urlscan.io logo urlscan.io
SecurityTrails logo

peaceful-lamport-7f9519.netlify.app Open in urlscan Pro
2a03:b0c0:3:d0::d23:e001  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://peaceful-lamport-7f9519.netlify.app/
Effective URL: https://peaceful-lamport-7f9519.netlify.app/
Submission: On July 27 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 17 HTTP transactions. The main IP is 2a03:b0c0:3:d0::d23:e001, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is peaceful-lamport-7f9519.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on March 9th 2021. Valid for: a year.
This is the only time peaceful-lamport-7f9519.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2a03:b0c0:3:d... 14061 (DIGITALOC...)
9 192.185.188.198 46606 (UNIFIEDLA...)
1 2a00:1450:400... 15169 (GOOGLE)
1 192.185.122.7 46606 (UNIFIEDLA...)
1 2a00:1450:400... 15169 (GOOGLE)
1 185.97.217.17 21056 (ASN-WELCO...)
2 2a00:1450:400... 15169 (GOOGLE)
17 8
1    2a03:b0c0:3:d0::d23:e001 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
peaceful-lamport-7f9519.netlify.app
9    192.185.188.198 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-188-198.unifiedlayer.com
hydroplast.ae
1    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    192.185.122.7 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-122-7.unifiedlayer.com
reliantbenefitsgroup.com
1    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    185.97.217.17 (Italy)

ASN21056 (ASN-WELCOMEITALIA, IT)
PTR: host17-217.ip.cbsolt.net
panel.cbsolt.net
2    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
9 hydroplast.ae peaceful-lamport-7f9519.netlify.app
2 www.google-analytics.com hydroplast.ae
www.googletagmanager.com
1 panel.cbsolt.net hydroplast.ae
1 fonts.gstatic.com hydroplast.ae
1 reliantbenefitsgroup.com peaceful-lamport-7f9519.netlify.app
1 www.googletagmanager.com peaceful-lamport-7f9519.netlify.app
1 peaceful-lamport-7f9519.netlify.app
17 7

This site contains no links.

Subject Issuer Validity Valid
*.netlify.app
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-03-09 -
2022-03-01		 a year crt.sh
hydroplast.ae
R3		 2021-05-30 -
2021-08-28		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.reliantbenefitsgroup.com
R3		 2021-07-16 -
2021-10-14		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
cbsolt.net
GoGetSSL RSA DV CA		 2021-05-07 -
2021-10-07		 5 months crt.sh

This page contains 1 frames:

Primary Page: https://peaceful-lamport-7f9519.netlify.app/
Frame ID: 048705839ADC55DC71D34290E5B76C8E
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://peaceful-lamport-7f9519.netlify.app/ HTTP 307
    https://peaceful-lamport-7f9519.netlify.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^Netlify/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

17
Requests

94 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

8
IPs

3
Countries

2699 kB
Transfer

7890 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://peaceful-lamport-7f9519.netlify.app/ HTTP 307
    https://peaceful-lamport-7f9519.netlify.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
peaceful-lamport-7f9519.netlify.app/
Redirect Chain
  • http://peaceful-lamport-7f9519.netlify.app/
  • https://peaceful-lamport-7f9519.netlify.app/
226 KB
59 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:d0::d23:e001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
b4e6a53906066a434eae96bd79f62f4701495d4327b5d01b3ffe206bff90e1af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
peaceful-lamport-7f9519.netlify.app
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control
public, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8
date
Tue, 27 Jul 2021 19:42:01 GMT
etag
"c5fc1c70673320252d47eb1a51f11fe6-ssl-df"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-nf-request-id
01FBMQT00MJ7XMNH9K2GKP07M0
vary
Accept-Encoding
age
0
server
Netlify
content-encoding
br

Redirect headers

Location
https://peaceful-lamport-7f9519.netlify.app/
Non-Authoritative-Reason
HSTS
Calendar.js
hydroplast.ae/wp-admin/images/Webmacil_files/ 		1 MB
497 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/Calendar.js
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.198 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-188-198.unifiedlayer.com
Software
Apache /
Resource Hash
22a776dc33eb31de16d4a248f94411a41cde9f0fbf50533106f21fb8db93707e

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:02 GMT
content-encoding
gzip
last-modified
Mon, 28 Sep 2020 16:55:14 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
application/javascript
analytics.js
hydroplast.ae/wp-admin/images/Webmacil_files/ 		45 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/analytics.js
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.198 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-188-198.unifiedlayer.com
Software
Apache /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:02 GMT
content-encoding
gzip
last-modified
Mon, 28 Sep 2020 16:55:14 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
application/javascript
gtm.js
hydroplast.ae/wp-admin/images/Webmacil_files/ 		83 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/gtm.js
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.198 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-188-198.unifiedlayer.com
Software
Apache /
Resource Hash
d2e491ca22aec9fb9beda717d1e7cb5719431befb94c85411eaaf65938acd931

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:03 GMT
content-encoding
gzip
last-modified
Mon, 28 Sep 2020 16:55:14 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
application/javascript
all.css
hydroplast.ae/wp-admin/images/Webmacil_files/ 		0
0
css.css
hydroplast.ae/wp-admin/images/Webmacil_files/ 		18 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/css.css
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.198 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-188-198.unifiedlayer.com
Software
Apache /
Resource Hash
5d15c5831cf10ab0490aa9523b419427716488265fcb18ba1520c0f5040034fe

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:02 GMT
content-encoding
gzip
last-modified
Mon, 28 Sep 2020 16:55:14 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
2401
styles.js
hydroplast.ae/wp-admin/images/Webmacil_files/ 		107 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/styles.js
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.198 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-188-198.unifiedlayer.com
Software
Apache /
Resource Hash
9b2977557e8cc2bad8349f4d3e7e5ec216993757158385f25e37a066e6843a7e

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:02 GMT
content-encoding
gzip
last-modified
Mon, 28 Sep 2020 16:55:14 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
application/javascript
App.css
hydroplast.ae/wp-admin/images/Webmacil_files/ 		515 KB
115 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/App.css
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.198 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-188-198.unifiedlayer.com
Software
Apache /
Resource Hash
45534fe15c5a5e9dd3c1d7cb166855391d4473dbc507b642753f124e4bce33e8

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:02 GMT
content-encoding
gzip
last-modified
Mon, 28 Sep 2020 16:55:14 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
text/css
App.js
hydroplast.ae/wp-admin/images/Webmacil_files/ 		5 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/App.js
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.198 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-188-198.unifiedlayer.com
Software
Apache /
Resource Hash
6c677c543440c3448dbbea39e189773c1c6ac970b4a6adf099c9f8817f7552e0

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:02 GMT
content-encoding
gzip
last-modified
Mon, 28 Sep 2020 16:55:14 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
application/javascript
gtm.js
www.googletagmanager.com/ 		99 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PKPS9FD&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3eddf8a7077881480852a018687773a723335acc1c2444f9ac250368ec967006
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:03 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37470
x-xss-protection
0
last-modified
Tue, 27 Jul 2021 19:16:32 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 27 Jul 2021 19:42:03 GMT
Calendar.css
hydroplast.ae/wp-admin/images/Webmacil_files/ 		146 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/Calendar.css
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.198 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-188-198.unifiedlayer.com
Software
Apache /
Resource Hash
132719bf3a6785b57ac2e16257715a5d6fd0477b31a768b7b73c1bc91f7cd0df

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:02 GMT
content-encoding
gzip
last-modified
Mon, 28 Sep 2020 16:55:14 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
text/css
asseAFEGDts.svg
reliantbenefitsgroup.com/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reliantbenefitsgroup.com/asseAFEGDts.svg
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.122.7 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-122-7.unifiedlayer.com
Software
nginx/1.19.10 /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:04 GMT
last-modified
Fri, 02 Jul 2021 03:44:47 GMT
server
nginx/1.19.10
x-server-cache
false
x-endurance-cache-level
3
content-type
image/svg+xml
cache-control
max-age=604800
accept-ranges
bytes
content-length
3651
expires
Tue, 03 Aug 2021 19:42:04 GMT
main.js
hydroplast.ae/wp-admin/images/Webmacil_files/ 		253 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/main.js
Requested by
Host: peaceful-lamport-7f9519.netlify.app
URL: https://peaceful-lamport-7f9519.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.198 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-188-198.unifiedlayer.com
Software
Apache /
Resource Hash
2a08ca2ec71511ad0d6ac282142803ef0ea940130ed68ccc0c5456848856257f

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 19:42:03 GMT
content-encoding
gzip
last-modified
Mon, 28 Sep 2020 16:55:14 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
application/javascript
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: hydroplast.ae
URL: https://hydroplast.ae/wp-admin/images/Webmacil_files/css.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://peaceful-lamport-7f9519.netlify.app
Referer
https://hydroplast.ae/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 13:27:21 GMT
x-content-type-options
nosniff
age
22482
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16112
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:10:09 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Jul 2022 13:27:21 GMT
webmail_custom_url
panel.cbsolt.net/api/restricted/ 		15 B
413 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://panel.cbsolt.net/api/restricted/webmail_custom_url?url=peaceful-lamport-7f9519.netlify.app
Requested by
Host: hydroplast.ae
URL: https://hydroplast.ae/wp-admin/images/Webmacil_files/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.97.217.17 , Italy, ASN21056 (ASN-WELCOMEITALIA, IT),
Reverse DNS
host17-217.ip.cbsolt.net
Software
nginx/1.16.1 /
Resource Hash
d7b8e5e78a741ce6859753c8ebc381434dfb31b88f47d716bc184b52fdfc1ac6

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-runtime
0.004128
date
Tue, 27 Jul 2021 19:42:03 GMT
server
nginx/1.16.1
etag
W/"75b2c081cd86fd44dad0299481fbad33"
vary
Origin
access-control-allow-methods
GET, POST, DELETE, PUT, PATCH, OPTIONS, HEAD
content-type
application/json
access-control-allow-origin
https://peaceful-lamport-7f9519.netlify.app
access-control-max-age
1728000
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
15
x-request-id
6873644d-b451-4c7a-b350-302a05a5b410
access-control-expose-headers
collect
www.google-analytics.com/j/ 		1 B
100 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&a=408757097&t=pageview&_s=1&dl=https%3A%2F%2Fpeaceful-lamport-7f9519.netlify.app%2F&ul=en-us&de=UTF-8&dt=Webmail&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABEAAAAC~&jid=1090796212&gjid=13912499&cid=593583617.1627414924&tid=UA-4012903-9&_gid=258047140.1627414924&_r=1&gtm=2wg7l1PKPS9FD&z=1573531199
Requested by
Host: hydroplast.ae
URL: https://hydroplast.ae/wp-admin/images/Webmacil_files/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 27 Jul 2021 19:42:03 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://peaceful-lamport-7f9519.netlify.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PKPS9FD&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://peaceful-lamport-7f9519.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
3064
date
Tue, 27 Jul 2021 18:50:59 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Tue, 27 Jul 2021 20:50:59 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hydroplast.ae
URL
https://hydroplast.ae/wp-admin/images/Webmacil_files/all.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| dataLayer object| google_tag_data function| ga object| gaplugins object| webpackJsonp function| detectIE function| moment object| google_tag_manager string| GoogleAnalyticsObject object| gaGlobal object| gaData

3 Cookies

Domain/Path Name / Value
.peaceful-lamport-7f9519.netlify.app/ Name: _gat_UA-4012903-9
Value: 1
.peaceful-lamport-7f9519.netlify.app/ Name: _gid
Value: GA1.3.258047140.1627414924
.peaceful-lamport-7f9519.netlify.app/ Name: _ga
Value: GA1.3.593583617.1627414924

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
hydroplast.ae
panel.cbsolt.net
peaceful-lamport-7f9519.netlify.app
reliantbenefitsgroup.com
www.google-analytics.com
www.googletagmanager.com
hydroplast.ae
185.97.217.17
192.185.122.7
192.185.188.198
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2003
2a00:1450:4001:828::2008
2a03:b0c0:3:d0::d23:e001
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
132719bf3a6785b57ac2e16257715a5d6fd0477b31a768b7b73c1bc91f7cd0df
22a776dc33eb31de16d4a248f94411a41cde9f0fbf50533106f21fb8db93707e
2a08ca2ec71511ad0d6ac282142803ef0ea940130ed68ccc0c5456848856257f
3eddf8a7077881480852a018687773a723335acc1c2444f9ac250368ec967006
45534fe15c5a5e9dd3c1d7cb166855391d4473dbc507b642753f124e4bce33e8
5d15c5831cf10ab0490aa9523b419427716488265fcb18ba1520c0f5040034fe
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c677c543440c3448dbbea39e189773c1c6ac970b4a6adf099c9f8817f7552e0
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
9b2977557e8cc2bad8349f4d3e7e5ec216993757158385f25e37a066e6843a7e
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
b4e6a53906066a434eae96bd79f62f4701495d4327b5d01b3ffe206bff90e1af
d2e491ca22aec9fb9beda717d1e7cb5719431befb94c85411eaaf65938acd931
d7b8e5e78a741ce6859753c8ebc381434dfb31b88f47d716bc184b52fdfc1ac6