urlscan.io logo urlscan.io
SecurityTrails logo

internet.protected-forms.com Open in urlscan Pro
35.171.92.125  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://office.internalportal.net/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTI...
Effective URL: https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29s...
Submission: On October 02 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 8 HTTP transactions. The main IP is 35.171.92.125, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is internet.protected-forms.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 19th 2024. Valid for: a year.
This is the only time internet.protected-forms.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Phishing Simulation (Internet)

Domain & IP information

IP Address AS Autonomous System
7 35.171.92.125 14618 (AMAZON-AES)
1 13.107.253.38 8075 (MICROSOFT...)
8 2
Domain Requested by
6 internet.protected-forms.com office.internalportal.net
internet.protected-forms.com
1 www.fortisalberta.com internet.protected-forms.com
1 office.internalportal.net
8 3

This site contains links to these domains. Also see Links.

Domain
preview.training.knowbe4.com
Subject Issuer Validity Valid
authentlcation.com
Amazon RSA 2048 M02		 2024-02-19 -
2025-03-19		 a year crt.sh
www.fortisalberta.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-06-28 -
2025-06-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==
Frame ID: F4D93A464F1F36666E4DDBA41C640AC5
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://office.internalportal.net/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGY... Page URL
  2. https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFcz... Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

127 kB
Transfer

396 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://office.internalportal.net/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==?cid=2221838616 Page URL
  2. https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNB...
office.internalportal.net/ 		556 B
955 B 		Document
General
Check archive.org
Download Go to
Full URL
https://office.internalportal.net/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==?cid=2221838616
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.92.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-92-125.compute-1.amazonaws.com
Software
/
Resource Hash
d05092f9130174ea80187ca1bc95eb7c6292dfc5a0280a8f4a60979e4056bbfc
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63113904; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0, private, must-revalidate
content-length
556
content-security-policy
content-type
text/html; charset=utf-8
date
Wed, 02 Oct 2024 13:38:53 GMT
etag
W/"d05092f9130174ea80187ca1bc95eb7c"
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=63113904; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
4e29e7d1-ed05-40a6-ba86-f6fae8d33da4
x-runtime
0.870802
x-xss-protection
0
Primary Request XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNB...
internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/ 		10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==
Requested by
Host: office.internalportal.net
URL: https://office.internalportal.net/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==?cid=2221838616
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.92.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-92-125.compute-1.amazonaws.com
Software
/
Resource Hash
8615eeb7c8de85affd05ddead4d4eab741d90a687b005816d000eadf0b9ce6ff
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63113904; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://office.internalportal.net/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==?cid=2221838616
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0, private, must-revalidate
content-length
9976
content-security-policy
content-type
text/html; charset=utf-8
date
Wed, 02 Oct 2024 13:38:55 GMT
etag
W/"8615eeb7c8de85affd05ddead4d4eab7"
link
</assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=63113904; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
6ecdfc55-d052-4ce6-850e-6071a328c012
x-runtime
1.427068
x-xss-protection
0
landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
internet.protected-forms.com/assets/ 		1 KB
601 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://internet.protected-forms.com/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.92.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-92-125.compute-1.amazonaws.com
Software
/
Resource Hash
16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==

Response headers

strict-transport-security
max-age=63113904; includeSubDomains; preload
content-length
415
content-encoding
gzip
date
Wed, 02 Oct 2024 13:38:55 GMT
content-type
text/css
last-modified
Tue, 01 Oct 2024 11:35:59 GMT
vary
accept-encoding
sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css
internet.protected-forms.com/assets/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://internet.protected-forms.com/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.92.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-92-125.compute-1.amazonaws.com
Software
/
Resource Hash
b3c447f15fce33dfa869b9d2190364509ede3937ae05b51ba394a78e28c244ba
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==

Response headers

strict-transport-security
max-age=63113904; includeSubDomains; preload
content-length
1339
content-encoding
gzip
date
Wed, 02 Oct 2024 13:38:55 GMT
content-type
text/css
last-modified
Tue, 01 Oct 2024 11:35:59 GMT
vary
accept-encoding
application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js
internet.protected-forms.com/assets/ 		372 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://internet.protected-forms.com/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.92.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-92-125.compute-1.amazonaws.com
Software
/
Resource Hash
74b9f1cfe7cad31ae1c1901200890b76676e6d92ac817641f5ef9bfd552f2110
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==

Response headers

strict-transport-security
max-age=63113904; includeSubDomains; preload
content-length
106686
content-encoding
gzip
date
Wed, 02 Oct 2024 13:38:55 GMT
content-type
application/javascript
last-modified
Tue, 01 Oct 2024 11:35:59 GMT
vary
accept-encoding
fortisalberta-logo.png
www.fortisalberta.com/ResourcePackages/FortisAlberta/assets/dist/img/ 		3 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortisalberta.com/ResourcePackages/FortisAlberta/assets/dist/img/fortisalberta-logo.png
Requested by
Host: internet.protected-forms.com
URL: https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.253.38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
71e78e766a6ba5a1cf22ac8053ee72eb3adb7896e05a5ce27c929df5169dfbb5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.fontawesome.com *.sharethis.com web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com www.google.ca web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com t.sharethis.com td.doubleclick.net chat.fortisalberta.com fortisab.maps.arcgis.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.fontawesome.com analytics.google.com l.sharethis.com bcp.crwdcntrl.net stats.g.doubleclick.net chat.fortisalberta.com; media-src 'self' data: blob:; child-src 'self' web-chat.nativechat.com; frame-ancestors fortisalberta.com 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==

Response headers

etag
"072ecb915c8da1:0"
x-content-type-options
nosniff
x-cache
CONFIG_NOCACHE
date
Wed, 02 Oct 2024 13:38:55 GMT
content-type
image/png
last-modified
Wed, 26 Jun 2024 22:11:00 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.fontawesome.com *.sharethis.com web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com www.google.ca web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com t.sharethis.com td.doubleclick.net chat.fortisalberta.com fortisab.maps.arcgis.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.fontawesome.com analytics.google.com l.sharethis.com bcp.crwdcntrl.net stats.g.doubleclick.net chat.fortisalberta.com; media-src 'self' data: blob:; child-src 'self' web-chat.nativechat.com; frame-ancestors fortisalberta.com 'self'
cache-control
max-age=86400
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
cross-origin-embedder-policy
unsafe-none
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
content-length
3380
x-xss-protection
1; mode=block
x-azure-ref
20241002T133855Z-r19789f58d5dkhhs63ay7yxz6800000006kg000000002mg9
x-powered-by
ASP.NET
sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png
internet.protected-forms.com/assets/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://internet.protected-forms.com/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png
Requested by
Host: internet.protected-forms.com
URL: https://internet.protected-forms.com/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.92.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-92-125.compute-1.amazonaws.com
Software
/
Resource Hash
fc5e7621ba0e98c5c6728e3b2bdf802311c0a0953a05e60a7551cb0c7bed00a9
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://internet.protected-forms.com/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css

Response headers

strict-transport-security
max-age=63113904; includeSubDomains; preload
content-length
3168
date
Wed, 02 Oct 2024 13:38:56 GMT
content-type
image/png
last-modified
Tue, 01 Oct 2024 11:35:59 GMT
favicon.ico
internet.protected-forms.com/ 		0
142 B 		Other
General
Check archive.org
Download Go to
Full URL
https://internet.protected-forms.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.92.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-92-125.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://internet.protected-forms.com/pages/073ef7f7c2bcfda5349820c5aa538af2/XRHZmSmVzcDBlUGNDdGNteFJ4Y0h0VHlCdFczT2djbVZNT3V1ZmNCQ29sdDE5ZDZYNGhOVkJTUGYyUzQwSDlTd1gvaERETTIyUVBZckdudFY4MzFNdmhJYnRXbTQ4N3VIamt1RXg3MG8zQWpzbU1GNFhncXA1aTFFZnV2cUEzbmVEbXRDd1V0UFBtcGt5WXpUbVNBYkRwWnZoZEdtUVBjL2FORDU2MVAyUGN4aXFmUGpzcnNuK2trUjZzUmNuNVZjZkMrNkNoczhwOEZOTis2a0ZXT3gwcXJneW5sTjZSZTJDVExmeVNob3MrTT0tLWhwdXdURlZFUW5vUkxvSmMtLW9Tejc5aWhEWk9jSHJmY3lyeTVyREE9PQ==

Response headers

strict-transport-security
max-age=63113904; includeSubDomains; preload
content-length
0
date
Wed, 02 Oct 2024 13:38:55 GMT
content-type
image/vnd.microsoft.icon
last-modified
Tue, 01 Oct 2024 11:36:40 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Phishing Simulation (Internet)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy
Strict-Transport-Security max-age=63113904; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0