spingauth.runspecs.com Open in urlscan Pro
45.133.200.3  Malicious Activity! Public Scan

15 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://storage.googleapis.com/tiggeruno/tiggers.html Page URL
2. https://spingauth.runspecs.com/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	tiggers.html Show response storage.googleapis.com/tiggeruno/	226 B 805 B	410ms 386ms	Document text/html	2a00:1450:4001:80f::2010 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/tiggeruno/tiggers.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software UploadServer / Resource Hash 678c5ee522bff7ff7a0981245f1b3c062585d319e3dc0cf2f06f1d66d790aaef Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers x-guploader-uploadid ADPycds_TDGfulBdlShafjvGLSMv64WIj2u5CPhO3a3GI7PputLT-L1TbE9Ov-3A7441Bj8u3QgQaFyJXj9gXnf9ZEU expires Thu, 27 Jan 2022 20:36:58 GMT date Thu, 27 Jan 2022 19:36:58 GMT cache-control public, max-age=3600 last-modified Thu, 27 Jan 2022 16:21:33 GMT etag "24fb3fea4974170442c62f6a0583c760" x-goog-generation 1643300493906341 x-goog-metageneration 1 x-goog-stored-content-encoding identity x-goog-stored-content-length 226 content-type text/html x-goog-hash crc32c=ibTgXQ== md5=JPs/6kl0FwRCxi9qBYPHYA== x-goog-storage-class STANDARD accept-ranges bytes content-length 226 server UploadServer alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	Primary Request / Show response spingauth.runspecs.com/	6 KB 2 KB	196ms 109ms	Document text/html	45.133.200.3 INTERNET-IT
General Check archive.org Show headers Download Go to Full URL https://spingauth.runspecs.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC), Reverse DNS cpanel-host.prohoster.info Software nginx / PHP/5.6.40 Resource Hash 933b4a302d1b7d78a35cdb7a58601307f0ee44382f91707f9104b647123f48e6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://storage.googleapis.com/ Response headers server nginx date Thu, 27 Jan 2022 19:36:59 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding x-powered-by PHP/5.6.40 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache x-xss-protection 1; mode=block x-content-type-options nosniff x-nginx-upstream-cache-status MISS x-server-powered-by Engintron content-encoding gzip
GET H2	200	jquery-1.9.1.min.js Show response webmail.spectrum.net/application/modules/mail/views/scripts/mail/js/	90 KB 91 KB	593ms 386ms	Script application/javascript	44.199.24.139 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/js/jquery-1.9.1.min.js?v=2.1.2_3 Requested by Host: spingauth.runspecs.com URL: https://spingauth.runspecs.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-199-24-139.compute-1.amazonaws.com Software nginx / Resource Hash c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://spingauth.runspecs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 27 Jan 2022 19:37:00 GMT last-modified Mon, 22 Nov 2021 23:13:29 GMT server nginx etag "619c2419-169d5" content-type application/javascript cache-control max-age=2592000 accept-ranges bytes content-length 92629 expires Sat, 26 Feb 2022 19:37:00 GMT
GET H2	200	login.js Show response webmail.spectrum.net/application/modules/mail/views/scripts/auth/js/	2 KB 3 KB	592ms 385ms	Script application/javascript	44.199.24.139 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://webmail.spectrum.net/application/modules/mail/views/scripts/auth/js/login.js?v=2.1.2_3 Requested by Host: spingauth.runspecs.com URL: https://spingauth.runspecs.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-199-24-139.compute-1.amazonaws.com Software nginx / Resource Hash 164661dbf5eaeed1f00e417d220424bf968a7776f831a042a41a4a8b538b8992 Request headers Accept-Language de-DE,de;q=0.9 Referer https://spingauth.runspecs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 27 Jan 2022 19:37:00 GMT last-modified Mon, 22 Nov 2021 23:13:28 GMT server nginx etag "619c2418-909" content-type application/javascript cache-control max-age=2592000 accept-ranges bytes content-length 2313 expires Sat, 26 Feb 2022 19:37:00 GMT
GET H2	200	spectrum.css webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/	127 KB 128 KB	402ms 196ms	Stylesheet text/css	44.199.24.139 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/spectrum.css?v=2.1.2_3 Requested by Host: spingauth.runspecs.com URL: https://spingauth.runspecs.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-199-24-139.compute-1.amazonaws.com Software nginx / Resource Hash b5d9d0bcbd16baa63ee4dc99794948f69487ccf6fc4daa23b20827f83f4ef88e Request headers Accept-Language de-DE,de;q=0.9 Referer https://spingauth.runspecs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 27 Jan 2022 19:37:00 GMT last-modified Mon, 22 Nov 2021 23:13:28 GMT server nginx etag "619c2418-1fd50" content-type text/css cache-control max-age=2592000 accept-ranges bytes content-length 130384 expires Sat, 26 Feb 2022 19:37:00 GMT
GET H2	200	login.css webmail.spectrum.net/application/modules/mail/views/scripts/auth/css/	6 KB 6 KB	304ms 98ms	Stylesheet text/css	44.199.24.139 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://webmail.spectrum.net/application/modules/mail/views/scripts/auth/css/login.css?v=2.1.2_3 Requested by Host: spingauth.runspecs.com URL: https://spingauth.runspecs.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-199-24-139.compute-1.amazonaws.com Software nginx / Resource Hash 0e7844897e2ad91585d7ae76659691df8b8044fd2d92979b007997a13816d0a3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://spingauth.runspecs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 27 Jan 2022 19:37:00 GMT last-modified Mon, 22 Nov 2021 23:13:28 GMT server nginx etag "619c2418-1683" content-type text/css cache-control max-age=2592000 accept-ranges bytes content-length 5763 expires Sat, 26 Feb 2022 19:37:00 GMT
GET H2	200	rutledge.css webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/	5 KB 5 KB	400ms 194ms	Stylesheet text/css	44.199.24.139 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/css/rutledge.css?v=2.1.2_3 Requested by Host: spingauth.runspecs.com URL: https://spingauth.runspecs.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-199-24-139.compute-1.amazonaws.com Software nginx / Resource Hash d0ccab8c62e3914173619ccb183a8bbe6df396a5e7bc788c8c28c1f7b2182d66 Request headers Accept-Language de-DE,de;q=0.9 Referer https://spingauth.runspecs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 27 Jan 2022 19:37:00 GMT last-modified Mon, 22 Nov 2021 23:13:28 GMT server nginx etag "619c2418-138f" content-type text/css cache-control max-age=2592000 accept-ranges bytes content-length 5007 expires Sat, 26 Feb 2022 19:37:00 GMT
GET H2	200	spectrum-logo.svg webmail.spectrum.net/application/modules/mail/views/scripts/mail/images/logos/	10 KB 10 KB	99ms 98ms	Image image/svg+xml	44.199.24.139 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://webmail.spectrum.net/application/modules/mail/views/scripts/mail/images/logos/spectrum-logo.svg?v=2.1.2_3 Requested by Host: spingauth.runspecs.com URL: https://spingauth.runspecs.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.199.24.139 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-199-24-139.compute-1.amazonaws.com Software nginx / Resource Hash 059197cdfcc9b8f79681f308720087c5e803bd1ac207fe501f99ed3fd1778088 Request headers Accept-Language de-DE,de;q=0.9 Referer https://spingauth.runspecs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 27 Jan 2022 19:37:00 GMT last-modified Mon, 22 Nov 2021 23:13:28 GMT server nginx etag "619c2418-277b" content-type image/svg+xml cache-control max-age=2592000 accept-ranges bytes content-length 10107 expires Sat, 26 Feb 2022 19:37:00 GMT
GET		rutledge-light.woff d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/	0 0
GET		rutledge-medium.woff d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

d1ff979u6gd5fc.cloudfront.net

URL

https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/rutledge-light.woff

Domain

d1ff979u6gd5fc.cloudfront.net

URL

https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/rutledge-medium.woff

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spectrum (Telecommunication)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| LoginForm function| Hoh object| loginForm object| hoh

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			spingauth.runspecs.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: cnhidq8420kul7fcgqv2337t47
			webmail.spectrum.net/	1970-01-20 00:38:37	Name: AWSALBCORS Value: vYKqECloyff6WHCLq7AMLngkPx4xl2e054/85d+AfY3IBhGAaH4+YXyIhDnM0HtDUiamBg54LAqNoTiQzPEevhtxMx7Rgvc8PNr5V9iGq/GwTD8PJy1rFmOXBTWG

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://spingauth.runspecs.com/ Message: Access to font at 'https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/rutledge-light.woff' from origin 'https://spingauth.runspecs.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/light/rutledge-light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://spingauth.runspecs.com/ Message: Access to font at 'https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/rutledge-medium.woff' from origin 'https://spingauth.runspecs.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://d1ff979u6gd5fc.cloudfront.net/api/static-assets/assets/3.52.0/22/assets/fonts/rutledge/medium/rutledge-medium.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d1ff979u6gd5fc.cloudfront.net
spingauth.runspecs.com
storage.googleapis.com
webmail.spectrum.net
d1ff979u6gd5fc.cloudfront.net
2a00:1450:4001:80f::2010
44.199.24.139
45.133.200.3
059197cdfcc9b8f79681f308720087c5e803bd1ac207fe501f99ed3fd1778088
0e7844897e2ad91585d7ae76659691df8b8044fd2d92979b007997a13816d0a3
164661dbf5eaeed1f00e417d220424bf968a7776f831a042a41a4a8b538b8992
678c5ee522bff7ff7a0981245f1b3c062585d319e3dc0cf2f06f1d66d790aaef
933b4a302d1b7d78a35cdb7a58601307f0ee44382f91707f9104b647123f48e6
b5d9d0bcbd16baa63ee4dc99794948f69487ccf6fc4daa23b20827f83f4ef88e
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
d0ccab8c62e3914173619ccb183a8bbe6df396a5e7bc788c8c28c1f7b2182d66