log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 5 HTTP transactions. The main IP is 3.5.87.140, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on September 14th 2024. Valid for: a year.

This is the only time log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	52.92.202.226 52.92.202.226	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700::68... 2606:4700::6812:4528	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700::68... 2606:4700::6811:5d01	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.182.115 172.67.182.115	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	3.5.87.140 3.5.87.140	16509 (AMAZON-02) (AMAZON-02)
5	4

1 52.92.202.226 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com

log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:4528 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

link.mail.beehiiv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:5d01 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ctrk.klclick3.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.182.115 (United States)

ASN13335 (CLOUDFLARENET, US)

xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.5.87.140 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com

log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	amazonaws.com log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com	15 KB
2	xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de	2 KB
1	klclick3.com 1 redirects ctrk.klclick3.com — Cisco Umbrella Rank: 137491	653 B
1	beehiiv.com 1 redirects link.mail.beehiiv.com — Cisco Umbrella Rank: 51550	650 B
5	4

	Domain	Requested by
2	log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com	xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de
2	xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de	log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com
1	ctrk.klclick3.com	1 redirects
1	link.mail.beehiiv.com	1 redirects
1	log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com
5	5

This site contains no links.

Subject Issuer	Validity	Valid
*.s3-us-west-2.amazonaws.com Amazon RSA 2048 M01	`2024-09-14` - `2025-08-29`	a year	crt.sh
xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com/NRedirect.html
Frame ID: D5EFC9CC018E858D57A2A4A3BE24D4F3
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Confirm Your Identity

Page URL History Show full URLs

http://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html HTTP 307
https://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html Page URL
https://link.mail.beehiiv.com/ls/click?upn=u001.w4vaNrY-2Fp3n8sneTJtzEE-2FP7tN1fi64pUnO10reWapXS-2BTqcGJ-2... HTTP 302
https://ctrk.klclick3.com/l/01J90H141V0WM9QGGQ1ZZ47FY7_0?utm_source=ryans-newsletter-57a99d.beehiiv.co... HTTP 302
https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/solicitor/index.html?_kx=DeYME0spM0cjkaJzJmnKkti8jezUDzXVqnMkW6PU-Gs.U2CpH5 Page URL
https://log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com/NRedirect.html Page URL

Page Statistics

5
Requests

100 %
HTTPS

40 %
IPv6

4
Domains

5
Subdomains

4
IPs

1
Countries

16 kB
Transfer

19 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html HTTP 307
https://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html Page URL
https://link.mail.beehiiv.com/ls/click?upn=u001.w4vaNrY-2Fp3n8sneTJtzEE-2FP7tN1fi64pUnO10reWapXS-2BTqcGJ-2BF4UcOYJIasTiCO5Dd093gezEhns2rfTYOpyyj2AA-2Fspl0nLOIOBYIE6cNre2AwCr1NpMG03i5dJzyjiLnZM7lOQIs7biNaXG88lvyCxQsVl0P7oLCADe2x0bmXxAaN-2BI0cuzwrRX28e1-2Bcv6zAH-2FYAng7-2FDGpN1yae-2B8x51mtGSA8XKrPF6QglsU-3Dht7Z_zbv2vD5DXrAqdowK1HhrRUVQoiiMykGgshFnQ1F-2BibJOi5uUEJybHxzFljTlKTy6GcBFHeT3wWj6EWak-2BEOzLbTNZMRcKsVNdGcQaktARGqj62-2BLE7cl3Cq7p40VN87Zc5bO9mrIBb7EpXEc44y6wT3A1K4Rtf-2FFAnMOHJqhsx7QN-2Bt7Ri-2FQDTUyZSax4fIqst7TKcoHOz9zqytkxEqN8ddGiGb-2BHC9oNVe9jbIQOSIovh19FwcVWDmg9mH4mtklfF3c5Zihc-2BZBMXkW5qPRz28ybVuCbCZCQmpXELLTYX-2B9-2F4gmX-2B3EioGNa2Huti1Rz2yyK8vIy4MdPNGMokQfeImrFv6oR9LArBguPi2ZhRmvWxi7bcysDgIcovCswKzn3Duz8xY6rBeJkoMaFb70y-2BhRKsmga-2BcrQ2VbTKsuUrDp7PVKYeVi4SVpQ9vh8ZKu HTTP 302
https://ctrk.klclick3.com/l/01J90H141V0WM9QGGQ1ZZ47FY7_0?utm_source=ryans-newsletter-57a99d.beehiiv.com&utm_medium=newsletter&utm_campaign=home-showing HTTP 302
https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/solicitor/index.html?_kx=DeYME0spM0cjkaJzJmnKkti8jezUDzXVqnMkW6PU-Gs.U2CpH5 Page URL
https://log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com/NRedirect.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html HTTP 307
https://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html

Request Chain 1

https://link.mail.beehiiv.com/ls/click?upn=u001.w4vaNrY-2Fp3n8sneTJtzEE-2FP7tN1fi64pUnO10reWapXS-2BTqcGJ-2BF4UcOYJIasTiCO5Dd093gezEhns2rfTYOpyyj2AA-2Fspl0nLOIOBYIE6cNre2AwCr1NpMG03i5dJzyjiLnZM7lOQIs7biNaXG88lvyCxQsVl0P7oLCADe2x0bmXxAaN-2BI0cuzwrRX28e1-2Bcv6zAH-2FYAng7-2FDGpN1yae-2B8x51mtGSA8XKrPF6QglsU-3Dht7Z_zbv2vD5DXrAqdowK1HhrRUVQoiiMykGgshFnQ1F-2BibJOi5uUEJybHxzFljTlKTy6GcBFHeT3wWj6EWak-2BEOzLbTNZMRcKsVNdGcQaktARGqj62-2BLE7cl3Cq7p40VN87Zc5bO9mrIBb7EpXEc44y6wT3A1K4Rtf-2FFAnMOHJqhsx7QN-2Bt7Ri-2FQDTUyZSax4fIqst7TKcoHOz9zqytkxEqN8ddGiGb-2BHC9oNVe9jbIQOSIovh19FwcVWDmg9mH4mtklfF3c5Zihc-2BZBMXkW5qPRz28ybVuCbCZCQmpXELLTYX-2B9-2F4gmX-2B3EioGNa2Huti1Rz2yyK8vIy4MdPNGMokQfeImrFv6oR9LArBguPi2ZhRmvWxi7bcysDgIcovCswKzn3Duz8xY6rBeJkoMaFb70y-2BhRKsmga-2BcrQ2VbTKsuUrDp7PVKYeVi4SVpQ9vh8ZKu HTTP 302
https://ctrk.klclick3.com/l/01J90H141V0WM9QGGQ1ZZ47FY7_0?utm_source=ryans-newsletter-57a99d.beehiiv.com&utm_medium=newsletter&utm_campaign=home-showing HTTP 302
https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/solicitor/index.html?_kx=DeYME0spM0cjkaJzJmnKkti8jezUDzXVqnMkW6PU-Gs.U2CpH5

5 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	79.html Show response log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/ Redirect Chain http://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html https://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html	1 KB 2 KB	344ms 133ms	Document text/html	52.92.202.226 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 52.92.202.226 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2-r-w.amazonaws.com Software AmazonS3 / Resource Hash `f85386503d0bef649b92ffc06fab93c763d9d34b178b3a3e537b75a507135929` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Content-Length 1489 Content-Type text/html Date Wed, 16 Oct 2024 10:25:08 GMT ETag "480e66e3679755ea06cccef87f7714d0" Last-Modified Wed, 16 Oct 2024 08:07:37 GMT Server AmazonS3 x-amz-id-2 QxjB2kU8dG9TmVqsTXgIoe/OnnGxo3c2UPP7SHaNVmxqsYDWM6HQ/ajSSCIG4phFB1MPRVwTccM= x-amz-request-id Z0GM3WP9S0W3QTJB x-amz-server-side-encryption AES256 x-amz-version-id Ye1FfCO6Pi1wOORktRN3fFykyatxyGEr Redirect headers Location https://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html Non-Authoritative-Reason HttpsUpgrades
GET H3	200	index.html Show response xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/solicitor/ Redirect Chain https://link.mail.beehiiv.com/ls/click?upn=u001.w4vaNrY-2Fp3n8sneTJtzEE-2FP7tN1fi64pUnO10reWapXS-2BTqcGJ-2BF4UcOYJIasTiCO5Dd093gezEhns2rfTYOpyyj2AA-2Fspl0nLOIOBYIE6cNre2AwCr1NpMG03i5dJzyjiLnZM7lOQI... https://ctrk.klclick3.com/l/01J90H141V0WM9QGGQ1ZZ47FY7_0?utm_source=ryans-newsletter-57a99d.beehiiv.com&utm_medium=newsletter&utm_campaign=home-showing https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/solicitor/index.html?_kx=DeYME0spM0cjkaJzJmnKkti8jezUDzXVqnMkW6PU-Gs.U2CpH5	792 B 1008 B	557ms 461ms	Document text/html	172.67.182.115 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/solicitor/index.html?_kx=DeYME0spM0cjkaJzJmnKkti8jezUDzXVqnMkW6PU-Gs.U2CpH5 Requested by Host: log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com URL: https://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.182.115 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `485897a602e788af3afe9f3f605ed484d3340efa770b047187273436c59e89e8` Request headers Referer https://log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com/79.html Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8d3757d9fd4b28f3-LAX content-encoding zstd content-type text/html; charset=UTF-8 date Wed, 16 Oct 2024 10:25:08 GMT last-modified Wed, 16 Oct 2024 05:45:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UlP4KHAYhBrY9dhZfFnM4pKY4%2B%2BBgign26MeQLphLblNGsW8prR8SGylNgVfEp6VDlSjlHDf1Ha21mglcezCkTDDnEJ8uxUUCE2FPcAegBvgOUaJ1N5wZg4PkU6aI269iuYrKNZowHVsF5VdMP4KIWLn8im%2BfA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfExtPri speculation-rules "/cdn-cgi/speculation" vary Accept-Encoding Redirect headers cf-cache-status DYNAMIC cf-ray 8d3757d86c380906-LAX content-type text/html; charset=utf-8 date Wed, 16 Oct 2024 10:25:07 GMT location https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/solicitor/index.html?_kx=DeYME0spM0cjkaJzJmnKkti8jezUDzXVqnMkW6PU-Gs.U2CpH5 server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff x-envoy-upstream-service-time 10
GET H3	200	speculation xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/cdn-cgi/	128 B 613 B	78ms 78ms	Other application/speculationrules+json	172.67.182.115 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/cdn-cgi/speculation Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.182.115 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de Referer https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/solicitor/index.html?_kx=DeYME0spM0cjkaJzJmnKkti8jezUDzXVqnMkW6PU-Gs.U2CpH5 Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bmtEkQeS2m9Yi919TkaEqddl9uwN6EI0hL%2Bz8cS6qcnfKnBTLgk8YjZuNKSonrszfvPpqrZXHboFBFNXaUqLsOB1lSSjZmbGaNDDvIH1uomeNUv7aXuVwMeGpTrs2aCf4M2GAzOJv3ec0rBYpwSTdnGHLOxICw%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d3757dcfeef28f3-LAX access-control-allow-origin https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de alt-svc h3=":443"; ma=86400 content-length 128 server-timing cfExtPri date Wed, 16 Oct 2024 10:25:08 GMT content-type application/speculationrules+json vary Origin, Accept-Encoding server cloudflare
GET H/1.1	200 OK	Primary Request NRedirect.html Show response log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com/	12 KB 12 KB	342ms 116ms	Document text/html	3.5.87.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com/NRedirect.html Requested by Host: xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de URL: https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/solicitor/index.html?_kx=DeYME0spM0cjkaJzJmnKkti8jezUDzXVqnMkW6PU-Gs.U2CpH5 Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 3.5.87.140 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2-r-w.amazonaws.com Software AmazonS3 / Resource Hash `c809599e013cb5045db4b153cc10dcae673722420bf57eed9153820af160b2ec` Request headers Referer https://xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Content-Length 11915 Content-Type text/html Date Wed, 16 Oct 2024 10:25:09 GMT ETag "ec7d6b33eeee19dfc4ef5a2e264a3593" Last-Modified Wed, 16 Oct 2024 05:44:45 GMT Server AmazonS3 x-amz-id-2 CgInZGCPwkOevJPBubwrYP3wR6bl3GjHYDDHc4YH7QaxUUOgPZQLXlyD3cvDubS4vbG5FSjr4Pnu0D1BkKGZ6g== x-amz-request-id CN958H20N8R29VJF x-amz-server-side-encryption AES256 x-amz-version-id wKz98u4zTnoGWx4gqDFeKGkLhZ5zvSjd
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ff0407d4ec832e14fba9171bc288d0c481c956af888cba44382d147c0dbae6f9` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET H/1.1	403 Forbidden	favicon.ico log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com/	255 B 544 B	107ms 107ms	Other application/xml	3.5.87.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 3.5.87.140 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2-r-w.amazonaws.com Software AmazonS3 / Resource Hash `58a302aa37934ef4e19e9ff67cb048ec9a1427bfd7e28c99b8233f0e033b623f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com/NRedirect.html Response headers Transfer-Encoding chunked x-amz-request-id JMRZNW9JGF13FFME Date Wed, 16 Oct 2024 10:25:08 GMT Content-Type application/xml Server AmazonS3 x-amz-id-2 KW8S/TpxY5Q8wnyOsF7GtVKhrB7yogGxsejdEx6VZzTtUOKyKhO//lMk4c9N2RZWa2bV6YCaqYqKRB9cZO5wxw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| fetchEmailList function| continueLoading function| validateEmail function| fetchRandomWiki

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.beehiiv.com/	1970-01-21 00:17:56	Name: __cf_bm Value: RCAmVOqxeeSdIjSOzXTjqBVBzkDCKezxt206rPWTZ5I-1729074307-1.0.1.1-ysJkBuZYoZOTk_4p1LJrcO3V1iD.7KQuAEteVLuhEkAKQIk7VtrREmxtmH7OJFLJOcfKMe5O4A9ZX8uP7Arosw
			.ctrk.klclick3.com/	1970-01-21 00:17:56	Name: __cf_bm Value: VqQIoSHkPPiQAwScS49xGD1KUKtnXY31aUL_uTuIIXw-1729074307-1.0.1.1-Wt7TuovKQV1dZYFSW05g_sll.HjhZK0U0.zViFwhYOS6PWE3QHdi0KASmG_Nwk5GcUA9l9JStPl8TjEsaDmtCw

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com/favicon.ico Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ctrk.klclick3.com
link.mail.beehiiv.com
log-in-sharedoc-one-drive-statement-remittnace-slip.s3.us-west-2.amazonaws.com
log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com
xz1-sgidalgh20ruhjdeaq40cvhnfdxo.de
172.67.182.115
2606:4700::6811:5d01
2606:4700::6812:4528
3.5.87.140
52.92.202.226
485897a602e788af3afe9f3f605ed484d3340efa770b047187273436c59e89e8
58a302aa37934ef4e19e9ff67cb048ec9a1427bfd7e28c99b8233f0e033b623f
c809599e013cb5045db4b153cc10dcae673722420bf57eed9153820af160b2ec
f85386503d0bef649b92ffc06fab93c763d9d34b178b3a3e537b75a507135929
ff0407d4ec832e14fba9171bc288d0c481c956af888cba44382d147c0dbae6f9

log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com Open in urlscan Pro 3.5.87.140 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

40 %IPv6

4 Domains

5 Subdomains

4 IPs

1 Countries

16 kBTransfer

19 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

log-in-sharepoint-onedrive-remmittance.s3.us-west-2.amazonaws.com Open in urlscan Pro
3.5.87.140 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

40 %
IPv6

4
Domains

5
Subdomains

4
IPs

1
Countries

16 kB
Transfer

19 kB
Size

2
Cookies

5 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!