securemail.staples.com.encryptedmail.online

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 31.148.219.11, located in Netherlands and belongs to HOSTING-SOLUTIONS - Hosting Solution Ltd., US. The main domain is securemail.staples.com.encryptedmail.online.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 13th 2018. Valid for: 3 months.

This is the only time securemail.staples.com.encryptedmail.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	65.55.169.46 65.55.169.46	() ()
1 1	167.89.115.54 167.89.115.54	11377 (SENDGRID) (SENDGRID - SendGrid)
7	31.148.219.11 31.148.219.11	14576 (HOSTING-S...) (HOSTING-SOLUTIONS - Hosting Solution Ltd.)
7	1

1 65.55.169.46 (Washington, United States) 1 redirects

ASN- ()
PTR: na01-bl2-obe.ptr.protection.outlook.com

na01.safelinks.protection.outlook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.89.115.54 (Denver, United States) 1 redirects

ASN11377 (SENDGRID - SendGrid, Inc., US)
PTR: o16789115x54.outbound-mail.sendgrid.net

u4752178.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 31.148.219.11 (Netherlands)

ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US)
PTR: xcia903mykfp.ru

securemail.staples.com.encryptedmail.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	encryptedmail.online securemail.staples.com.encryptedmail.online	405 KB
1	sendgrid.net 1 redirects u4752178.ct.sendgrid.net	281 B
1	outlook.com 1 redirects na01.safelinks.protection.outlook.com	754 B
7	3

	Domain	Requested by
7	securemail.staples.com.encryptedmail.online	securemail.staples.com.encryptedmail.online
1	u4752178.ct.sendgrid.net	1 redirects
1	na01.safelinks.protection.outlook.com	1 redirects
7	3

This site contains no links.

Subject Issuer	Validity	Valid
securemail.staples.com.encryptedmail.online Let's Encrypt Authority X3	`2018-04-13` - `2018-07-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/
Frame ID: 949DAED24AB719D6430AD8D14A1F24F2
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu4752178.ct.sendgrid.net%2Fwf%2Fclick%3Fupn%3DitUJ7UFUtJC... HTTP 302
https://u4752178.ct.sendgrid.net/wf/click?upn=itUJ7UFUtJC-2F6o2IcyPhCoW3TuN3-2FtEkrTjyWOzQzVmtmLl78uVa6JloLEl... HTTP 302
https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

405 kB
Transfer

407 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu4752178.ct.sendgrid.net%2Fwf%2Fclick%3Fupn%3DitUJ7UFUtJC-2F6o2IcyPhCoW3TuN3-2FtEkrTjyWOzQzVmtmLl78uVa6JloLElhoClavNa4tNCxSSjt-2Bn9EbaEGuo8-2Bru7gLmhv-2BJ3ceb5Me-2Fs-3D_onXnJGlRddgwjq9DW5Hkbd7pHDxE-2Fr-2Fzzk3JCJ8NJhAA63mkyubCpJ3XlB1ZaMrSPgnXZpBC2V7o-2BLeFMyAKcLinPMqgpuGo63zVAFL49gKIqhFR16MppSdCZ6mcuaFWhBRY1y3QQPQ1mJBXq3btStUY1Z1sh1DCIiKnQ7N93LuWMj2reYaf6SIkQw23N6Lh39p-2FNCorW61Wps9ulNT4ashcib9gYVrdK3CZrOUJMb4-3D&data=01%7C01%7Crobert.lebeau%40staples.com%7C022fbc8cc6cb47c8baa008d5a173496a%7Cb101f7ab56ac485fb3975279698fdf7d%7C1&sdata=MqBQ5Ateymt8YDosYtKRBdGmYWHeeK4TcQht1kJwJSA%3D&reserved=0 HTTP 302
https://u4752178.ct.sendgrid.net/wf/click?upn=itUJ7UFUtJC-2F6o2IcyPhCoW3TuN3-2FtEkrTjyWOzQzVmtmLl78uVa6JloLElhoClavNa4tNCxSSjt-2Bn9EbaEGuo8-2Bru7gLmhv-2BJ3ceb5Me-2Fs-3D_onXnJGlRddgwjq9DW5Hkbd7pHDxE-2Fr-2Fzzk3JCJ8NJhAA63mkyubCpJ3XlB1ZaMrSPgnXZpBC2V7o-2BLeFMyAKcLinPMqgpuGo63zVAFL49gKIqhFR16MppSdCZ6mcuaFWhBRY1y3QQPQ1mJBXq3btStUY1Z1sh1DCIiKnQ7N93LuWMj2reYaf6SIkQw23N6Lh39p-2FNCorW61Wps9ulNT4ashcib9gYVrdK3CZrOUJMb4-3D HTTP 302
https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ Redirect Chain https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu4752178.ct.sendgrid.net%2Fwf%2Fclick%3Fupn%3DitUJ7UFUtJC-2F6o2IcyPhCoW3TuN3-2FtEkrTjyWOzQzVmtmLl78uVa6JloLElhoClavNa4tNCxSSjt-2Bn9E... https://u4752178.ct.sendgrid.net/wf/click?upn=itUJ7UFUtJC-2F6o2IcyPhCoW3TuN3-2FtEkrTjyWOzQzVmtmLl78uVa6JloLElhoClavNa4tNCxSSjt-2Bn9EbaEGuo8-2Bru7gLmhv-2BJ3ceb5Me-2Fs-3D_onXnJGlRddgwjq9DW5Hkbd7pHDxE... https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/	1 KB 889 B	68ms 15ms	Document text/html	31.148.219.11 Hosting Solution ...
General Check archive.org Show headers Download Go to Full URL https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 31.148.219.11 , Netherlands, ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US), Reverse DNS xcia903mykfp.ru Software nginx / Resource Hash `3485c218b78c5c515e606f7ca0a1101b5ccd6d634a71766fabfc94a4be36e606` Request headers :path /a34fc9f417efef3c1/ pragma no-cache accept-encoding gzip, deflate upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 cache-control no-cache :authority securemail.staples.com.encryptedmail.online :scheme https :method GET User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Fri, 13 Apr 2018 20:12:02 GMT content-encoding gzip last-modified Fri, 13 Apr 2018 19:26:03 GMT server nginx etag W/"5ad1044b-5f9" vary Accept-Encoding content-type text/html status 200 Redirect headers Location https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ Date Fri, 13 Apr 2018 20:12:05 GMT Server nginx Connection keep-alive X-Robots-Tag noindex, nofollow Transfer-Encoding chunked Content-Type text/html; charset=utf-8
GET H2	200	page1.css securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/	5 KB 2 KB	17ms 16ms	Stylesheet text/css	31.148.219.11 Hosting Solution ...
General Check archive.org Show headers Download Go to Full URL https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/page1.css Requested by Host: securemail.staples.com.encryptedmail.online URL: https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 31.148.219.11 , Netherlands, ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US), Reverse DNS xcia903mykfp.ru Software nginx / Resource Hash `13c5543e611aec3afc72e09eca200827722aa1a9c8f1bc93dfe4184a0c7e0978` Request headers :path /a34fc9f417efef3c1/static/page1.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority securemail.staples.com.encryptedmail.online referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ :scheme https :method GET Referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Fri, 13 Apr 2018 20:12:02 GMT content-encoding gzip last-modified Tue, 10 May 2016 12:01:46 GMT server nginx etag W/"5731cdaa-1281" vary Accept-Encoding content-type text/css status 200
GET H2	200	usericon.png securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/	889 B 1 KB	16ms 16ms	Image image/png	31.148.219.11 Hosting Solution ...
General Check archive.org Show headers Download Go to Show image Full URL https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/usericon.png Requested by Host: securemail.staples.com.encryptedmail.online URL: https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 31.148.219.11 , Netherlands, ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US), Reverse DNS xcia903mykfp.ru Software nginx / Resource Hash `28aff5b8b300a23d1b5b58a537e087b203a80bbe995cc79248c2988419906ad5` Request headers :path /a34fc9f417efef3c1/static/usericon.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority securemail.staples.com.encryptedmail.online referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ :scheme https :method GET Referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Fri, 13 Apr 2018 20:12:02 GMT last-modified Tue, 10 May 2016 12:01:46 GMT server nginx etag "379-5327bb06f3e80" content-type image/png status 200 x-accel-version 0.01 accept-ranges bytes content-length 889
GET H2	200	passicon.png securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/	883 B 1 KB	16ms 16ms	Image image/png	31.148.219.11 Hosting Solution ...
General Check archive.org Show headers Download Go to Show image Full URL https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/passicon.png Requested by Host: securemail.staples.com.encryptedmail.online URL: https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 31.148.219.11 , Netherlands, ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US), Reverse DNS xcia903mykfp.ru Software nginx / Resource Hash `da0d596ce49b8626e6b98672fa822e1c03f85d68853b17e55e415fb90e739303` Request headers :path /a34fc9f417efef3c1/static/passicon.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority securemail.staples.com.encryptedmail.online referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ :scheme https :method GET Referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Fri, 13 Apr 2018 20:12:02 GMT last-modified Tue, 10 May 2016 12:01:46 GMT server nginx etag "373-5327bb06f3e80" content-type image/png status 200 x-accel-version 0.01 accept-ranges bytes content-length 883
GET H2	200	page1a_new.jpg securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/	264 KB 264 KB	29ms 29ms	Image image/jpeg	31.148.219.11 Hosting Solution ...
General Check archive.org Show headers Download Go to Show image Full URL https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/page1a_new.jpg Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 31.148.219.11 , Netherlands, ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US), Reverse DNS xcia903mykfp.ru Software nginx / Resource Hash `302e999355215ae9b180dd8daa0cca6cc77b8c4bd86638c62e6b8765cc83745c` Request headers :path /a34fc9f417efef3c1/static/page1a_new.jpg pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority securemail.staples.com.encryptedmail.online referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/page1.css :scheme https :method GET Referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/page1.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Fri, 13 Apr 2018 20:12:02 GMT last-modified Tue, 10 May 2016 12:01:46 GMT server nginx etag "5731cdaa-42042" content-type image/jpeg status 200 accept-ranges bytes content-length 270402
GET H2	200	switch.png securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/	896 B 1 KB	16ms 15ms	Image image/png	31.148.219.11 Hosting Solution ...
General Check archive.org Show headers Download Go to Show image Full URL https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/switch.png Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 31.148.219.11 , Netherlands, ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US), Reverse DNS xcia903mykfp.ru Software nginx / Resource Hash `afe1aaf3340468411fd0be99d0f3b3af2d14acb108fc390c7e398835beb6ee85` Request headers :path /a34fc9f417efef3c1/static/switch.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority securemail.staples.com.encryptedmail.online referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/page1.css :scheme https :method GET Referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/page1.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Fri, 13 Apr 2018 20:12:02 GMT last-modified Tue, 10 May 2016 12:01:46 GMT server nginx etag "380-5327bb06f3e80" content-type image/png status 200 x-accel-version 0.01 accept-ranges bytes content-length 896
GET H2	200	gothic_0.ttf securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/	134 KB 135 KB	52ms 51ms	Font application/x-font-ttf	31.148.219.11 Hosting Solution ...
General Check archive.org Show headers Download Go to Full URL https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/gothic_0.ttf Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 31.148.219.11 , Netherlands, ASN14576 (HOSTING-SOLUTIONS - Hosting Solution Ltd., US), Reverse DNS xcia903mykfp.ru Software nginx / Resource Hash `64654e2515da88ca0c470c69b45341a0dda7f066a5f0c72cd6f2a929cdedd461` Request headers :path /a34fc9f417efef3c1/static/gothic_0.ttf pragma no-cache origin https://securemail.staples.com.encryptedmail.online accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 accept / cache-control no-cache :authority securemail.staples.com.encryptedmail.online referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/page1.css :scheme https :method GET User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Referer https://securemail.staples.com.encryptedmail.online/a34fc9f417efef3c1/static/page1.css Origin https://securemail.staples.com.encryptedmail.online Response headers date Fri, 13 Apr 2018 20:12:02 GMT last-modified Tue, 10 May 2016 12:01:46 GMT server nginx etag "5731cdaa-21960" content-type application/x-font-ttf status 200 accept-ranges bytes content-length 137568

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

na01.safelinks.protection.outlook.com
securemail.staples.com.encryptedmail.online
u4752178.ct.sendgrid.net
167.89.115.54
31.148.219.11
65.55.169.46
13c5543e611aec3afc72e09eca200827722aa1a9c8f1bc93dfe4184a0c7e0978
28aff5b8b300a23d1b5b58a537e087b203a80bbe995cc79248c2988419906ad5
302e999355215ae9b180dd8daa0cca6cc77b8c4bd86638c62e6b8765cc83745c
3485c218b78c5c515e606f7ca0a1101b5ccd6d634a71766fabfc94a4be36e606
64654e2515da88ca0c470c69b45341a0dda7f066a5f0c72cd6f2a929cdedd461
afe1aaf3340468411fd0be99d0f3b3af2d14acb108fc390c7e398835beb6ee85
da0d596ce49b8626e6b98672fa822e1c03f85d68853b17e55e415fb90e739303

securemail.staples.com.encryptedmail.online Open in urlscan Pro 31.148.219.11 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

405 kBTransfer

407 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

securemail.staples.com.encryptedmail.online Open in urlscan Pro
31.148.219.11 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

405 kB
Transfer

407 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!