urlscan.io logo urlscan.io
SecurityTrails logo

lmo.rostov202.site Open in urlscan Pro
45.155.249.214  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2B8wmQI4ysG34WwrC39YX...
Effective URL: https://lmo.rostov202.site/?username=edisupport@savemart.com
Submission: On June 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 45.155.249.214, located in Naaldwijk, Netherlands and belongs to RACKPLACE, DE. The main domain is lmo.rostov202.site.
TLS certificate: Issued by R3 on June 8th 2023. Valid for: 3 months.
This is the only time lmo.rostov202.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.123.16 11377 (SENDGRID)
7 45.223.59.119 19551 (INCAPSULA)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 34.120.88.34 396982 (GOOGLE-CL...)
2 45.155.249.214 58329 (RACKPLACE)
14 5
1    167.89.123.16 (Chicago, United States)

ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net
u18316585.ct.sendgrid.net
7    45.223.59.119 (United States)

ASN19551 (INCAPSULA, US)
ct.turing.com
1    2606:4700:3034::6815:17dd (United States)

ASN13335 (CLOUDFLARENET, US)
shreeganeshmetaliks.com
2    34.120.88.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.88.120.34.bc.googleusercontent.com
logging-server.turing.com
2    45.155.249.214 (Naaldwijk, Netherlands)

ASN58329 (RACKPLACE, DE)
lmo.rostov202.site
Apex Domain
Subdomains		 Transfer
9 turing.com
ct.turing.com
mail.turing.com Failed
logging-server.turing.com — Cisco Umbrella Rank: 896637
142 KB
2 rostov202.site
lmo.rostov202.site
132 KB
1 shreeganeshmetaliks.com
shreeganeshmetaliks.com Failed
743 B
1 sendgrid.net
u18316585.ct.sendgrid.net
561 B
14 4
Domain Requested by
7 ct.turing.com ct.turing.com
2 lmo.rostov202.site lmo.rostov202.site
2 logging-server.turing.com ct.turing.com
1 shreeganeshmetaliks.com ct.turing.com
1 u18316585.ct.sendgrid.net 1 redirects
0 mail.turing.com Failed ct.turing.com
14 6

This site contains no links.

Subject Issuer Validity Valid
imperva.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-05-23 -
2023-11-19		 6 months crt.sh
*.turing.com
Sectigo RSA Domain Validation Secure Server CA		 2022-10-18 -
2023-11-18		 a year crt.sh
rostov202.site
R3		 2023-06-08 -
2023-09-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://lmo.rostov202.site/?username=edisupport@savemart.com
Frame ID: D0ECBD96A832A8CF64FC64BD7CD2E0DD
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

reCAPTCHA

Page URL History Show full URLs

  1. https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2... HTTP 302
    https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e7... Page URL
  2. https://lmo.rostov202.site/?username=edisupport@savemart.com Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

14
Requests

79 %
HTTPS

20 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

275 kB
Transfer

838 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2B8wmQI4ysG34WwrC39YXBR-2BMii1Ytc3B24b3mNEFhPtIsakLSMv6ORj5Rhzyz4GOSNDhvsnUqYKnX2u5AnolNqwVxE4Tz7u0AOnivftihuCUQd4SjoV-2BgUlNB-2BSnihTscLWs1yBv-2BiW5b6uTXdtJTqRdQ4p-2BppMwHpXtV6fgpM0WeW9zyyEpauswswBv-2BE7H1f5x0BI27EQkCMRLnHgJtGXfeymR2mwzzO-2B9RD1PDLTXbr1iRdcEtkQ6Tooffsq2T510Ga7fsPClk3wYp3KyCVYq5FsrbpNKfIODhIlzsr4GymBakIAFPKU92O-2FvBDAa7PauswjW0r-2FRsL1vpgVE4R3i9wWg4NDCLCM7w0T2W0HfSVQ4UGoVWBZUM35Q-2BrL4aPDGeMDjb97YFHVCpkhcuUhgx6pegHzlUjPmuDtCOwW-2BXMng-3Dm7s0_Nv3shOr-2Fzd0530x-2FcrZKWb4ZDQKjwt4lo6HG1o6TxlLFaNaeDSqKdph90JxELXBfmc1reSyKdJdn3a0ypNuD8ybClu6-2FahEGFKE36LWYgheDrXUUHgKwooElfHDEG2F-2B5GwLPEL-2BGK9otIOIFhecAwElV4-2FXlVh6u2qhwXR2w7QB5wt8YWeaO86LKQ8W6YWWGWXBaCUCGOp8ooUAtn6liP-2BDsX2R0ZTy3DRfd4sDqNQ-3D HTTP 302
    https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20= Page URL
  2. https://lmo.rostov202.site/?username=edisupport@savemart.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2B8wmQI4ysG34WwrC39YXBR-2BMii1Ytc3B24b3mNEFhPtIsakLSMv6ORj5Rhzyz4GOSNDhvsnUqYKnX2u5AnolNqwVxE4Tz7u0AOnivftihuCUQd4SjoV-2BgUlNB-2BSnihTscLWs1yBv-2BiW5b6uTXdtJTqRdQ4p-2BppMwHpXtV6fgpM0WeW9zyyEpauswswBv-2BE7H1f5x0BI27EQkCMRLnHgJtGXfeymR2mwzzO-2B9RD1PDLTXbr1iRdcEtkQ6Tooffsq2T510Ga7fsPClk3wYp3KyCVYq5FsrbpNKfIODhIlzsr4GymBakIAFPKU92O-2FvBDAa7PauswjW0r-2FRsL1vpgVE4R3i9wWg4NDCLCM7w0T2W0HfSVQ4UGoVWBZUM35Q-2BrL4aPDGeMDjb97YFHVCpkhcuUhgx6pegHzlUjPmuDtCOwW-2BXMng-3Dm7s0_Nv3shOr-2Fzd0530x-2FcrZKWb4ZDQKjwt4lo6HG1o6TxlLFaNaeDSqKdph90JxELXBfmc1reSyKdJdn3a0ypNuD8ybClu6-2FahEGFKE36LWYgheDrXUUHgKwooElfHDEG2F-2B5GwLPEL-2BGK9otIOIFhecAwElV4-2FXlVh6u2qhwXR2w7QB5wt8YWeaO86LKQ8W6YWWGWXBaCUCGOp8ooUAtn6liP-2BDsX2R0ZTy3DRfd4sDqNQ-3D HTTP 302
  • https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Request Chain 7
  • https://mail.turing.com/api/analytics?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20= HTTP 0
  • http://shreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ct.turing.com/
Redirect Chain
  • https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2B8wmQI4ysG34WwrC39YXBR-2BMii1Ytc3B24b3mNEFhPtIsakLSMv6ORj5Rhzyz4GOSNDhvsnUqYKnX2u5AnolN...
  • https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9...
942 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
UploadServer /
Resource Hash
c45df170ec369133b562034ce83a6735660a5bc57a223043a25857b78e3dfb97

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2860
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=3600
content-type
text/html
date
Wed, 14 Jun 2023 15:26:36 GMT
etag
"4c43468b87c1001d88f88a5de775fbff"
last-modified
Thu, 11 May 2023 12:34:35 GMT
server
UploadServer
x-cdn
Imperva
x-goog-generation
1683808475439233
x-goog-hash
crc32c=N7OZ+g== md5=TENGi4fBAB2I+Ipd53X7/w==
x-goog-meta-goog-reserved-file-mtime
1683808466
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
729
x-guploader-uploadid
ADPycdtpKLvDcEXXCEnLPLic9C74t_GrrjVmofU3Axzps4sW10AiIbrJScHRYmAM6cX8v7EO9fa26hXUTM9Fh4w5H73jRg
x-iinfo
13-153464621-153464643 NNNN CT(13 7 0) RT(1686759255482 55) q(0 0 0 6) r(0 0) U24

Redirect headers

Connection
keep-alive
Content-Length
384
Content-Type
text/html; charset=utf-8
Date
Wed, 14 Jun 2023 16:14:16 GMT
Location
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Server
nginx
X-Robots-Tag
noindex, nofollow
yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl
ct.turing.com/ 		213 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 16:14:16 GMT
content-encoding
gzip
server
bon
x-cdn
Imperva
content-type
text/javascript
access-control-allow-origin
*
x-iinfo
13-153464621-153464659 NNNN CT(7 15 0) RT(1686759255482 135) q(0 0 0 -1) r(0 0)
cache-control
max-age=0
server-timing
bon, total;dur=12.061314999999999
content-length
69635
main.013c44c458e6d0da5b13.js
ct.turing.com/ 		150 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/main.013c44c458e6d0da5b13.js
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
UploadServer /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:50:55 GMT
content-encoding
br
x-cdn
Imperva
x-goog-meta-goog-reserved-file-mtime
1683808466
age
1401
x-guploader-uploadid
ADPycdtB1gkArPnrsCyICk81SXBR0nwVYTATyD7460onlcOGsyJwpCqZxbnzawEnprsNg5_JO4_90X_bCWIDIfIlCk2TIFK4cFq9
x-goog-storage-class
STANDARD
x-iinfo
13-153464621-153464662 NNNN CT(11 11 0) RT(1686759255482 140) q(0 0 0 -1) r(0 0) U24
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47248
last-modified
Thu, 11 May 2023 12:34:35 GMT
server
UploadServer
etag
W/"51864cbf642cef61c0eacdba6cd899f6"
vary
Accept-Encoding
x-goog-generation
1683808475826181
x-goog-hash
crc32c=MsdItA==, md5=UYZMv2Qs72HA6s26bNiZ9g==
content-type
application/javascript
cache-control
public,max-age=3600
x-goog-stored-content-length
153933
accept-ranges
none
main.013c44c458e6d0da5b13.css
ct.turing.com/ 		669 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/main.013c44c458e6d0da5b13.css
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
UploadServer /
Resource Hash
5bea97352ebb1f24a716891a46ab47a20ea529f957dd6ba100c1e46b8976c478

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:53:56 GMT
x-cdn
Imperva
x-goog-meta-goog-reserved-file-mtime
1683808466
age
1220
x-guploader-uploadid
ADPycdtOg01IRtCY3nFRMx8REEHFg7FYYDNMzGJtrLXsbeUAUuWti47X3FWYQNmxgxPo24zSoAK4k7CltKWNCuCV4f6sfyuty3F7
x-goog-storage-class
STANDARD
x-iinfo
13-153464621-153464643 PNNN RT(1686759255482 136) q(0 0 0 -1) r(0 0) U24
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
669
last-modified
Thu, 11 May 2023 12:34:35 GMT
server
UploadServer
etag
"a9378920a02242888934bc0f07a3abad"
x-goog-generation
1683808475672560
x-goog-hash
crc32c=q7es5A==, md5=qTeJIKAiQoiJNLwPB6OrrQ==
content-type
text/css
cache-control
public,max-age=3600
x-goog-stored-content-length
669
accept-ranges
bytes
_Incapsula_Resource
ct.turing.com/ 		154 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=2113039270
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
aeccbfd402024bcbf05b0c954cacdb9a987a67224decd0e41a496b61e4ff8d56

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
x-robots-tag
noindex
content-length
22272
content-type
application/javascript
_Incapsula_Resource
ct.turing.com/ 		1 B
51 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.turing.com/_Incapsula_Resource?SWKMTFSR=1&e=0.00898184447512218
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
content-type
text/plain
email-clicked
mail.turing.com/api/logging/ 		0
0
ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
shreeganeshmetaliks.com/lobatan/
Redirect Chain
  • https://mail.turing.com/api/analytics?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a6...
  • http://shreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
0
0
ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
shreeganeshmetaliks.com/lobatan/ 		0
743 B 		Document
General
Check archive.org
Download Go to
Full URL
http://shreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/main.013c44c458e6d0da5b13.js
Protocol
HTTP/1.1
Server
2606:4700:3034::6815:17dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
7d73dd8bdf053659-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 14 Jun 2023 16:14:17 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASCFqtZVSkyh3fA4TbxeOJkpfut7ISaOsbTAW9eILkgk8E6YI1eZtXspPhQOXVETbNfzZIgag%2FEEpb1aluvMeZiZFwuXW%2F57Eh689Hh2Fm38HmrsAzbCQG%2BqzBB%2B6uRbMWxcZ7XTc4Dytma04O7pViPOD6VhEg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400
refresh
0;url=https://lmo.rostov202.site/?username=edisupport@savemart.com
log
logging-server.turing.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://logging-server.turing.com/log
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.88.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
34.88.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,visitor-token,x-client-logging-version,x-is-bot,x-log-name,x-product-name,x-seq
Access-Control-Request-Method
POST
Origin
https://ct.turing.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,content-type,visitor-token,x-client-logging-version,x-is-bot,x-log-name,x-product-name,x-seq
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://ct.turing.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 14 Jun 2023 16:14:16 GMT
vary
Origin, Access-Control-Request-Headers
via
1.1 google
x-powered-by
Express
log
logging-server.turing.com/ 		285 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://logging-server.turing.com/log
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/main.013c44c458e6d0da5b13.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.88.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
34.88.120.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

visitor-token
accept-language
de-DE,de;q=0.9
Authorization
Basic Y2xpZW50VXNlcjpRb2shMjMzISEjM2Fs
x-seq
0
x-client-logging-version
6.12.0
Content-Type
application/json
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Referer
https://ct.turing.com/
x-is-bot
false
x-log-name
PAGEVIEWS
x-product-name
EMAIL_COMMUNICATION_SYSTEM

Response headers

content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
date
Wed, 14 Jun 2023 16:14:17 GMT
via
1.1 google
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
285
x-xss-protection
0
referrer-policy
no-referrer
cross-origin-opener-policy
same-origin
etag
W/"11d-ap25m7uMP9a9C2CHytrDGYveNag"
expect-ct
max-age=0
vary
Origin
x-frame-options
SAMEORIGIN
x-download-options
noopen
access-control-allow-origin
https://ct.turing.com
origin-agent-cluster
?1
content-type
application/json; charset=utf-8
access-control-allow-credentials
true
x-ls-version
4.3.1
yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl
ct.turing.com/ 		742 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl?d=ct.turing.com
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash

Request headers

Accept
application/json; charset=utf-8
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain; charset=utf-8

Response headers

date
Wed, 14 Jun 2023 16:14:16 GMT
server
bon
x-cdn
Imperva
content-type
application/json
access-control-allow-origin
*
x-iinfo
13-153464621-153464659 PNNN RT(1686759255482 627) q(0 0 0 -1) r(1 1) U6
cache-control
no-cache, no-store
server-timing
bon, total;dur=88.337068
content-length
742
Primary Request /
lmo.rostov202.site/ 		277 KB
132 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lmo.rostov202.site/?username=edisupport@savemart.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.155.249.214 Naaldwijk, Netherlands, ASN58329 (RACKPLACE, DE),
Reverse DNS
Software
nginx /
Resource Hash
f4895af335ea3414939cb4c77d00b5b9a2a8bec12853bd71472c6d3afb5cc028
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://shreeganeshmetaliks.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 14 Jun 2023 16:14:17 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
truncated
/ 		858 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
19b8ee66ab60c45d5d24988d090b61c938b44c2ee9a5f8558335b27a2f315072

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		40 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
64c2019b369b4f3b45009d1740f4c7ae0856bb2608aea7d7628b78f43cecb3fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
/
lmo.rostov202.site/ 		143 B
308 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lmo.rostov202.site/?username=edisupport@savemart.com
Requested by
Host: lmo.rostov202.site
URL: https://lmo.rostov202.site/?username=edisupport@savemart.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.155.249.214 Naaldwijk, Netherlands, ASN58329 (RACKPLACE, DE),
Reverse DNS
Software
nginx /
Resource Hash
82e7afc78a09793410f00832d8bfaa862afca42c5037f35c160970cb19ca8d43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 14 Jun 2023 16:14:18 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/json

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mail.turing.com
URL
https://mail.turing.com/api/logging/email-clicked?ti=eyJpc19hdXRvbWF0aW9uX3Rvb2wiOmZhbHNlLCJvcmlnaW5hbF91cmwiOiJodHRwOi8vc2hyZWVnYW5lc2htZXRhbGlrcy5jb20vbG9iYXRhbi9aV1JwYzNWd2NHOXlkRUJ6WVhabGJXRnlkQzVqYjIwPSIsImlzX2JlYWNvbl9zdXBwb3J0ZWQiOnRydWUsImRldmljZVdpZHRoIjoxNjAwLCJkZXZpY2VIZWlnaHQiOjEyMDAsImJyb3dzZXJXaWR0aCI6MTYwMCwiYnJvd3NlckhlaWdodCI6MTIwMCwibGFuZ3VhZ2UiOiJlbi1VUyIsInVzZXJBZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTQuMC41NzM1LjEzMyBTYWZhcmkvNTM3LjM2IiwidXJsIjoiaHR0cHM6Ly9jdC50dXJpbmcuY29tLz90aT04MGQ3NTVlYmU4OGMyZDBiNWEzZmVhOGI1YTBkMDk4ZGYxNWQ2OTczNzM1OGU2ZTYzZDkxYWM3YjgwNmNhZTE1MTY4ODY3ZTc1NWJkNTk3ZGM5NGZjYmQzYTQ4MzE3Nzc0YWRhODJiNTEwZDkzYTM1OTMxOWJlMTU2ZjY3ZjI0OGRjMGM4ZGJlNzU1OTA3MmM3NTQxM2RjOGQ4YTY1OWNjZGMwYTc3MDE5ZDkzNTMxMDVkZjI0MzFjMWQ4MTRiZmJiZGEzZTVjYTljZWU1OTM1Y2U2ZmJhNDFjYWY3YjM1N2YyYmZlZjE5YTBmNTBmNWMyNzdmOWI0MWZkJnJkPWh0dHAlM0ElMkYlMkZzaHJlZWdhbmVzaG1ldGFsaWtzLmNvbS9sb2JhdGFuL1pXUnBjM1Z3Y0c5eWRFQnpZWFpsYldGeWRDNWpiMjA9In0=
Domain
shreeganeshmetaliks.com
URL
http://shreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| a0f function| a0e function| setCookie function| onCheckBoxChange

6 Cookies

Domain/Path Name / Value
.turing.com/ Name: visid_incap_2912814
Value: ATSSybl/Q/GUf0maZpMJAVfniWQAAAAAQUIPAAAAAADPTTnkivZ0Z/L+TUHfp2iT
.turing.com/ Name: nlbi_2912814
Value: FbFVJrjPPnsSfNXGoaY+eQAAAAAcHkyhMOMCE91NE6vqluMx
.turing.com/ Name: incap_ses_184_2912814
Value: O2iqFhuf0AlBcbWGlLONAlfniWQAAAAADA4qfK1zvdIDPMYhWnxe5Q==
.turing.com/ Name: nlbi_2912814_2147483392
Value: IgRDCMMn4wJl9X9xoaY+eQAAAADimGc0BvNoMiCI3qmJAasC
ct.turing.com/ Name: reese84
Value: 3:X8Y/3pVF1wvODiDtVDcwDw==:zTHLLudSstK9bFk6nU+/0AjIvR+iIRNi21hZlqCjuuoQrgmurZmsmtejA35HxRCD2tFc1+Bddt7/Ybn3JwAaSX2S3hi3B9WxIsBTzd+nN+joM32roIsTg5ZE0ua36miKLhqFqyw3NN/i7jFs9vlk2abtLDmgMAKZmfcVMaPMtN+IXbf5NZs2Y7/Vj6RgPG3XR2ANWVK4DQN4JOaymxaft0KPfuScZpAUj6O9UxFXPq2Rx6WTv8wZNTkexFA+yTEcRXVqR9L5WoCroEuXAjgeAmaA/3UZy86ivbnp6E6NvwevHwMCmJOKFRuKZFW5juH+qiNjwneoeognnF979CPtbwlGSWD2aGNY2Jz/qNvh6hwZ9n9iS27dDFPC5spnMsiIAgnVqbM2D+81S/+zbY6DDtKxgiieaVUHfmQlWYm7aGe27SevMQOlBoSDH+QfSz36HXn14vvpGnyXHW17oXOWkcP/Zzb21U8kP6L+8fcmProM9iot3TkYZXctR43MheFOzMr+Et7s7gUCZ0FigsmO1Z7kT0ZltZ4i0FyJQRJtEI2Bo6Ndd1cODYwHb9i2RSVUrn3mcUaDIm/iOtRgpGyXXTLU9v7ZtNu77P5OOePQTFc=:4HnOE88oQxqZhTfkYjv9ckIU3A7F0GP1iv0016VR+LA=
.turing.com/ Name: visitor_token
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2aXNpdG9ySWQiOiIzYWM4MjYxZC03NjY4LTQ1YTItYTRmZS1lYTk1NWZhNzQyNTEiLCJzZXNzaW9uSWQiOiI3MWRjNWJkNy0zYmUzLTRkODEtODBmMi1hMzEyNDBjNmE0NmMiLCJzZXNzaW9uRXhwIjoxNjg2NzYxMDU3LCJpYXQiOjE2ODY3NTkyNTd9.3dTU0nh2MLZwfFsQFDMvnXqGeNp1GIHuqJHlD4l5uLE

1 Console Messages

Source Level URL
Text
security error URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=
Message:
Mixed Content: The page at 'https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20=' was loaded over HTTPS, but requested an insecure Beacon endpoint 'http://shreeganeshmetaliks.com/lobatan/ZWRpc3VwcG9ydEBzYXZlbWFydC5jb20='. This request has been blocked; the content must be served over HTTPS.