urlscan.io logo urlscan.io
SecurityTrails logo

6575.nl Open in urlscan Pro
5.200.11.123  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://protect-us.mimecast.com/s/1My-C0RB9RCwV54gCDw1pG?domain=6575.nl
Effective URL: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swil...
Submission: On November 07 via manual from IN — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 5.200.11.123, located in Rotterdam, Netherlands and belongs to I3DNET, NL. The main domain is 6575.nl.
TLS certificate: Issued by R3 on November 1st 2022. Valid for: 3 months.
This is the only time 6575.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 2 205.139.111.113 30031 (MIMECAST-)
2 4 5.200.11.123 49544 (I3DNET)
4 38.34.185.163 18978 (ENZUINC-)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 99.84.37.96 16509 (AMAZON-02)
3 2606:4700:e6:... 13335 (CLOUDFLAR...)
12 6
2    205.139.111.113 (United States)

ASN30031 (MIMECAST-, US)
PTR: us-api.mimecast.com
protect-us.mimecast.com
4    5.200.11.123 (Rotterdam, Netherlands)

ASN49544 (I3DNET, NL)
PTR: papillon.plie.nl
6575.nl
4    38.34.185.163 (Tokyo, Japan)

ASN18978 (ENZUINC-, US)
PTR: 163.185-34-38.rdns.scalabledns.com
code.jquery.com.de
1    2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
1    99.84.37.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-37-96.ewr52.r.cloudfront.net
logo.clearbit.com
3    2606:4700:e6::ac40:ca1c (United States)

ASN13335 (CLOUDFLARENET, US)
ka-f.fontawesome.com
Apex Domain
Subdomains		 Transfer
4 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 3084
ka-f.fontawesome.com — Cisco Umbrella Rank: 5936
99 KB
4 com.de
code.jquery.com.de
789 KB
4 6575.nl
6575.nl
284 KB
2 mimecast.com
protect-us.mimecast.com — Cisco Umbrella Rank: 20305
2 KB
1 clearbit.com
logo.clearbit.com — Cisco Umbrella Rank: 42021
3 KB
12 5
Domain Requested by
4 code.jquery.com.de 6575.nl
code.jquery.com.de
4 6575.nl 2 redirects 6575.nl
3 ka-f.fontawesome.com kit.fontawesome.com
6575.nl
2 protect-us.mimecast.com 2 redirects
1 logo.clearbit.com 6575.nl
code.jquery.com.de
1 kit.fontawesome.com 6575.nl
12 6

This site contains no links.

Subject Issuer Validity Valid
6575.nl
R3		 2022-11-01 -
2023-01-30		 3 months crt.sh
code.jquery.com.de
cPanel, Inc. Certification Authority		 2022-10-20 -
2023-01-18		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-01 -
2023-01-01		 a year crt.sh
clearbit.com
Amazon		 2022-03-23 -
2023-04-21		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-12 -
2023-08-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
Frame ID: 279297352735ED078F83867806E267AE
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://protect-us.mimecast.com/s/1My-C0RB9RCwV54gCDw1pG?domain=6575.nl HTTP 307
    https://protect-us.mimecast.com/r/xiX_MzaCJ4yQHAafjdsYZM1PkrJ11wdKfErq8oH3GSvd7sv1JrIzlqOKfNto1jTye-VOIV4yIh... HTTP 307
    https://6575.nl/wp-includes/js/web22/temit@franklintempleton.co.uk Page URL
  2. https://6575.nl/wp-includes/js/web22/meta.php HTTP 302
    https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0?swingings=TSNpUGS8e1&interdic... HTTP 301
    https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdi... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

1175 kB
Transfer

1790 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://protect-us.mimecast.com/s/1My-C0RB9RCwV54gCDw1pG?domain=6575.nl HTTP 307
    https://protect-us.mimecast.com/r/xiX_MzaCJ4yQHAafjdsYZM1PkrJ11wdKfErq8oH3GSvd7sv1JrIzlqOKfNto1jTye-VOIV4yIh5CfwBfxwP2ANAtPnhdzM_L89WXVWJ0lAF4xH50h_OBTu_dkhJGUHL9IXPwCmtbvPoUHx6LhizOyp8amDsfjyJ5xHEWn0o50M_f_uGR6vbRMfQn7lMU_bNxPiJ5JFmaSjROuveRJb7o0KLeopWZYVJ7z1fpmOTTgf906wSO61c4lumd8BzmiOXTtTYZ7YEEyQmEQpkeG9wCB-sZD1fakAg5Ii6P-2-gftnN3JRwEOeAA9Y56FAQW_BCYqhp8_jTYYDUL_4EmOCEP2tYI2rQoK0uEjiVkVa4-BmFNqUVulKfgEYTG4L_dReaFULxwaL3YWFs4wgBjqRiiGGqN_R8yeZnSIIXH5Ml0Yt8TuAHVhVBMzEOMjf4y0Mr0MkZ_knMYpj8CfaJIOXBhxCqBO-LxXdcJOn0D_4e3wia6W_HeVv_slaRwnlZd4FlhqrGKUrLRGdbWwKlyDuOqjJyWf69nsaLCMoyEnDH3QwYz5bgYzc1dUOpqXPu3rtIUot6jzSc1_tphJy0mUN5FliD8StpSAOMa4217NphY3EuUWdayimSlbP-dFFQcJ7xvVhh60m4jHS5r0dLLQw_0yOKEctH96Sq_PjpYXn8yAoRXuyBfeHL-RxE5EDlUAB86Lni-wuv0FPjY6QzPnrbyLuNR5h7IE9yXXiDLSqZftWBB_1r_zrqrlnvDis3ELSTJfh5KQomMjwy4SREudvKWmO8aIHEts6e2_DWAbx9u4kd_8bAiy79tIgMh7LxXEyAoFyNVmL4TcgbJGJT_HCEQVxcPnh8mZeHxiGnOUOdAiITP7otj7uWMCNgK6_Ygioo4d3WKTNeRZMm_FWi5jBKjVhnmbkumlRvgjTGiOch5PCNSjh5TTsu5mrWd9HwNZ9mJsy72ayX7iOK9UmBJCSuye69ZXm1z2ZrnnyARNayM87ycevWqcsagHCwwT2bvmOuMVLIke47vWOKMZ0evUGr58Vmxh6IVWTZwklNJ6P4WviTHRWXSLNH9sIyMMWq3zyV4rHecyuR7JQuQX-buDSXBIX2l2IYaU22sC9I-Laq1E2_1YElTTk2XvAsK7QMTLoXF8dAJJ_HYzTYoX_7jTAKZs2LG3r-5uGKTbolaP3sHQx95u4CruKJRUoE-C6WBRIldDlMQE4wdWN7fIlMpjXnUTvtt04IZvoNu85T3ExidHW3iUeOFI0Wq2o0bP3_x_AU6upDI3h_HgZ56ELQDNDUJHatDy_y0y_aJ4yVFkc_nyu1-6S3PbsL-PJT6EOt_1DtHmKcRgo-W9yKDalkSu8kfFcbdLteIDjeH4Ak-3K_xP9_9fDfvw80UPwStgwgSyJPR2dKsihKnsK80_fIkIABdbDvI5fmkwrOMG_YAH7OK_K0YjBzUCGoldH7gWGkbYeVeu52W1HKO1_Ej8j8Ou1S_Ddijxw8V_zmnHKXN21hnjYclV7pvvsH273ekQk-4AFjquuZsvv-ooUMC_HzsyKke5gfOAIDa2JV4pLL5on5Aa8w0ls3hpOqzLNzO-g5nWTWoiq1ZLUvF3dQARDCtddLAmXxerQzpwMRqKa0rvQwwapZow5f7qL-UuOLdx1nGI80yWNrJUBxzAGuEu9CdDI0hqXtz503cKCY1B_y2cE_dVNkcyr3Epa6-e6Icg7zI6nBgmqlowgTU9nbnwZEaG1YUGBdurYFMtnAE7Ixcc0QrOhbekgeCxtUO3PxrKQ_zE6Ze8fIJiv59rd4E9z5KxiH6RGt3LAFH4V_Daag2ZuU9g0OatimPNk8UzWoAuXmqhDYybRQnKjVkpNUlYdJ1Sw54Q HTTP 307
    https://6575.nl/wp-includes/js/web22/temit@franklintempleton.co.uk Page URL
  2. https://6575.nl/wp-includes/js/web22/meta.php HTTP 302
    https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs HTTP 301
    https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://protect-us.mimecast.com/s/1My-C0RB9RCwV54gCDw1pG?domain=6575.nl HTTP 307
  • https://protect-us.mimecast.com/r/xiX_MzaCJ4yQHAafjdsYZM1PkrJ11wdKfErq8oH3GSvd7sv1JrIzlqOKfNto1jTye-VOIV4yIh5CfwBfxwP2ANAtPnhdzM_L89WXVWJ0lAF4xH50h_OBTu_dkhJGUHL9IXPwCmtbvPoUHx6LhizOyp8amDsfjyJ5xHEWn0o50M_f_uGR6vbRMfQn7lMU_bNxPiJ5JFmaSjROuveRJb7o0KLeopWZYVJ7z1fpmOTTgf906wSO61c4lumd8BzmiOXTtTYZ7YEEyQmEQpkeG9wCB-sZD1fakAg5Ii6P-2-gftnN3JRwEOeAA9Y56FAQW_BCYqhp8_jTYYDUL_4EmOCEP2tYI2rQoK0uEjiVkVa4-BmFNqUVulKfgEYTG4L_dReaFULxwaL3YWFs4wgBjqRiiGGqN_R8yeZnSIIXH5Ml0Yt8TuAHVhVBMzEOMjf4y0Mr0MkZ_knMYpj8CfaJIOXBhxCqBO-LxXdcJOn0D_4e3wia6W_HeVv_slaRwnlZd4FlhqrGKUrLRGdbWwKlyDuOqjJyWf69nsaLCMoyEnDH3QwYz5bgYzc1dUOpqXPu3rtIUot6jzSc1_tphJy0mUN5FliD8StpSAOMa4217NphY3EuUWdayimSlbP-dFFQcJ7xvVhh60m4jHS5r0dLLQw_0yOKEctH96Sq_PjpYXn8yAoRXuyBfeHL-RxE5EDlUAB86Lni-wuv0FPjY6QzPnrbyLuNR5h7IE9yXXiDLSqZftWBB_1r_zrqrlnvDis3ELSTJfh5KQomMjwy4SREudvKWmO8aIHEts6e2_DWAbx9u4kd_8bAiy79tIgMh7LxXEyAoFyNVmL4TcgbJGJT_HCEQVxcPnh8mZeHxiGnOUOdAiITP7otj7uWMCNgK6_Ygioo4d3WKTNeRZMm_FWi5jBKjVhnmbkumlRvgjTGiOch5PCNSjh5TTsu5mrWd9HwNZ9mJsy72ayX7iOK9UmBJCSuye69ZXm1z2ZrnnyARNayM87ycevWqcsagHCwwT2bvmOuMVLIke47vWOKMZ0evUGr58Vmxh6IVWTZwklNJ6P4WviTHRWXSLNH9sIyMMWq3zyV4rHecyuR7JQuQX-buDSXBIX2l2IYaU22sC9I-Laq1E2_1YElTTk2XvAsK7QMTLoXF8dAJJ_HYzTYoX_7jTAKZs2LG3r-5uGKTbolaP3sHQx95u4CruKJRUoE-C6WBRIldDlMQE4wdWN7fIlMpjXnUTvtt04IZvoNu85T3ExidHW3iUeOFI0Wq2o0bP3_x_AU6upDI3h_HgZ56ELQDNDUJHatDy_y0y_aJ4yVFkc_nyu1-6S3PbsL-PJT6EOt_1DtHmKcRgo-W9yKDalkSu8kfFcbdLteIDjeH4Ak-3K_xP9_9fDfvw80UPwStgwgSyJPR2dKsihKnsK80_fIkIABdbDvI5fmkwrOMG_YAH7OK_K0YjBzUCGoldH7gWGkbYeVeu52W1HKO1_Ej8j8Ou1S_Ddijxw8V_zmnHKXN21hnjYclV7pvvsH273ekQk-4AFjquuZsvv-ooUMC_HzsyKke5gfOAIDa2JV4pLL5on5Aa8w0ls3hpOqzLNzO-g5nWTWoiq1ZLUvF3dQARDCtddLAmXxerQzpwMRqKa0rvQwwapZow5f7qL-UuOLdx1nGI80yWNrJUBxzAGuEu9CdDI0hqXtz503cKCY1B_y2cE_dVNkcyr3Epa6-e6Icg7zI6nBgmqlowgTU9nbnwZEaG1YUGBdurYFMtnAE7Ixcc0QrOhbekgeCxtUO3PxrKQ_zE6Ze8fIJiv59rd4E9z5KxiH6RGt3LAFH4V_Daag2ZuU9g0OatimPNk8UzWoAuXmqhDYybRQnKjVkpNUlYdJ1Sw54Q HTTP 307
  • https://6575.nl/wp-includes/js/web22/temit@franklintempleton.co.uk

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
temit@franklintempleton.co.uk
6575.nl/wp-includes/js/web22/
Redirect Chain
  • https://protect-us.mimecast.com/s/1My-C0RB9RCwV54gCDw1pG?domain=6575.nl
  • https://protect-us.mimecast.com/r/xiX_MzaCJ4yQHAafjdsYZM1PkrJ11wdKfErq8oH3GSvd7sv1JrIzlqOKfNto1jTye-VOIV4yIh5CfwBfxwP2ANAtPnhdzM_L89WXVWJ0lAF4xH50h_OBTu_dkhJGUHL9IXPwCmtbvPoUHx6LhizOyp8amDsfjyJ5xHE...
  • https://6575.nl/wp-includes/js/web22/temit@franklintempleton.co.uk
2 KB
813 B 		Document
General
Check archive.org
Download Go to
Full URL
https://6575.nl/wp-includes/js/web22/temit@franklintempleton.co.uk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.200.11.123 Rotterdam, Netherlands, ASN49544 (I3DNET, NL),
Reverse DNS
papillon.plie.nl
Software
Apache/2 / PHP/5.6.40
Resource Hash
43a0be95d7cad21e79be8db2cfe8e3481c26f4d43b2c5acbe551a5b086723637

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
gzip
content-length
687
content-type
text/html; charset=UTF-8
date
Mon, 07 Nov 2022 08:39:47 GMT
server
Apache/2
vary
Accept-Encoding,User-Agent
x-powered-by
PHP/5.6.40

Redirect headers

Cache-control
no-store
Connection
keep-alive
Content-Length
0
Date
Mon, 07 Nov 2022 08:39:47 GMT
Location
https://6575.nl/wp-includes/js/web22/temit@franklintempleton.co.uk
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex, nofollow
jquery-3.5.1.min.js
code.jquery.com.de/ 		394 KB
394 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com.de/jquery-3.5.1.min.js
Requested by
Host: 6575.nl
URL: https://6575.nl/wp-includes/js/web22/temit@franklintempleton.co.uk
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US),
Reverse DNS
163.185-34-38.rdns.scalabledns.com
Software
Apache /
Resource Hash
2dfef129dbe4c4f0ab2b2b0e67024e9486af9e29392a8a890da025e2bcafcd18

Request headers

accept-language
en-US,en;q=0.9
Referer
https://6575.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Mon, 07 Nov 2022 08:39:47 GMT
Last-Modified
Sun, 10 Jul 2022 16:27:33 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
403295
ip.php
code.jquery.com.de/ 		38 B
324 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com.de/ip.php
Requested by
Host: code.jquery.com.de
URL: https://code.jquery.com.de/jquery-3.5.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US),
Reverse DNS
163.185-34-38.rdns.scalabledns.com
Software
Apache /
Resource Hash

Request headers

Accept
*/*
Referer
https://6575.nl/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Mon, 07 Nov 2022 08:39:49 GMT
Server
Apache
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Access-Control-Allow-Headers
Authorization, Content-Type
Content-Length
38
Keep-Alive
timeout=5, max=100
Primary Request /
6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/
Redirect Chain
  • https://6575.nl/wp-includes/js/web22/meta.php
  • https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
  • https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
494 KB
283 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
Requested by
Host: 6575.nl
URL: https://6575.nl/wp-includes/js/web22/temit@franklintempleton.co.uk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.200.11.123 Rotterdam, Netherlands, ASN49544 (I3DNET, NL),
Reverse DNS
papillon.plie.nl
Software
Apache/2 / PHP/5.6.40
Resource Hash
6a277d9c03dff055e73ecd643786093da61458772a93363afa1e26902c07bfec

Request headers

Referer
https://6575.nl/wp-includes/js/web22/temit@franklintempleton.co.uk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 07 Nov 2022 08:39:50 GMT
server
Apache/2
vary
Accept-Encoding,User-Agent
x-powered-by
PHP/5.6.40

Redirect headers

content-length
370
content-type
text/html; charset=iso-8859-1
date
Mon, 07 Nov 2022 08:39:49 GMT
location
https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
server
Apache/2
jquery-3.5.1.min.js
code.jquery.com.de/ 		394 KB
394 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com.de/jquery-3.5.1.min.js
Requested by
Host: 6575.nl
URL: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US),
Reverse DNS
163.185-34-38.rdns.scalabledns.com
Software
Apache /
Resource Hash
2dfef129dbe4c4f0ab2b2b0e67024e9486af9e29392a8a890da025e2bcafcd18

Request headers

Referer
https://6575.nl/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Mon, 07 Nov 2022 08:39:50 GMT
Last-Modified
Sun, 10 Jul 2022 16:27:33 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
403295
585b051251.js
kit.fontawesome.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/585b051251.js
Requested by
Host: 6575.nl
URL: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cddaef1a49287960674430f7b2f137494671f37cd426b97a718f7957fb3926f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://6575.nl/
Origin
https://6575.nl
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 07 Nov 2022 08:39:50 GMT
strict-transport-security
max-age=31536000; preload
content-encoding
gzip
cf-cache-status
MISS
server
cloudflare
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=60, public, must-revalidate
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray
7664c2bc8b46c324-EWR
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
FyVAtrcfGSFeM0IK9vvC
inbox.com
logo.clearbit.com/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logo.clearbit.com/inbox.com
Requested by
Host: 6575.nl
URL: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.37.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-37-96.ewr52.r.cloudfront.net
Software
envoy /
Resource Hash
e6fcaeaa498762d13e53eb31f3ecb3b08ec89a7e05a4a5e4f9abd95146a72068
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://6575.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Sat, 05 Nov 2022 13:25:09 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
via
1.1 49830f6fdfb2c3519e81248d6d19f450.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
EWR52-C4
age
155681
x-cache
Hit from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-id
_TofoalrtghFBmJdwN5iOHfEbQjCTTTwRGDj4YLwCizqiq3U6a7ahw==
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/585b051251.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

accept-language
en-US,en;q=0.9
Referer
https://6575.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 08:39:51 GMT
via
1.1 90ac509e6263ee9fa7bb3f1ed1f46118.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD55-P3
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XJzFb3jmGfc4QWx3P4As3Y9548rqrMG%2Bw1R2T5Qi4ftD4BiSXGmx4Rbq69WAE2%2FPlepDn%2BzuqNiWOOn4LSzFnKRNaC19SrUCe04ZUK6nCFdNSivwF6CXUAIJWRQWfBBIANYm8DuBwR%2Fh%2FuNa2tqR2K0xmw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
7664c2c1ed5dc35e-EWR
access-control-allow-headers
fa-kit-token
x-amz-cf-id
PYTAH6Jzvpx4fQLSKzk8-L3tww7RHeBMke1kPjy5HJj3p-R1AxS_bg==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		26 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/585b051251.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://6575.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 08:39:51 GMT
via
1.1 90ac509e6263ee9fa7bb3f1ed1f46118.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD55-P3
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Ult7gHxUVofvhOhxrWYxndcFos4jLp5w9x92I%2FhCpyOL9NYRZZ0C4o99fhRw0YWYFC2va7EeDSZvq9OVbm5rpHy2t%2BVbxMUMbKoqUuFJNQaT8%2BkHeYU6KTOsYYbCUsbustjCqMQ%2B7SY0pSIZbfEVgQt9w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
7664c2c1ed5fc35e-EWR
access-control-allow-headers
fa-kit-token
x-amz-cf-id
Ha7u1yWxiTBEyqBp8BRkHbvmRzqktL-aVPHCpvhQ3H1z-82braM_PQ==
truncated
/ 		296 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0a98700c1067dff71a04c735c934c06c6df4fb0a92ec6589432153a1597af592

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		36 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a59679ee3b01c11c153681481e175b4964bdea8fc3fd8676b5fd2cffbcf38bf7

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/png
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/ 		76 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
Requested by
Host: 6575.nl
URL: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7

Request headers

Referer
https://6575.nl/
Origin
https://6575.nl
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 07 Nov 2022 08:39:51 GMT
via
1.1 9ad14e3f9b528d4215643d5af359b816.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
JFK50-P8
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
78168
last-modified
Wed, 04 Aug 2021 18:58:24 GMT
server
cloudflare
etag
"a9fd1225fb2cd32320e2b931dca01089"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hdXUlGn2n7KI0fVvyB6Kvb2yIypcpJmn6IEdJpJ5hWoLG41cdO6e%2BY7aEWXEBYe3qRPFrRxz64V88137x%2FmJ2AKFHdh%2BZ1miPBkKXjaWFk8pZJk9PVLeoGIeMz2LpnJqQBrJu9yXOzbcrqU8GUz2tJvuxA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
7664c2c1fd6dc35e-EWR
access-control-allow-headers
fa-kit-token
x-amz-cf-id
D0HsC8AdneUYlAARisqGyc17ZHjI3EDJmEz8lZgFhORQTLjk1kuz0g==
ip.php
code.jquery.com.de/ 		38 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com.de/ip.php
Requested by
Host: code.jquery.com.de
URL: https://code.jquery.com.de/jquery-3.5.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
38.34.185.163 Tokyo, Japan, ASN18978 (ENZUINC-, US),
Reverse DNS
163.185-34-38.rdns.scalabledns.com
Software
Apache /
Resource Hash
c359189b7d49a45f8ac8eddedd69754fd292d9edd979ec2369f8843862d677ac

Request headers

Accept
*/*
Referer
https://6575.nl/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Mon, 07 Nov 2022 08:39:51 GMT
Server
Apache
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Access-Control-Allow-Headers
Authorization, Content-Type
Content-Length
38
Keep-Alive
timeout=5, max=99
franklintempleton.co.uk
logo.clearbit.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
logo.clearbit.com
URL
https://logo.clearbit.com/franklintempleton.co.uk

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| _0x58ff77 function| _0x4a09 function| _0x30cc string| mail string| file function| _0x171d function| _0x391389 function| _0x3fa8 function| $ function| jQuery string| ndata string| pp string| catchh string| postt object| FontAwesomeKitConfig function| G function| t function| u object| data string| my_ai string| imgsrc string| ipinfo

2 Cookies

Domain/Path Name / Value
6575.nl/ Name: ishuman
Value: 1
6575.nl/ Name: m
Value: temit@franklintempleton.co.uk

5 Console Messages

Source Level URL
Text
javascript warning URL: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com.de/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com.de/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs(Line 3)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://kit.fontawesome.com/585b051251.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript error URL: https://6575.nl/wp-includes/js/web22/sdx9xEHJKS2dE1NB0RIX04Vb0/?swingings=TSNpUGS8e1&interdictors=corydalis&swillers=decapitation&enveloped=FTIoDBrRgs
Message:
Access to XMLHttpRequest at 'https://logo.clearbit.com/franklintempleton.co.uk' from origin 'https://6575.nl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://logo.clearbit.com/franklintempleton.co.uk
Message:
Failed to load resource: net::ERR_FAILED