkGHfH_JMsMMeMb6MKGHfHDJMsMMeMS6MTMga0_BtM9.js?cb=51c9b87a192db85898d217bbe3f191c244a31fbf

Requested by

Host: incoming-fax.myportfolio.com
URL: https://incoming-fax.myportfolio.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

f8ec3e3c726c8dc35393ddee3706e80882a002ba03b6482ce4f37acb1b156f6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://incoming-fax.myportfolio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Tue, 31 May 2022 15:52:47 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6651

GET
H2 200 translations Show response
incoming-fax.myportfolio.com/site/ 179 B
292 B 9ms
8ms Script
application/javascript 151.101.64.119
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://incoming-fax.myportfolio.com/site/translations?cb=51c9b87a192db85898d217bbe3f191c244a31fbf

Requested by

Host: incoming-fax.myportfolio.com
URL: https://incoming-fax.myportfolio.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.119 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

adobe /

Resource Hash

f6291a72c6da9374f0992f97d9ce114b10429adc01c26a3252e4e30140c28554

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://incoming-fax.myportfolio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 15:52:47 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 1251
x-cache: HIT
x-app-name: Pro2-Renderer
content-length: 179
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4058-HHN
x-trace-id: tqWwlZl6QdxeswWJhi/B4NsiGQQ
server: adobe
x-timer: S1654012367.154654,VS0,VE1
vary: Accept-Language, Accept-Encoding,Fastly-SSL, X-Use-Renderer
content-type: application/javascript; charset=utf-8
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 main.js Show response
incoming-fax.myportfolio.com/dist/js/ 347 KB
347 KB 9ms
8ms Script
application/javascript 151.101.64.119
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://incoming-fax.myportfolio.com/dist/js/main.js?cb=51c9b87a192db85898d217bbe3f191c244a31fbf

Requested by

Host: incoming-fax.myportfolio.com
URL: https://incoming-fax.myportfolio.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.119 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

adobe /

Resource Hash

9f096217c974a5bb9cc2d1e705cd59de004eaf3efca52a9e0d5aed77aedecc1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://incoming-fax.myportfolio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 15:52:47 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 1251
x-cache: HIT
content-length: 354855
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4058-HHN
last-modified: Thu, 19 May 2022 01:04:30 GMT
server: adobe
x-timer: S1654012367.154632,VS0,VE1
etag: "6285979e-56a27"
vary: Fastly-SSL, X-Use-Renderer
content-type: application/javascript
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 84c2467e-7e89-426e-8b64-9ce7817c60fa_rwc_0x0x2769x1424x4096.png
cdn.myportfolio.com/c4eff628-7766-450d-b037-bd0f466386c1/ 490 KB
490 KB 10ms
10ms Image
image/png 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.myportfolio.com/c4eff628-7766-450d-b037-bd0f466386c1/84c2467e-7e89-426e-8b64-9ce7817c60fa_rwc_0x0x2769x1424x4096.png?h=f1d74fcce8c46b51d3abae0c3e1bd610

Requested by

Host: cdn.myportfolio.com
URL: https://cdn.myportfolio.com/c4eff628-7766-450d-b037-bd0f466386c1/77ab20b1a594dae11484d9fbbcf392bf1653692118.css?h=946f04f92fd0d96019ca98636ff6d473

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

adobe /

Resource Hash

88d1e469c9cc4a9758c36a09df0d6dea8ec1a20ac9ba451d05179e42b8da4390

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.myportfolio.com/c4eff628-7766-450d-b037-bd0f466386c1/77ab20b1a594dae11484d9fbbcf392bf1653692118.css?h=946f04f92fd0d96019ca98636ff6d473
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 15:52:47 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 5223
x-cache: HIT
cross-origin-resource-policy: cross-origin
vary: Origin
content-length: 501605
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4041-HHN
x-trace-id: cSdSug4ejhlu4eyZVU0lMw+Jv70
last-modified: Sun, 27 Apr 2014 08:54:16 UTC
server: adobe
x-timer: S1654012367.202481,VS0,VE1
etag: 1054e40e8d3621fc3c89398c25d0b861
strict-transport-security: max-age=300
content-type: image/png
access-control-allow-origin: *
expires: Fri, 01 Jul 2022 00:25:43 +0000
cache-control: max-age=2628000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 l
use.typekit.net/af/54d47a/000000000000000000017750/27/ 17 KB
18 KB 53ms
13ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/54d47a/000000000000000000017750/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: incoming-fax.myportfolio.com
URL: https://incoming-fax.myportfolio.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4c7fb148dd3fbb2dd3693817feaa71b30fcf07abae676c7d9ac4973744c4c7de

Request headers

Referer: https://incoming-fax.myportfolio.com/
Origin: https://incoming-fax.myportfolio.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 15:52:47 GMT
server: nginx
etag: "40cfac9e106a217031011293b321e4ba25cecc5c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 17800

GET
H2 200 l
use.typekit.net/af/3e2979/00000000000000007735a6b9/30/ 18 KB
18 KB 54ms
15ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/3e2979/00000000000000007735a6b9/30/l?subset_id=2&fvd=n7&v=3
Requested by: Host: incoming-fax.myportfolio.com
URL: https://incoming-fax.myportfolio.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4a30778c6846d2ddfc7bda043c30d7ada2f0d92a829c18d6330c1657de8df13a

Request headers

Referer: https://incoming-fax.myportfolio.com/
Origin: https://incoming-fax.myportfolio.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 15:52:47 GMT
server: nginx
etag: "ea96ad08e70914a05fea1864bb6820811797df07"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18100

GET
H2 200 nr-1216.min.js Show response
js-agent.newrelic.com/ 38 KB
14 KB 63ms
16ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1216.min.js
Requested by: Host: incoming-fax.myportfolio.com
URL: https://incoming-fax.myportfolio.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://incoming-fax.myportfolio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding: gzip
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-request-id: A3C7RE3NVMD1D9B7
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 14391
x-amz-id-2: 0o6/by7X8LQvrErI9oLyF9MxnDk0RnsA34qB/ChRNESalsL/OwMvtcoWnPP/hRkP93Yz3XoORKE=
x-served-by: cache-cdg20767-CDG
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1654012367.343491,VS0,VE0
date: Tue, 31 May 2022 15:52:47 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 10338

GET
H2 200 p.gif
p.typekit.net/ 35 B
214 B 70ms
13ms Image
image/gif 2a02:26f0:3500:16::215:148b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=2&k=359713_f977a92d0cc239c0562614f3de10926aff57d23a&ht=tk&h=incoming-fax.myportfolio.com&f=25646.25644&a=359713&js=1.21.0&app=typekit&e=js&_=1654012367290
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://incoming-fax.myportfolio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 15:52:47 GMT
last-modified: Sat, 09 Oct 2021 02:10:03 GMT
server: nginx
etag: "6160f9fb-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK e7fb1b89a0 Show response
bam-cell.nr-data.net/1/ 49 B
1 KB 179ms
150ms Script
text/javascript 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/e7fb1b89a0?a=750147145&v=1216.487a282&to=ZwZaYkJVDERXUxULCV5Me0NDQA1aGWsmJzJtQxdtS0QDQ14KT0gbbQ%3D%3D&rst=254&ck=1&ref=https://incoming-fax.myportfolio.com/&ap=18&be=58&fe=182&dc=123&perf=%7B%22timing%22:%7B%22of%22:1654012367106,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:15,%22c%22:15,%22s%22:21,%22ce%22:31,%22rq%22:32,%22rp%22:40,%22rpe%22:41,%22dl%22:43,%22di%22:122,%22ds%22:122,%22de%22:123,%22dc%22:182,%22l%22:182,%22le%22:183%7D,%22navigation%22:%7B%7D%7D&fp=170&fcp=170&at=S0FNFApPHxsUUUNYHU0e&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://incoming-fax.myportfolio.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Tue, 31 May 2022 15:52:47 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Connection: keep-alive
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VE61DwCL85ROrQgcs0JJFPe%2BE1KAdA61GexH5M4vzg8CPAopMJsuA8RxVfh3%2BkEWGerzJuR31fFfRn7xLuh%2FBG6RB4wVXJdJp7WNE85KlW6LSAhRi5fo%2FsiXrW8yBI3z%2BVE%2FfcnB"}],"group":"cf-nel","max_age":604800}
Content-Type: text/javascript
Access-Control-Allow-Origin: *
access-control-allow-credentials: true
CF-Ray: 7140e0f03cd65b3e-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 9f9019d1a2179e3b

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam-cell.nr-data.net
cdn.myportfolio.com
incoming-fax.myportfolio.com
js-agent.newrelic.com
magenta-impossible-lute.glitch.me
p.typekit.net
u8907542.ct.sendgrid.net
use.typekit.net
151.101.194.133
151.101.194.137
151.101.64.119
162.247.243.146
167.89.115.121
23.23.138.147
2a02:26f0:3500:16::215:148b
2a02:26f0:3500:16::215:148f
009a029a1fbe7ec1821f8884761847d0c4857770dc9aefe51c13ff36c9ac6fd2
4a30778c6846d2ddfc7bda043c30d7ada2f0d92a829c18d6330c1657de8df13a
4c7fb148dd3fbb2dd3693817feaa71b30fcf07abae676c7d9ac4973744c4c7de
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
88d1e469c9cc4a9758c36a09df0d6dea8ec1a20ac9ba451d05179e42b8da4390
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9f096217c974a5bb9cc2d1e705cd59de004eaf3efca52a9e0d5aed77aedecc1c
cfb365099ae602f8e7994580e16d7cdc2349275b0b7e70fd283bf21905813b00
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
eb8a8febab4ba720d8daa4ec344bae0bc08462f2733d7ce143d71dedf20fe756
f51a210c1fbca6d1992bcc97300273c0c4537a0b90958ccecf199ecbb2be24dc
f6291a72c6da9374f0992f97d9ce114b10429adc01c26a3252e4e30140c28554
f8ec3e3c726c8dc35393ddee3706e80882a002ba03b6482ce4f37acb1b156f6d
fe1693f5d38234eb3f45442bb27f6b73c9227158ad18d4161b70583bca1b3d73

incoming-fax.myportfolio.com Open in urlscan Pro 151.101.64.119 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

100 %HTTPS

25 %IPv6

6 Domains

8 Subdomains

8 IPs

2 Countries

1007 kBTransfer

1038 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

1 Cookies

Indicators

incoming-fax.myportfolio.com Open in urlscan Pro
151.101.64.119 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

25 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

1007 kB
Transfer

1038 kB
Size

1
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!