erescue-v2-uk-ica.erescueglobal.com
Open in
urlscan Pro
2606:2800:11f:1cb7:261b:1f9c:2074:3c
Malicious Activity!
Public Scan
Submission: On March 21 via api from US — Scanned from US
Summary
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on March 13th 2024. Valid for: a year.
This is the only time erescue-v2-uk-ica.erescueglobal.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Axa (Insurance)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 2606:2800:11f... 2606:2800:11f:1cb7:261b:1f9c:2074:3c | 15133 (EDGECAST) (EDGECAST) | |
2 | 2607:f8b0:400... 2607:f8b0:4004:c09::5e | 15169 (GOOGLE) (GOOGLE) | |
5 | 54.235.142.155 54.235.142.155 | 14618 (AMAZON-AES) (AMAZON-AES) | |
6 | 2600:9000:226... 2600:9000:2269:5c00:15:1def:a40:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 2600:9000:251... 2600:9000:2514:e400:15:1def:a40:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
7 | 2606:4700::68... 2606:4700::6813:b234 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
35 | 7 |
ASN15133 (EDGECAST, US)
erescue-v2-uk-ica.erescueglobal.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-142-155.compute-1.amazonaws.com
aa-holding-homemanager.prismic.io |
ASN16509 (AMAZON-02, US)
aa-holding-erescue-business.cdn.prismic.io |
ASN16509 (AMAZON-02, US)
aa-holding-erescue-technical.cdn.prismic.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
prismic.io
aa-holding-homemanager.prismic.io aa-holding-erescue-business.cdn.prismic.io aa-holding-erescue-technical.cdn.prismic.io |
39 KB |
9 |
erescueglobal.com
erescue-v2-uk-ica.erescueglobal.com |
3 MB |
7 |
cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 477 |
122 KB |
2 |
gstatic.com
www.gstatic.com |
18 KB |
35 | 4 |
Domain | Requested by | |
---|---|---|
9 | erescue-v2-uk-ica.erescueglobal.com |
erescue-v2-uk-ica.erescueglobal.com
|
7 | cdn.cookielaw.org |
erescue-v2-uk-ica.erescueglobal.com
cdn.cookielaw.org |
6 | aa-holding-erescue-technical.cdn.prismic.io |
erescue-v2-uk-ica.erescueglobal.com
|
6 | aa-holding-erescue-business.cdn.prismic.io |
erescue-v2-uk-ica.erescueglobal.com
|
5 | aa-holding-homemanager.prismic.io |
erescue-v2-uk-ica.erescueglobal.com
|
2 | www.gstatic.com |
erescue-v2-uk-ica.erescueglobal.com
|
35 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.e-rescue.co.uk |
onetrust.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni36094gl.wpc.edgecastcdn.net DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-03-13 - 2025-03-12 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
*.prismic.io Amazon RSA 2048 M01 |
2023-07-26 - 2024-08-23 |
a year | crt.sh |
*.cdn.prismic.io Amazon RSA 2048 M03 |
2023-08-16 - 2024-09-12 |
a year | crt.sh |
cookielaw.org Cloudflare Inc ECC CA-3 |
2024-03-01 - 2024-12-31 |
10 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://erescue-v2-uk-ica.erescueglobal.com/
Frame ID: 4B7A7592B2914998D17AFEC8B7560881
Requests: 36 HTTP requests in this frame
Screenshot
Page Title
E-RescueDetected technologies
Firebase (Databases) ExpandDetected patterns
- /firebasejs/([\d.]+)/firebase
React (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+data-react
OneTrust (Cookie compliance) Expand
Detected patterns
- cdn\.cookielaw\.org
- otSDKStub\.js
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: More information (Cookie policy)
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
35 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
erescue-v2-uk-ica.erescueglobal.com/ |
984 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-app.js
www.gstatic.com/firebasejs/7.22.1/ |
20 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-messaging.js
www.gstatic.com/firebasejs/7.22.1/ |
40 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.66f3381d.js
erescue-v2-uk-ica.erescueglobal.com/static/js/ |
3 MB 3 MB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
aa-holding-homemanager.prismic.io/api/ |
2 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-homemanager.prismic.io/api/v2/documents/ |
22 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
aa-holding-erescue-business.cdn.prismic.io/api/ |
2 KB 983 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
aa-holding-erescue-business.cdn.prismic.io/api/ |
2 KB 982 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
aa-holding-erescue-business.cdn.prismic.io/api/ |
2 KB 982 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
aa-holding-erescue-technical.cdn.prismic.io/api/ |
2 KB 998 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
aa-holding-erescue-technical.cdn.prismic.io/api/ |
2 KB 998 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
aa-holding-erescue-technical.cdn.prismic.io/api/ |
2 KB 997 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-homemanager.prismic.io/api/v2/documents/ |
16 KB 5 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-homemanager.prismic.io/api/v2/documents/ |
22 KB 7 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-homemanager.prismic.io/api/v2/documents/ |
20 KB 7 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-erescue-technical.cdn.prismic.io/api/v2/documents/ |
2 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-erescue-technical.cdn.prismic.io/api/v2/documents/ |
5 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-erescue-technical.cdn.prismic.io/api/v2/documents/ |
2 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-erescue-business.cdn.prismic.io/api/v2/documents/ |
7 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-erescue-business.cdn.prismic.io/api/v2/documents/ |
4 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search
aa-holding-erescue-business.cdn.prismic.io/api/v2/documents/ |
1 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3672.2d7661ab.chunk.js
erescue-v2-uk-ica.erescueglobal.com/static/js/ |
21 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OtAutoBlock.js
cdn.cookielaw.org/consent/a854c0d8-ac9b-4e79-8653-a9ae902fc1d9-test/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en-GB.json
erescue-v2-uk-ica.erescueglobal.com/locales/synergy/ |
35 KB 36 KB |
Fetch
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a854c0d8-ac9b-4e79-8653-a9ae902fc1d9-test.json
cdn.cookielaw.org/consent/a854c0d8-ac9b-4e79-8653-a9ae902fc1d9-test/ |
4 KB 2 KB |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.15.0/ |
372 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en.json
cdn.cookielaw.org/consent/a854c0d8-ac9b-4e79-8653-a9ae902fc1d9-test/41fdef51-c260-484d-9421-c02d71d34a83/ |
51 KB 14 KB |
Fetch
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axa_logo_solid_rgb.svg
erescue-v2-uk-ica.erescueglobal.com/assets/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SourceSansPro-Semibold.ttf.woff2
erescue-v2-uk-ica.erescueglobal.com/assets/fonts/ |
15 KB 16 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SourceSansPro-Regular.ttf.woff2
erescue-v2-uk-ica.erescueglobal.com/assets/fonts/ |
16 KB 16 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image-homepage-spain.svg
erescue-v2-uk-ica.erescueglobal.com/assets/images/ |
35 KB 35 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SourceSansPro-Bold.ttf.woff2
erescue-v2-uk-ica.erescueglobal.com/assets/fonts/ |
15 KB 15 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otFlat.json
cdn.cookielaw.org/scripttemplates/6.15.0/assets/ |
12 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.15.0/assets/v2/ |
47 KB 11 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
817 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Axa (Insurance)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| firebase object| webpackChunkabode_app object| __dynProto$Gbl object| providers object| obligatory object| optional object| ABODE function| OptanonWrapper object| lastDataLayer object| lastPageView object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
erescue-v2-uk-ica.erescueglobal.com/ | Name: OptanonConsent Value: isIABGlobal=false&datestamp=Thu+Mar+21+2024+04%3A37%3A18+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=6.15.0&hosts=&consentId=bab417a9-986a-47c6-b419-4291fc74ad74&interactionCount=0&landingPath=https%3A%2F%2Ferescue-v2-uk-ica.erescueglobal.com%2F&groups=C0002%3A0%2CC0001%3A1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' *.abode-global.com *.recaptcha.net *.cookielaw.org *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.google-analytics.com *.visualstudio.com *.msecnd.net *.azurewebsites.net *.onetrust.com *.qualtrics.com *.googleapis.com *.axa-assistance.com *.virtualearth.net *.azureedge.net *.prismic.io *.bing.com *.stats.g.doubleclick.net *.clarity.ms data: blob: *.here-with-you.com *.erescueglobal.com |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Frame-Options | ALLOW-FROM https://css-axapartners--cmsddev--c.cs106.visual.force.com/apex/HM_CPOUIWidget |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aa-holding-erescue-business.cdn.prismic.io
aa-holding-erescue-technical.cdn.prismic.io
aa-holding-homemanager.prismic.io
cdn.cookielaw.org
erescue-v2-uk-ica.erescueglobal.com
www.gstatic.com
2600:9000:2269:5c00:15:1def:a40:93a1
2600:9000:2514:e400:15:1def:a40:93a1
2606:2800:11f:1cb7:261b:1f9c:2074:3c
2606:4700::6813:b234
2607:f8b0:4004:c09::5e
54.235.142.155
085a749ea4b56129688335d2b0bca1cf381689843b39f287e2b8addc3a130e73
1674528c3f9bdd5ae142f91508c43de952f0e2a2402ca3d26573de9059ff2add
1c315a25e51e428102a88e91c694672ff578abb3174614a3d2b9f86e9615ef06
241dac93f04fca823eeca3422ba97b1b44025f3f56b3c69166a287dc25b3aa0e
25742a8128595fa2deaaf19d4ccd3382fe6f330ed0bdb4ff675b59e1ec2fc80a
27d30b4bddac5b62bbe5a4b7b1590fe3422f9d51046de6bc20f9bd4aee164169
339efc0d5c2553947b6e746ecc24cde8b1044588103ba997cdf1622cc3a42909
3620629b667833e66b3470134b2566e8fcc9824bbf7ac6bff5147c924a341c63
36612f56eca38e07a24d848eacef96e2dd506bfcb1ff459dc505d054fff7cee6
37fca128a6745de39c0400e72c483ff9f29e786a583fee5fbda2b2166abd9ee2
38df5c8cb08b4293084cb7138a88598e0aed51e21596f7a92334346c3dcfcf05
413aeb0bcd558a0d3085f2886955a3decaa442747091f417abdea3681e9ec083
42065bd59545255c663f91fdd0441fbaf6969777d161b6c631d5927b873af65e
4e48e13a249945d8bc608cefc2c0df239fdc42cccc7ca504576ef453f3f73375
4f15551e8df16365a4eba91f078b16e4dc40959a98f6f8e1de8b2ad895ccc705
6a0369392a8063106fabfb1d451d6bcf1cb22feecc57106ba8b4a42ae33fe310
6c7aa2909e0d2f6508a368136b6356c3adeef29513186fa1714435a6ce47382e
6e11315433fd6c28f497a4ac9110cd9686d22e66d26581b995f57736ac12ca07
a5de3651c0aa89e6497da505565c8944039fd6480aa161b1f270d1f5953c9d5f
a964d2953dc3df9f7532f7e033397e6fffd16b2316c7bd20e2270bb3cdfc5e9a
b6f671638248959ffc2d4a5ab50761cbb5f482ae1fb203f3c8310eb4ccb64108
be7f5039cb0035b81faa52290b61f8ae529af2744d58dd4dad5865239f6ad09a
bf1e00d7ea31204a47e470a29eaf991de802e5b961a8fd4c3a044c13c96ff28f
c09055f0d3ce5ac45f886c935226d1e4cb0f7488525e9f8b298f26fc0171e5a8
c2b7b674ce992d67954d9f14dd2675387540ff8cb8deba4d17e6eee114f43b2a
c4e31893360c2ef7bc5a1eba3936592e58ad44ff57b8656d5cf4a8301906555e
cb992eae898417162c48b37712991d9ad8053c4a64fce51aff195edc69dc35f2
d0104cbfc021257e761b38aa9fc5ea2b249afffe3808c2c55d583c61c087ac93
d8381e66783011957eabadb622d7899061bf93e78fff38ebfe00ab743d6c8e60
d85e4dcb52ce714c7136eb95a32765325205a4aabdb51932bd9024c400be665d
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
f1b8c803882948b2400846503e203511944feb3eec2ef24891508287ba5d8f5b