bailoutmedia.co Open in urlscan Pro
70.32.68.130 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php
Submission: On August 09 via manual (August 9th 2022, 7:59:33 am UTC) from BE — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 70.32.68.130, located in United States and belongs to MEDIATEMPLE, US. The main domain is bailoutmedia.co.

This is the only time bailoutmedia.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

	IP Address	AS Autonomous System
12	70.32.68.130 70.32.68.130	31815 (MEDIATEMPLE) (MEDIATEMPLE)
2	2606:4700:303... 2606:4700:3033::6815:3f36	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2

12 70.32.68.130 (United States)

ASN31815 (MEDIATEMPLE, US)
PTR: aamoiaqsac.c05.gridserver.com

bailoutmedia.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::6815:3f36 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	bailoutmedia.co bailoutmedia.co	359 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 951	77 KB
14	2

	Domain	Requested by
12	bailoutmedia.co	bailoutmedia.co
2	use.fontawesome.com	bailoutmedia.co use.fontawesome.com
14	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php
Frame ID: 47E11830019E203BAC7E382B74828F2D
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Adobe PDF Online

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

14 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

437 kB
Transfer

717 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response bailoutmedia.co/Kattegat/Adobe_cloud/	28 KB 7 KB	788ms 213ms	Document text/html	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / PHP/7.3.11 Resource Hash `e8d650d36cb3e37496a8bb8f183978cf15cde3652ad3b4e65d70b0620a9b0e83` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Length 6460 Content-Type text/html; charset=UTF-8 Date Tue, 09 Aug 2022 07:59:06 GMT Server nginx Vary Accept-Encoding,User-Agent X-Powered-By PHP/7.3.11
GET H/1.1	200 OK	bootstrap.min.css bailoutmedia.co/Kattegat/Adobe_cloud/css/	147 KB 20 KB	173ms 172ms	Stylesheet text/css	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/css/bootstrap.min.css Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `fd4e36989302bb662963aa5612114b262b8500322ee2171ace464e1d56af12c4` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Content-Encoding gzip Last-Modified Sun, 27 Jan 2019 23:38:50 GMT Server nginx ETag "24dd9-580790fead680-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 20034
GET H2	200	all.css use.fontawesome.com/releases/v5.3.1/css/	48 KB 11 KB	79ms 33ms	Stylesheet text/css	2606:4700:3033::6815:3f36 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.3.1/css/all.css Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:3f36 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `604dcf1f11698655f75046bb92f98aaa9477e1c16b01c5fc415e78794393ffb9` Request headers Referer http://bailoutmedia.co/ Origin http://bailoutmedia.co accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 07:59:29 GMT content-encoding br vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 77868 access-control-allow-methods GET alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-request-id 1WSFC700RGWPAVQ2 x-amz-id-2 0sHqlEA9YLcTYQkJGxb8yw5K2MGaxLWRlBHymOObprCjZZkLnp+KCkJylwyd+WyiDI7b3nEXPGI= last-modified Wed, 30 Jun 2021 15:42:14 GMT server cloudflare etag W/"10519cfd3206802f58315b877a9beab5" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 3000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttAHv9vgXvmtf6awtIYLACYsuAcw%2BP7oGu74XeWcZC%2FqOdsrgAZlQSUE9%2F5cW8ygH5t8YUDfq1YLeACVBKebw3QydEF4rMZmiXbT64VQmCjH6TvRwlA04NdfTU3bpedlmBJmbH45SccySvwbLdzDJ3t%2B"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * cache-control max-age=31556926 cf-ray 737ef3dfedc09b55-FRA
GET H/1.1	200 OK	styles.css bailoutmedia.co/Kattegat/Adobe_cloud/css/	2 KB 1 KB	170ms 169ms	Stylesheet text/css	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/css/styles.css Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `68ea83e2827400efb3aba1f1f7a6ffa8b296e7043e0b6a7e65c09fc1f7421f5b` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Content-Encoding gzip Last-Modified Fri, 03 Jan 2020 22:03:56 GMT Server nginx ETag "9ef-59b437c6a2b00-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 1052
GET H/1.1	200 OK	spinner.svg bailoutmedia.co/Kattegat/Adobe_cloud/images/	6 KB 6 KB	187ms 171ms	Image image/svg+xml	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Show image Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/images/spinner.svg Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `0442a5d5466a92e46e958f5ba39d50544c2b0ddff96f53733f38e983fc684199` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Last-Modified Sun, 27 Jan 2019 23:41:00 GMT Server nginx ETag "17e9-5807917aa7b00" Vary User-Agent Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 6121
GET H/1.1	200 OK	logo-header.png bailoutmedia.co/Kattegat/Adobe_cloud/images/	4 KB 4 KB	168ms 168ms	Image image/png	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Show image Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/images/logo-header.png Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `569491fbc351a3bf2f9c9e27d893be6f7a11ed95716c9f6f5c5f7a5d20cf9f25` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Last-Modified Sun, 27 Jan 2019 23:41:28 GMT Server nginx ETag "f68-580791955ba00" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 3944
GET H/1.1	200 OK	word-icon.png bailoutmedia.co/Kattegat/Adobe_cloud/images/	249 KB 250 KB	168ms 168ms	Image image/png	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Show image Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/images/word-icon.png Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `510a325511da46876c69baf81e75ecd19cffca5b1d7c74c6d394a17fdc966f3c` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Last-Modified Sun, 27 Jan 2019 23:41:56 GMT Server nginx ETag "3e53b-580791b00f900" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 255291
GET H/1.1	200 OK	anti-virus.jpg bailoutmedia.co/Kattegat/Adobe_cloud/images/	6 KB 6 KB	167ms 167ms	Image image/jpeg	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Show image Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/images/anti-virus.jpg Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `fdb1ee51d20da04d74acdd0c48d74d134016c2c1e243bca316f7fefc0eaa28cb` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Last-Modified Sun, 27 Jan 2019 23:42:32 GMT Server nginx ETag "1706-580791d264a00" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 5894
GET H/1.1	200 OK	ted.png bailoutmedia.co/Kattegat/Adobe_cloud/images/	21 KB 21 KB	172ms 171ms	Image image/png	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Show image Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/images/ted.png Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `74aa4bea40103d121df47c79bcf239a44b0056ec7b1087c15b0cb7681ea519f9` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Last-Modified Sun, 27 Jan 2019 23:42:56 GMT Server nginx ETag "53f1-580791e948000" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 21489
GET H/1.1	200 OK	jquery.slim.min.js Show response bailoutmedia.co/Kattegat/Adobe_cloud/js/	68 KB 24 KB	330ms 175ms	Script application/javascript	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/js/jquery.slim.min.js Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `a38aa9d0155d9e07a648af736bf7dfe2388efd961fbcf5f2eba20256661820bb` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Content-Encoding gzip Last-Modified Sun, 27 Jan 2019 23:36:18 GMT Server nginx ETag "10ebf-5807906db8080-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 23759
GET H/1.1	200 OK	tether.min.js Show response bailoutmedia.co/Kattegat/Adobe_cloud/js/	24 KB 8 KB	336ms 171ms	Script application/javascript	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/js/tether.min.js Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Content-Encoding gzip Last-Modified Sun, 27 Jan 2019 23:36:56 GMT Server nginx ETag "619d-58079091f5600-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 7519
GET H/1.1	200 OK	bootstrap.min.js Show response bailoutmedia.co/Kattegat/Adobe_cloud/js/	46 KB 12 KB	335ms 170ms	Script application/javascript	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/js/bootstrap.min.js Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `8f2306735d05cfc385e680d4b6fe06998d3a426c6f4653668e841fb6dc737b06` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Content-Encoding gzip Last-Modified Sun, 27 Jan 2019 23:37:32 GMT Server nginx ETag "b643-580790b44a700-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 12038
GET H/1.1	200 OK	scripts.js Show response bailoutmedia.co/Kattegat/Adobe_cloud/js/	2 KB 1 KB	334ms 169ms	Script application/javascript	70.32.68.130 MEDIATEMPLE
General Check archive.org Show headers Download Go to Full URL http://bailoutmedia.co/Kattegat/Adobe_cloud/js/scripts.js Requested by Host: bailoutmedia.co URL: http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php Protocol HTTP/1.1 Server 70.32.68.130 , United States, ASN31815 (MEDIATEMPLE, US), Reverse DNS aamoiaqsac.c05.gridserver.com Software nginx / Resource Hash `b9c8c8672cac9bf52c0319d35c0f85a412b9f312e8f6fb6a46316d0aff4ef91c` Request headers accept-language de-DE,de;q=0.9 Referer http://bailoutmedia.co/Kattegat/Adobe_cloud/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Tue, 09 Aug 2022 07:59:07 GMT Content-Encoding gzip Last-Modified Sun, 10 Mar 2019 22:20:44 GMT Server nginx ETag "735-583c4ddf1e700-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 763
GET H2	200	fa-solid-900.woff2 use.fontawesome.com/releases/v5.3.1/webfonts/	66 KB 66 KB	34ms 33ms	Font font/woff2	2606:4700:3033::6815:3f36 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.3.1/webfonts/fa-solid-900.woff2 Requested by Host: use.fontawesome.com URL: https://use.fontawesome.com/releases/v5.3.1/css/all.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:3f36 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca3ea16761b7d443c64cfd99dd1cf8aa84790a25bb4709582935956fe71d014d` Request headers Referer https://use.fontawesome.com/releases/v5.3.1/css/all.css Origin http://bailoutmedia.co accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 07:59:29 GMT access-control-allow-methods GET vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 77868 cf-ray 737ef3e1c8849b55-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 67400 x-amz-id-2 ayomKNMbmhrNeQ1+nA8gl3LM9AfMSgVtBB8lhBW/6MsLkPTMmunTkeec1kXHEosgStZLkdmd6r4= last-modified Wed, 30 Jun 2021 15:42:33 GMT server cloudflare etag "14a08198ec7d1eb96d515362293fed36" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 3000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Ohg8AHMns82z4s5OgI%2FkXxUNSydJhnR6z9xfM14tASHTwjk4UtsEa%2Fl3LuRc%2BuItGI1f2rB8s%2B2xpBm749SfSxOgZcgRKz%2FfcuwLWFOrybBIDsvAdGwPP%2FzLZT7GluxZlWz73MUjF8PygalvWLLClve"}],"group":"cf-nel","max_age":604800} x-amz-request-id 1WSBJ7K755B2FGC6 access-control-allow-origin * cache-control max-age=31556926 accept-ranges bytes content-type font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bailoutmedia.co
use.fontawesome.com
2606:4700:3033::6815:3f36
70.32.68.130
0442a5d5466a92e46e958f5ba39d50544c2b0ddff96f53733f38e983fc684199
510a325511da46876c69baf81e75ecd19cffca5b1d7c74c6d394a17fdc966f3c
569491fbc351a3bf2f9c9e27d893be6f7a11ed95716c9f6f5c5f7a5d20cf9f25
604dcf1f11698655f75046bb92f98aaa9477e1c16b01c5fc415e78794393ffb9
68ea83e2827400efb3aba1f1f7a6ffa8b296e7043e0b6a7e65c09fc1f7421f5b
74aa4bea40103d121df47c79bcf239a44b0056ec7b1087c15b0cb7681ea519f9
80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f
8f2306735d05cfc385e680d4b6fe06998d3a426c6f4653668e841fb6dc737b06
a38aa9d0155d9e07a648af736bf7dfe2388efd961fbcf5f2eba20256661820bb
b9c8c8672cac9bf52c0319d35c0f85a412b9f312e8f6fb6a46316d0aff4ef91c
ca3ea16761b7d443c64cfd99dd1cf8aa84790a25bb4709582935956fe71d014d
e8d650d36cb3e37496a8bb8f183978cf15cde3652ad3b4e65d70b0620a9b0e83
fd4e36989302bb662963aa5612114b262b8500322ee2171ace464e1d56af12c4
fdb1ee51d20da04d74acdd0c48d74d134016c2c1e243bca316f7fefc0eaa28cb

bailoutmedia.co Open in urlscan Pro 70.32.68.130 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

14 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

437 kBTransfer

717 kBSize

0 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

Indicators

bailoutmedia.co Open in urlscan Pro
70.32.68.130 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

14 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

437 kB
Transfer

717 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!