cor.thepattyvan.com Open in urlscan Pro
45.74.14.32 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u16965951.ct.sendgrid.net/ls/click?upn=xxLl-2BSWebSEifPa3BMoi8WXhJFkCQDq-2F38Q-2Ba2-2FU-2Bqc3Om6aPPskWXOmZT2bdkkvRnGRt6FTP...
Effective URL:
https://cor.thepattyvan.com/1v9/08d402d53b08371778064efa5cf02b9e/w2shrynoa4gyecdf4sn4db47n0rij9.php?login=Cesar.Cortes&.veri...
Submission: On August 04 via manual (August 4th 2020, 4:01:33 pm UTC) from IN

Summary HTTP 65 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 6 countries across 15 domains to perform 65 HTTP transactions. The main IP is 45.74.14.32, located in Melbourne, Australia and belongs to AS45671-NET-AU Wholesale Services Provider, AU. The main domain is cor.thepattyvan.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 27th 2020. Valid for: 3 months.

This is the only time cor.thepattyvan.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.115.54 167.89.115.54	11377 (SENDGRID) (SENDGRID)
1 9	45.74.14.32 45.74.14.32	45671 (AS45671-N...) (AS45671-NET-AU Wholesale Services Provider)
6	35.201.118.58 35.201.118.58	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE)
2 3	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:f1:... 2a02:26f0:f1:293::30ec	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:303... 2606:4700:3031::ac43:bbe1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 32	104.111.225.101 104.111.225.101	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.111.227.29 104.111.227.29	16625 (AKAMAI-AS) (AKAMAI-AS)
2	192.229.233.55 192.229.233.55	15133 (EDGECAST) (EDGECAST)
2 2	34.227.236.7 34.227.236.7	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:6c0... 2a02:26f0:6c00:191::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	34.252.236.122 34.252.236.122	16509 (AMAZON-02) (AMAZON-02)
65	12

1 167.89.115.54 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x54.outbound-mail.sendgrid.net

u16965951.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 45.74.14.32 (Melbourne, Australia) 1 redirects

ASN45671 (AS45671-NET-AU Wholesale Services Provider, AU)

cor.thepattyvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.201.118.58 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 58.118.201.35.bc.googleusercontent.com

cdn.jotfor.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7aaf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f1:293::30ec (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

image.freepik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:bbe1 (United States)

ASN13335 (CLOUDFLARENET, US)

jsonp.afeld.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 104.111.225.101 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-225-101.deploy.static.akamaitechnologies.com

www.se.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.227.29 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-227-29.deploy.static.akamaitechnologies.com

tagmanager.schneider-electric.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.233.55 (Los Angeles, United States)

ASN15133 (EDGECAST, US)

cdn.tagcommander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.227.236.7 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-236-7.compute-1.amazonaws.com

se.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:191::11a6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.252.236.122 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-236-122.eu-west-1.compute.amazonaws.com

logi5.xiti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	se.com se.com Failed www.se.com	966 KB
9	thepattyvan.com 1 redirects cor.thepattyvan.com	45 KB
6	jotfor.ms cdn.jotfor.ms	30 KB
3	unpkg.com 2 redirects unpkg.com	2 KB
2	xiti.com 1 redirects logi5.xiti.com	717 B
2	tagcommander.com cdn.tagcommander.com	58 KB
2	googleapis.com ajax.googleapis.com	40 KB
1	go-mpulse.net s.go-mpulse.net	51 KB
1	schneider-electric.com tagmanager.schneider-electric.com intstatcheck.wsecure.schneider-electric.com Failed	58 KB
1	afeld.me jsonp.afeld.me	56 KB
1	freepik.com image.freepik.com	42 KB
1	sendgrid.net 1 redirects u16965951.ct.sendgrid.net	268 B
0	google-analytics.com Failed www.google-analytics.com Failed
0	demandbase.com Failed api.demandbase.com Failed
0	cors.io Failed cors.io Failed
65	15

	Domain	Requested by
32	www.se.com	1 redirects srcdoc www.se.com
9	cor.thepattyvan.com	1 redirects cor.thepattyvan.com
6	cdn.jotfor.ms	cor.thepattyvan.com
3	unpkg.com	2 redirects cor.thepattyvan.com
2	logi5.xiti.com	1 redirects srcdoc
2	cdn.tagcommander.com	srcdoc tagmanager.schneider-electric.com
2	se.com	cor.thepattyvan.com cdn.tagcommander.com
2	ajax.googleapis.com	cor.thepattyvan.com
1	s.go-mpulse.net	srcdoc
1	tagmanager.schneider-electric.com	srcdoc
1	jsonp.afeld.me	cor.thepattyvan.com
1	image.freepik.com	cor.thepattyvan.com
1	u16965951.ct.sendgrid.net	1 redirects
0	www.google-analytics.com Failed	tagmanager.schneider-electric.com
0	intstatcheck.wsecure.schneider-electric.com Failed	srcdoc
0	api.demandbase.com Failed	tagmanager.schneider-electric.com
0	cors.io Failed	cor.thepattyvan.com
65	17

This site contains no links.

Subject Issuer	Validity	Valid
cor.thepattyvan.com Let's Encrypt Authority X3	`2020-07-27` - `2020-10-25`	3 months	crt.sh
*.jotfor.ms Sectigo RSA Domain Validation Secure Server CA	`2020-07-06` - `2022-07-06`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-02` - `2021-08-02`	a year	crt.sh
thumbr.io Sectigo RSA Domain Validation Secure Server CA	`2020-06-05` - `2022-08-04`	2 years	crt.sh
se.com DigiCert SHA2 Secure Server CA	`2020-06-30` - `2021-04-15`	10 months	crt.sh
www.schneider-electric.com GeoTrust RSA CA 2018	`2020-02-17` - `2021-05-18`	a year	crt.sh
cdn.tagcommander.com DigiCert SHA2 Secure Server CA	`2020-04-01` - `2022-05-18`	2 years	crt.sh
akstat.io DigiCert Secure Site ECC CA-1	`2020-05-06` - `2021-08-05`	a year	crt.sh
*.xiti.com Thawte RSA CA 2018	`2020-02-27` - `2022-05-22`	2 years	crt.sh

This page contains 3 frames:

Primary Page: https://cor.thepattyvan.com/1v9/08d402d53b08371778064efa5cf02b9e/w2shrynoa4gyecdf4sn4db47n0rij9.php?login=Cesar.Cortes&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Cesar.Cortes&loginID=Cesar.Cortes&.
Frame ID: A40621DCFA30C7B6D7D8D945C38F1E39
Requests: 22 HTTP requests in this frame

Frame: https://se.com/
Frame ID: AA614B588B76E33DB8F4D6BC90ED414A
Requests: 46 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/XR4TT-L9EBU-2KFPC-LU3QU-W6RKY
Frame ID: 9C70C8A4CFF51F0B6A2A6E8192442024
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u16965951.ct.sendgrid.net/ls/click?upn=xxLl-2BSWebSEifPa3BMoi8WXhJFkCQDq-2F38Q-2Ba2-2FU-2Bqc3Om6aPPskW... HTTP 302
https://cor.thepattyvan.com/1v9/fhgnb.fgh?yth=Cesar.Cortes@se.com Page URL
https://cor.thepattyvan.com/1v9/rcopy.php HTTP 302
https://cor.thepattyvan.com/1v9/08d402d53b08371778064efa5cf02b9e/load.php?token=6aQ2VzYXIuQ29ydGVzQHNlLm... Page URL
https://cor.thepattyvan.com/1v9/08d402d53b08371778064efa5cf02b9e/w2shrynoa4gyecdf4sn4db47n0rij9.php?logi... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

65
Requests

85 %
HTTPS

38 %
IPv6

15
Domains

17
Subdomains

12
IPs

6
Countries

1346 kB
Transfer

3031 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u16965951.ct.sendgrid.net/ls/click?upn=xxLl-2BSWebSEifPa3BMoi8WXhJFkCQDq-2F38Q-2Ba2-2FU-2Bqc3Om6aPPskWXOmZT2bdkkvRnGRt6FTPrJ-2FW7rhuapemlztrYcn20fcRTVNGKpqGzI-3D0bwu_j-2BvkwtBax5XDu4lOtaguTuVN8LUkNjaS-2B4bWJRvjZaFCdpSnQI9yzPN2hVI9AKwMGNk-2B6hAicSCEHVg3BSp9kP0O6IMsCCj-2BWET2Pz-2F2mynhZKzWCQuSdtTSv-2FRVN1OnXtBX6GBbWds6gmZ-2FM5gh6QNjMxdgrNOJ2yKtAl1K5xkqy3-2FbhYiYIBXLODJV9kJRak3yNiQBJnNTcWuKrGXGodHwxuiVHy-2Bd5lkFfc5cBzg-3D HTTP 302
https://cor.thepattyvan.com/1v9/fhgnb.fgh?yth=Cesar.Cortes@se.com Page URL
https://cor.thepattyvan.com/1v9/rcopy.php HTTP 302
https://cor.thepattyvan.com/1v9/08d402d53b08371778064efa5cf02b9e/load.php?token=6aQ2VzYXIuQ29ydGVzQHNlLmNvbQ%3D%3D Page URL
https://cor.thepattyvan.com/1v9/08d402d53b08371778064efa5cf02b9e/w2shrynoa4gyecdf4sn4db47n0rij9.php?login=Cesar.Cortes&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Cesar.Cortes&loginID=Cesar.Cortes&. Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://u16965951.ct.sendgrid.net/ls/click?upn=xxLl-2BSWebSEifPa3BMoi8WXhJFkCQDq-2F38Q-2Ba2-2FU-2Bqc3Om6aPPskWXOmZT2bdkkvRnGRt6FTPrJ-2FW7rhuapemlztrYcn20fcRTVNGKpqGzI-3D0bwu_j-2BvkwtBax5XDu4lOtaguTuVN8LUkNjaS-2B4bWJRvjZaFCdpSnQI9yzPN2hVI9AKwMGNk-2B6hAicSCEHVg3BSp9kP0O6IMsCCj-2BWET2Pz-2F2mynhZKzWCQuSdtTSv-2FRVN1OnXtBX6GBbWds6gmZ-2FM5gh6QNjMxdgrNOJ2yKtAl1K5xkqy3-2FbhYiYIBXLODJV9kJRak3yNiQBJnNTcWuKrGXGodHwxuiVHy-2Bd5lkFfc5cBzg-3D HTTP 302
https://cor.thepattyvan.com/1v9/fhgnb.fgh?yth=Cesar.Cortes@se.com

Request Chain 1

https://cor.thepattyvan.com/1v9/rcopy.php HTTP 302
https://cor.thepattyvan.com/1v9/08d402d53b08371778064efa5cf02b9e/load.php?token=6aQ2VzYXIuQ29ydGVzQHNlLmNvbQ%3D%3D

Request Chain 15

https://unpkg.com/@ungap/custom-elements-builtin HTTP 302
https://unpkg.com/@ungap/custom-elements-builtin@0.6.2 HTTP 302
https://unpkg.com/@ungap/custom-elements-builtin@0.6.2/min.js

Request Chain 29

https://se.com/assets-search/guided-sdl9/guided.js HTTP 301
https://www.se.com/assets-search/guided-sdl9/guided.js

Request Chain 36

https://se.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP 301
https://www.se.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP 302
https://www.se.com/ww/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Request Chain 43

https://logi5.xiti.com/hit.xiti?s=387081&ts=1596556879017&vtag=5.18.2&ptag=js&r=1600x1200x24x24&re=1600x1200&hl=18x1x19&lng=en-US&idp=1801196288352&jv=0&p=srcdoc&s2=102&x2=0&ref= HTTP 302
https://logi5.xiti.com/hit.xiti?s=387081&ts=1596556879017&vtag=5.18.2&ptag=js&r=1600x1200x24x24&re=1600x1200&hl=18x1x19&lng=en-US&idp=1801196288352&jv=0&p=srcdoc&s2=102&x2=0&ref=&Rdt=On

65 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

fhgnb.fgh Show response
cor.thepattyvan.com/1v9/
Redirect Chain

https://u16965951.ct.sendgrid.net/ls/click?upn=xxLl-2BSWebSEifPa3BMoi8WXhJFkCQDq-2F38Q-2Ba2-2FU-2Bqc3Om6aPPskWXOmZT2bdkkvRnGRt6FTPrJ-2FW7rhuapemlztrYcn20fcRTVNGKpqGzI-3D0bwu_j-2BvkwtBax5XDu4lOtaguT...
https://cor.thepattyvan.com/1v9/fhgnb.fgh?yth=Cesar.Cortes@se.com

4 KB
5 KB

2610ms
1307ms

Document
text/html

45.74.14.32
AS45671-NET-AU Wh...

General

cor.thepattyvan.com Open in urlscan Pro 45.74.14.32 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

65 Requests

85 %HTTPS

38 %IPv6

15 Domains

17 Subdomains

12 IPs

6 Countries

1346 kBTransfer

3031 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

65 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cor.thepattyvan.com Open in urlscan Pro
45.74.14.32 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

65
Requests

85 %
HTTPS

38 %
IPv6

15
Domains

17
Subdomains

12
IPs

6
Countries

1346 kB
Transfer

3031 kB
Size

0
Cookies

65 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!