urlscan.io logo urlscan.io
SecurityTrails logo

www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com Open in urlscan Pro
52.217.115.106  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mnequinevet.com/.well-known/acme-challenge/newindex.html
Effective URL: https://www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/documentation/shywyduaooowie8ais8aia88888a8s8d88s8a8saisuauusauuuanaaauauwjwwwow/b-adobeacrobat....
Submission: On December 09 via manual from AE — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 7 domains to perform 7 HTTP transactions. The main IP is 52.217.115.106, located in Ashburn, United States and belongs to AMAZON-02, US. The main domain is www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on September 18th 2024. Valid for: a year.
This is the only time www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 199.204.248.120 11989 (WEBINT)
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 159.65.213.219 14061 (DIGITALOC...)
4 4 18.202.158.125 16509 (AMAZON-02)
1 1 2600:9000:275... 16509 (AMAZON-02)
1 3 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 52.217.115.106 16509 (AMAZON-02)
1 188.114.97.3 13335 (CLOUDFLAR...)
7 5
2    199.204.248.120 (United States)

ASN11989 (WEBINT, US)
PTR: cp10.machighway.com
mnequinevet.com
1    2606:4700::6812:4528 (United States)

ASN13335 (CLOUDFLARENET, US)
link.mail.beehiiv.com
1    159.65.213.219 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: api.transpond.io
api.mailsenderam1.com
4    18.202.158.125 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-158-125.eu-west-1.compute.amazonaws.com
click.pstmrk.it
1    2600:9000:275b:d400:4:6994:d800:93a1 (United States)

ASN16509 (AMAZON-02, US)
o7mewk.fk07.fdske.com
3    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
nayemedical.com
2    52.217.115.106 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-east-1-r-w.amazonaws.com
www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com
1    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
nayemedical.com
Apex Domain
Subdomains		 Transfer
4 nayemedical.com
nayemedical.com
8 KB
4 pstmrk.it
click.pstmrk.it — Cisco Umbrella Rank: 55561
998 B
2 amazonaws.com
www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com
13 KB
2 mnequinevet.com
mnequinevet.com
4 KB
1 fdske.com
o7mewk.fk07.fdske.com
359 B
1 mailsenderam1.com
api.mailsenderam1.com
1 KB
1 beehiiv.com
link.mail.beehiiv.com — Cisco Umbrella Rank: 50513
866 B
7 7
Domain Requested by
4 nayemedical.com 1 redirects nayemedical.com
4 click.pstmrk.it 4 redirects
2 www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com nayemedical.com
2 mnequinevet.com
1 o7mewk.fk07.fdske.com 1 redirects
1 api.mailsenderam1.com 1 redirects
1 link.mail.beehiiv.com 1 redirects
7 7

This site contains no links.

Subject Issuer Validity Valid
mail.mnequinevet.com
R10		 2024-10-31 -
2025-01-29		 3 months crt.sh
nayemedical.com
WE1		 2024-11-27 -
2025-02-25		 3 months crt.sh
s3.amazonaws.com
Amazon RSA 2048 M01		 2024-09-18 -
2025-09-16		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/documentation/shywyduaooowie8ais8aia88888a8s8d88s8a8saisuauusauuuanaaauauwjwwwow/b-adobeacrobat.html
Frame ID: 0FB10988A6799307BE3D72B10BD094D4
Requests: 6 HTTP requests in this frame

Frame: https://nayemedical.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js
Frame ID: F464F311705E3A91769CD322CF0AB5EF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Confirm Your Identity

Page URL History Show full URLs

  1. https://mnequinevet.com/.well-known/acme-challenge/newindex.html Page URL
  2. https://link.mail.beehiiv.com/ls/click?upn=u001.OntRk5QVouPgVcpt7jiOA-2BhF0Hj-2FGWrM72hya5Gix9qzjTTwsU0ZAC... HTTP 302
    https://api.mailsenderam1.com/c/f259ea3605183d570815f9d6590399f8_5346242ad46793b9bfc9df52c607b62a?sid=364f... HTTP 302
    https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3... HTTP 302
    https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fo7mewk.fk07.fdske.com%2... HTTP 302
    https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fo7mewk.fk07.fdske.com%252Fe%252Fc%252F01je3wbvf3sz... HTTP 302
    https://click.pstmrk.it/3s/o7mewk.fk07.fdske.com%2Fe%2Fc%2F01je3wbvf3sz6pdezdrzh461d8%2F01je3wbvf3sz... HTTP 302
    https://o7mewk.fk07.fdske.com/e/c/01je3wbvf3sz6pdezdrzh461d8/01je3wbvf3sz6pdezds62z9kbe HTTP 302
    https://nayemedical.com/amladhsjdhshjdjs/xyz.html Page URL
  3. https://www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/documentation/shywyduaooowie8ais8aia88888a8s8d88s8a8saisuauusauuuanaaauauwjw... Page URL

Page Statistics

7
Requests

86 %
HTTPS

38 %
IPv6

7
Domains

7
Subdomains

5
IPs

4
Countries

23 kB
Transfer

30 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mnequinevet.com/.well-known/acme-challenge/newindex.html Page URL
  2. https://link.mail.beehiiv.com/ls/click?upn=u001.OntRk5QVouPgVcpt7jiOA-2BhF0Hj-2FGWrM72hya5Gix9qzjTTwsU0ZACipNDqkdBG4-2FHsF45TJ6AZj9QwN-2FHOG2fkFN1c2dPzogmD9rPUdu3jxZuH9vw3ZNUhH8jFuirqWZ32OlhH4DnpXxeDTkrbrEudpEqbueJP-2Fv30DB-2FuKoiZqFvA-2Fwb32SEpdyfWakyYgC7slvMxwy04w5Rx-2FjjyvoHpji2QSKYbrHVlSGZx-2FLNqS3OLUnKNYSD5GyyUhMfO4lVlMW7NVIcE7H3b0KzYu4yTpqe2yHbdosYwBwJdCdhXqC-2FCxIec-2F-2BBeEx8k5DTfGBJKmPVabvhL1OA2uN5L9bWVy-2FQAgYiTETrwAwv3MasjkyDFJqK8o1S-2Fj4c7wA1122Afp_zbv2vD5DXrAqdowK1HhrRUVQoiiMykGgshFnQ1F-2BibJOi5uUEJybHxzFljTlKTy6SbwnsCzdd1-2BDrSE1C5X-2Bi-2BB3z4ed8byt9Q1Zwq-2BGHT1odpfrsAphIAUhik4FbDV40urTNCR93EFQap2SAx5f-2BBxFXhpxCgTdyPMeJkbcLbH-2ByZt90qwfMntjkYU-2Be-2FjncpqFQFJaUXuqvUoPiN1sYNC4ThHYTowGC4IwZZbdPyiWOIfo80p1klk499Jan-2FaKS3OXUQRIKDpA1yZ5UAkDp1KSGONoW0nSIQ0p7wt9oANC3Ob1M2UazGjQ1N5gsRZxbLkzjIS0JJ1HHkuN70pqWhrQmUKYEanu5GHMH4pDsIzB3xW4u22kumE-2F5mYc58TpmE3-2FCDOJtGyVOj-2FRIXlVZ3yhlVKkIho-2FU5MzPmBy5jo-2BQ95OLEi3URns4toWPIM-2B HTTP 302
    https://api.mailsenderam1.com/c/f259ea3605183d570815f9d6590399f8_5346242ad46793b9bfc9df52c607b62a?sid=364fd0b42280232512194a2fef11c472_18c8bb941ee1c962575737f923c58752&aid=ZqOV&utm_source=praveens-newsletter-ed1dd5.beehiiv.com&utm_medium=newsletter&utm_campaign=show-details HTTP 302
    https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fo7mewk.fk07.fdske.com%2525252Fe%2525252Fc%2525252F01je3wbvf3sz6pdezdrzh461d8%2525252F01je3wbvf3sz6pdezds62z9kbe%25252FGxTg%25252FfMC5AQ%25252FAQ%25252F94b1f58b-49be-4571-91e2-9deeab3f8b5e%25252F1%25252Fs9hZMPyypY%252FGxTg%252FfsC5AQ%252FAQ%252Ffbc8cf05-895c-4d0f-90c4-36b552dcb7c0%252F1%252Fb5ctAKYxpb%2FGxTg%2Ff8C5AQ%2FAQ%2F5febe8ed-67d9-498d-8539-1ca40d94a6ee%2F1%2F_Y_jORaPlo/GxTg/gMC5AQ/AQ/5bdaa4dc-182f-4104-a671-b72e6f42847f/1/M9Hd8Sklbx HTTP 302
    https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fo7mewk.fk07.fdske.com%25252Fe%25252Fc%25252F01je3wbvf3sz6pdezdrzh461d8%25252F01je3wbvf3sz6pdezds62z9kbe%252FGxTg%252FfMC5AQ%252FAQ%252F94b1f58b-49be-4571-91e2-9deeab3f8b5e%252F1%252Fs9hZMPyypY%2FGxTg%2FfsC5AQ%2FAQ%2Ffbc8cf05-895c-4d0f-90c4-36b552dcb7c0%2F1%2Fb5ctAKYxpb/GxTg/f8C5AQ/AQ/5febe8ed-67d9-498d-8539-1ca40d94a6ee/1/_Y_jORaPlo HTTP 302
    https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fo7mewk.fk07.fdske.com%252Fe%252Fc%252F01je3wbvf3sz6pdezdrzh461d8%252F01je3wbvf3sz6pdezds62z9kbe%2FGxTg%2FfMC5AQ%2FAQ%2F94b1f58b-49be-4571-91e2-9deeab3f8b5e%2F1%2Fs9hZMPyypY/GxTg/fsC5AQ/AQ/fbc8cf05-895c-4d0f-90c4-36b552dcb7c0/1/b5ctAKYxpb HTTP 302
    https://click.pstmrk.it/3s/o7mewk.fk07.fdske.com%2Fe%2Fc%2F01je3wbvf3sz6pdezdrzh461d8%2F01je3wbvf3sz6pdezds62z9kbe/GxTg/fMC5AQ/AQ/94b1f58b-49be-4571-91e2-9deeab3f8b5e/1/s9hZMPyypY HTTP 302
    https://o7mewk.fk07.fdske.com/e/c/01je3wbvf3sz6pdezdrzh461d8/01je3wbvf3sz6pdezds62z9kbe HTTP 302
    https://nayemedical.com/amladhsjdhshjdjs/xyz.html Page URL
  3. https://www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/documentation/shywyduaooowie8ais8aia88888a8s8d88s8a8saisuauusauuuanaaauauwjwwwow/b-adobeacrobat.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://link.mail.beehiiv.com/ls/click?upn=u001.OntRk5QVouPgVcpt7jiOA-2BhF0Hj-2FGWrM72hya5Gix9qzjTTwsU0ZACipNDqkdBG4-2FHsF45TJ6AZj9QwN-2FHOG2fkFN1c2dPzogmD9rPUdu3jxZuH9vw3ZNUhH8jFuirqWZ32OlhH4DnpXxeDTkrbrEudpEqbueJP-2Fv30DB-2FuKoiZqFvA-2Fwb32SEpdyfWakyYgC7slvMxwy04w5Rx-2FjjyvoHpji2QSKYbrHVlSGZx-2FLNqS3OLUnKNYSD5GyyUhMfO4lVlMW7NVIcE7H3b0KzYu4yTpqe2yHbdosYwBwJdCdhXqC-2FCxIec-2F-2BBeEx8k5DTfGBJKmPVabvhL1OA2uN5L9bWVy-2FQAgYiTETrwAwv3MasjkyDFJqK8o1S-2Fj4c7wA1122Afp_zbv2vD5DXrAqdowK1HhrRUVQoiiMykGgshFnQ1F-2BibJOi5uUEJybHxzFljTlKTy6SbwnsCzdd1-2BDrSE1C5X-2Bi-2BB3z4ed8byt9Q1Zwq-2BGHT1odpfrsAphIAUhik4FbDV40urTNCR93EFQap2SAx5f-2BBxFXhpxCgTdyPMeJkbcLbH-2ByZt90qwfMntjkYU-2Be-2FjncpqFQFJaUXuqvUoPiN1sYNC4ThHYTowGC4IwZZbdPyiWOIfo80p1klk499Jan-2FaKS3OXUQRIKDpA1yZ5UAkDp1KSGONoW0nSIQ0p7wt9oANC3Ob1M2UazGjQ1N5gsRZxbLkzjIS0JJ1HHkuN70pqWhrQmUKYEanu5GHMH4pDsIzB3xW4u22kumE-2F5mYc58TpmE3-2FCDOJtGyVOj-2FRIXlVZ3yhlVKkIho-2FU5MzPmBy5jo-2BQ95OLEi3URns4toWPIM-2B HTTP 302
  • https://api.mailsenderam1.com/c/f259ea3605183d570815f9d6590399f8_5346242ad46793b9bfc9df52c607b62a?sid=364fd0b42280232512194a2fef11c472_18c8bb941ee1c962575737f923c58752&aid=ZqOV&utm_source=praveens-newsletter-ed1dd5.beehiiv.com&utm_medium=newsletter&utm_campaign=show-details HTTP 302
  • https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fo7mewk.fk07.fdske.com%2525252Fe%2525252Fc%2525252F01je3wbvf3sz6pdezdrzh461d8%2525252F01je3wbvf3sz6pdezds62z9kbe%25252FGxTg%25252FfMC5AQ%25252FAQ%25252F94b1f58b-49be-4571-91e2-9deeab3f8b5e%25252F1%25252Fs9hZMPyypY%252FGxTg%252FfsC5AQ%252FAQ%252Ffbc8cf05-895c-4d0f-90c4-36b552dcb7c0%252F1%252Fb5ctAKYxpb%2FGxTg%2Ff8C5AQ%2FAQ%2F5febe8ed-67d9-498d-8539-1ca40d94a6ee%2F1%2F_Y_jORaPlo/GxTg/gMC5AQ/AQ/5bdaa4dc-182f-4104-a671-b72e6f42847f/1/M9Hd8Sklbx HTTP 302
  • https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fo7mewk.fk07.fdske.com%25252Fe%25252Fc%25252F01je3wbvf3sz6pdezdrzh461d8%25252F01je3wbvf3sz6pdezds62z9kbe%252FGxTg%252FfMC5AQ%252FAQ%252F94b1f58b-49be-4571-91e2-9deeab3f8b5e%252F1%252Fs9hZMPyypY%2FGxTg%2FfsC5AQ%2FAQ%2Ffbc8cf05-895c-4d0f-90c4-36b552dcb7c0%2F1%2Fb5ctAKYxpb/GxTg/f8C5AQ/AQ/5febe8ed-67d9-498d-8539-1ca40d94a6ee/1/_Y_jORaPlo HTTP 302
  • https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fo7mewk.fk07.fdske.com%252Fe%252Fc%252F01je3wbvf3sz6pdezdrzh461d8%252F01je3wbvf3sz6pdezds62z9kbe%2FGxTg%2FfMC5AQ%2FAQ%2F94b1f58b-49be-4571-91e2-9deeab3f8b5e%2F1%2Fs9hZMPyypY/GxTg/fsC5AQ/AQ/fbc8cf05-895c-4d0f-90c4-36b552dcb7c0/1/b5ctAKYxpb HTTP 302
  • https://click.pstmrk.it/3s/o7mewk.fk07.fdske.com%2Fe%2Fc%2F01je3wbvf3sz6pdezdrzh461d8%2F01je3wbvf3sz6pdezds62z9kbe/GxTg/fMC5AQ/AQ/94b1f58b-49be-4571-91e2-9deeab3f8b5e/1/s9hZMPyypY HTTP 302
  • https://o7mewk.fk07.fdske.com/e/c/01je3wbvf3sz6pdezdrzh461d8/01je3wbvf3sz6pdezds62z9kbe HTTP 302
  • https://nayemedical.com/amladhsjdhshjdjs/xyz.html
Request Chain 3
  • https://nayemedical.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://nayemedical.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
newindex.html
mnequinevet.com/.well-known/acme-challenge/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mnequinevet.com/.well-known/acme-challenge/newindex.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.204.248.120 , United States, ASN11989 (WEBINT, US),
Reverse DNS
cp10.machighway.com
Software
Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 /
Resource Hash
260f6c53224c14bca3d4943408965f9b2c0f04447f8a0687c2c4b9b6866fd62d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
2721
Content-Type
text/html
Date
Mon, 09 Dec 2024 11:00:56 GMT
ETag
"201bb-aa1-628d16419e0b7"
Keep-Alive
timeout=30, max=100
Last-Modified
Mon, 09 Dec 2024 07:34:12 GMT
Server
Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4
favicon.ico
mnequinevet.com/ 		315 B
565 B 		Other
General
Check archive.org
Download Go to
Full URL
https://mnequinevet.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.204.248.120 , United States, ASN11989 (WEBINT, US),
Reverse DNS
cp10.machighway.com
Software
Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mnequinevet.com/.well-known/acme-challenge/newindex.html

Response headers

Keep-Alive
timeout=30, max=99
Content-Length
315
Date
Mon, 09 Dec 2024 11:00:56 GMT
Content-Type
text/html; charset=iso-8859-1
Server
Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4
Connection
Keep-Alive
xyz.html
nayemedical.com/amladhsjdhshjdjs/
Redirect Chain
  • https://link.mail.beehiiv.com/ls/click?upn=u001.OntRk5QVouPgVcpt7jiOA-2BhF0Hj-2FGWrM72hya5Gix9qzjTTwsU0ZACipNDqkdBG4-2FHsF45TJ6AZj9QwN-2FHOG2fkFN1c2dPzogmD9rPUdu3jxZuH9vw3ZNUhH8jFuirqWZ32OlhH4DnpXx...
  • https://api.mailsenderam1.com/c/f259ea3605183d570815f9d6590399f8_5346242ad46793b9bfc9df52c607b62a?sid=364fd0b42280232512194a2fef11c472_18c8bb941ee1c962575737f923c58752&aid=ZqOV&utm_source=praveens-...
  • https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fo7mewk.fk07.fdske.com%2525252Fe%2525252Fc%2525252F01je3wbvf3sz6pdezdrzh461d8%2525252F01je...
  • https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fo7mewk.fk07.fdske.com%25252Fe%25252Fc%25252F01je3wbvf3sz6pdezdrzh461d8%25252F01je3wbvf3sz6pdezds62z9kbe%252FGxTg%252FfMC...
  • https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fo7mewk.fk07.fdske.com%252Fe%252Fc%252F01je3wbvf3sz6pdezdrzh461d8%252F01je3wbvf3sz6pdezds62z9kbe%2FGxTg%2FfMC5AQ%2FAQ%2F94b1f58b-49be-4571-91e2-9dee...
  • https://click.pstmrk.it/3s/o7mewk.fk07.fdske.com%2Fe%2Fc%2F01je3wbvf3sz6pdezdrzh461d8%2F01je3wbvf3sz6pdezds62z9kbe/GxTg/fMC5AQ/AQ/94b1f58b-49be-4571-91e2-9deeab3f8b5e/1/s9hZMPyypY
  • https://o7mewk.fk07.fdske.com/e/c/01je3wbvf3sz6pdezdrzh461d8/01je3wbvf3sz6pdezds62z9kbe
  • https://nayemedical.com/amladhsjdhshjdjs/xyz.html
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nayemedical.com/amladhsjdhshjdjs/xyz.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3ffba91fc40cb080e3834f1be736d304b38bb0bb2b05a2e07ea77d70ee1d55b

Request headers

Referer
https://mnequinevet.com/.well-known/acme-challenge/newindex.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8ef47be37f875423-TLL
content-encoding
zstd
content-type
text/html; charset=utf-8
date
Mon, 09 Dec 2024 10:59:07 GMT
last-modified
Mon, 09 Dec 2024 08:23:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QpI5B9b4z7%2B7qIDjK%2BfpNjQ8Wn9%2B9aaU%2F4%2BFCUXX22FmbXaEWP4zRiIGPegz2B7ob4En9NYvp%2F8CnYpyIuU0uUQ82%2BwwnXjkSGIW5zs8FQSV9ZTDWEgKEoGdMgDWNTj9jbjVWgj1YHc%2Fcc1GGbI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=30774&min_rtt=30725&rtt_var=4928&sent=8&recv=11&lost=0&retrans=0&sent_bytes=4007&recv_bytes=2347&delivery_rate=130312&cwnd=253&unsent_bytes=0&cid=b2e684f54e4eead8&ts=262&x=0"

Redirect headers

content-length
72
content-type
text/html; charset=utf-8
date
Mon, 09 Dec 2024 10:59:07 GMT
location
https://nayemedical.com/amladhsjdhshjdjs/xyz.html
vary
Origin
via
1.1 3e28473376ca49b2cafcfef86a39cf34.cloudfront.net (CloudFront)
x-amz-cf-id
4Q17VOnok0s1a6WGTC5UezB1ViwoDFxT9vFSW3pYSD_hw_17mPNXdg==
x-amz-cf-pop
FRA60-P7
x-cache
Miss from cloudfront
Primary Request b-adobeacrobat.html
www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/documentation/shywyduaooowie8ais8aia88888a8s8d88s8a8saisuauusauuuanaaauauwjwwwow/ 		12 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/documentation/shywyduaooowie8ais8aia88888a8s8d88s8a8saisuauusauuuanaaauauwjwwwow/b-adobeacrobat.html
Requested by
Host: nayemedical.com
URL: https://nayemedical.com/amladhsjdhshjdjs/xyz.html
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
52.217.115.106 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-east-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
34670429d0df60666521fabe4822cc4c9bc3c9bf854a86b18d8c5df24e7d5faa

Request headers

Referer
https://nayemedical.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Content-Length
11892
Content-Type
text/html
Date
Mon, 09 Dec 2024 10:59:09 GMT
ETag
"4f42138a4a96b317c22ab75fc84bb904"
Last-Modified
Mon, 09 Dec 2024 08:21:19 GMT
Server
AmazonS3
x-amz-id-2
zb4RmlHZ90aBkKa0UnqZqdLey6y36/LRuLs+fizYG13W41vuoczIuPjDPqT9M/7bX1xMnP0QEto=
x-amz-request-id
3EX1FJ0H4Z71MFA4
x-amz-server-side-encryption
AES256
x-amz-version-id
ZxmWbOKACitEUmWGbEvhK1WoUb2mBKlk
main.js
nayemedical.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/ Frame F464
Redirect Chain
  • https://nayemedical.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://nayemedical.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nayemedical.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
Protocol
H2
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GHTVvco7Ewzl8BQk8m7p7iMhvAaSoGYqjIEyltFADW7wXA7iciCK0o%2BZI7Hoxer0abFABgE%2FqB4EFJmJcoQT8qzizJ1PqKm74HMqTRE9XRZHe168fFgTccfLgHe9RxppemcCRwVtPhnp%2BmI1Lcc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8ef47be58abd5423-TLL
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=33565&min_rtt=30725&rtt_var=7348&sent=13&recv=14&lost=0&retrans=0&sent_bytes=6293&recv_bytes=2551&delivery_rate=130312&cwnd=257&unsent_bytes=0&cid=b2e684f54e4eead8&ts=375&x=0"
date
Mon, 09 Dec 2024 10:59:07 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=us9nhG8VCRxgjjSgyD4Ql3edrLxHz1QIYeuOgbFoqQKZt%2BzxPlwU%2FlqMimWln7%2FfLU8Sz1BxvBsMjIheyHrZJp8JAUhiIBHmqVfb6oUK%2BpiOQWX2T7Z7LCNYY7w9V4D2VTZkZ2Yb48CmDboX8WY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef47be53a4c5423-TLL
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
server-timing
cfL4;desc="?proto=TCP&rtt=33876&min_rtt=30725&rtt_var=8969&sent=12&recv=13&lost=0&retrans=0&sent_bytes=5735&recv_bytes=2456&delivery_rate=130312&cwnd=256&unsent_bytes=0&cid=b2e684f54e4eead8&ts=328&x=0"
date
Mon, 09 Dec 2024 10:59:07 GMT
vary
Accept-Encoding
server
cloudflare
8ef47be37f875423
nayemedical.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame F464 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://nayemedical.com/cdn-cgi/challenge-platform/h/g/jsd/r/8ef47be37f875423
Requested by
Host: nayemedical.com
URL: https://nayemedical.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oek5waa3r7LJPzwPfxV1tWpwlwpypsBQcTDyq1lCRjXyk6XzE1ZDC7Wu7UHu3gYIlaGCpzlmvFbzTOWWnm7k8mhpCSc%2Bc7JcbnWpmEIx7vaUA4K0wpKBAxv%2B0cofd3ZbNQ0%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef47be638ecbfda-WAW
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=46755&min_rtt=46283&rtt_var=7928&sent=17&recv=23&lost=0&retrans=0&sent_bytes=4368&recv_bytes=21266&delivery_rate=579&cwnd=12000&unsent_bytes=0&cid=ba4495082ca1e27a&ts=162&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
0
date
Mon, 09 Dec 2024 10:59:07 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
priority
u=1,i
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff0407d4ec832e14fba9171bc288d0c481c956af888cba44382d147c0dbae6f9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
favicon.ico
www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/ 		243 B
520 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
52.217.115.106 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-east-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
8b160d305c73f01f5719c9951d16e4ca63127b7d5f2e8a4510f36054f02989e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/documentation/shywyduaooowie8ais8aia88888a8s8d88s8a8saisuauusauuuanaaauauwjwwwow/b-adobeacrobat.html

Response headers

Transfer-Encoding
chunked
x-amz-request-id
3EXC92EM4BSBYG9C
Date
Mon, 09 Dec 2024 10:59:08 GMT
Content-Type
application/xml
Server
AmazonS3
x-amz-id-2
RRp7XJK6IjrFZ1AFRZj7+4cGyvMsUW/v18uklj3PzEhoozEvITEp+YWFaoiigPeIbogzL/Fi7s4=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| fetchEmailList function| continueLoading function| validateEmail function| fetchRandomWiki

2 Cookies

Domain/Path Name / Value
.beehiiv.com/ Name: __cf_bm
Value: _sgSej5H0gZIrCmsmeUojz4aOxPXDn8T8T7_.vYUTw4-1733741945-1.0.1.1-VTWQL9JG.YgQVIN13FY4efp7wg_NqmYRFca.XBu3jA_ra8ZjGkWsvtUh0wfSqt6Uv6.1SOyNLkmgPyzhUqQLgA
.nayemedical.com/ Name: cf_clearance
Value: nmIfmsVLn3HmHi6rZW_iKDTrFZig3uUHb4Itmhld54E-1733741947-1.2.1.1-1UEPXAIIixUibA.7elBlf3jX0nRU_V6DWG0Ix0YWH8nTG5zkGDmg3Fd0ep2rgxnzVlYmIv9lmDBB.LeO8scAdlLNmaVpCkK3ADqflewEkDrGEGKKPqJIr2MRzRibINVLH2zziGVBxN.rMbfZe1njWKNYoSqDuNLjNvlb.rXGKMde3deQRD5gI8FvONn8Xb.xarteU8zMw0KzHk3gI0ugJmCsVFkV6N.GjJNhb32ka_27m2HFq3ZUEIVbkgyOlYaqbDZDmz4C71L_HbgDIcUY6BTOcARbPfCzJOVKrQOgfPHEScnmUfPFgQ6AwL8t7wkmjI3shU_MYka9vKKuUTZkGnvZn7HSz0Y7pFqoQo6UffsIu3Dd7ORw7aMy1oEKI87v

2 Console Messages

Source Level URL
Text
network error URL: https://mnequinevet.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://www-open-document-adobe-acrobat-share-secure-document.s3.us-east-1.amazonaws.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)