urlscan.io logo urlscan.io
SecurityTrails logo

www.gmailmsg.com Open in urlscan Pro
54.154.75.86  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.gmailmsg.com/signin?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6IjJkMGEyM2U3LWVkOGUtNDg2ZS1hZjFiLTQwYmM5MT...
Submission: On June 16 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 54.154.75.86, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.gmailmsg.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on April 13th 2023. Valid for: a year.
This is the only time www.gmailmsg.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 54.154.75.86 16509 (AMAZON-02)
6 192.0.66.2 2635 (AUTOMATTIC)
7 2
Apex Domain
Subdomains		 Transfer
6 go-vip.co
sophos-phish-threat.go-vip.co
111 KB
1 gmailmsg.com
www.gmailmsg.com
2 KB
7 2
Domain Requested by
6 sophos-phish-threat.go-vip.co www.gmailmsg.com
sophos-phish-threat.go-vip.co
1 www.gmailmsg.com
7 2

This site contains links to these domains. Also see Links.

Domain
www.sophos.com
staysafe.sophos.com
Subject Issuer Validity Valid
gmailmsg.com
Amazon RSA 2048 M01		 2023-04-13 -
2024-05-04		 a year crt.sh
*.go-vip.co
Sectigo RSA Domain Validation Secure Server CA		 2022-10-26 -
2023-11-26		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.gmailmsg.com/signin?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6IjJkMGEyM2U3LWVkOGUtNDg2ZS1hZjFiLTQwYmM5MTBlZWZhMyIsImNlbGwiOiJodHRwczovL3V0MHA3amg4NGUuZXhlY3V0ZS1hcGkuZXUtY2VudHJhbC0xLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiNmQ0NGI0NTEtOTczZC00NWY1LWE0NGItNjkwOWY0OTcyNGVjIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiaWF0IjoxNjg2ODM1MjkyLCJpc3MiOiJodHRwczovL2FwcC5waGlzaHRocmVhdC5jb20iLCJleHAiOjE2OTQ2MTEyOTJ9.iW3Hlq_0GG_vdd7VzAgqow2dXh_2cbaIZToRsEzbtxQ
Frame ID: 2A665690BB9FEF41FA3CC4167EDF68B1
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sophos Phish Threat – Phishing attack simulation and training for end users

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

113 kB
Transfer

259 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request signin
www.gmailmsg.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.gmailmsg.com/signin?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6IjJkMGEyM2U3LWVkOGUtNDg2ZS1hZjFiLTQwYmM5MTBlZWZhMyIsImNlbGwiOiJodHRwczovL3V0MHA3amg4NGUuZXhlY3V0ZS1hcGkuZXUtY2VudHJhbC0xLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiNmQ0NGI0NTEtOTczZC00NWY1LWE0NGItNjkwOWY0OTcyNGVjIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiaWF0IjoxNjg2ODM1MjkyLCJpc3MiOiJodHRwczovL2FwcC5waGlzaHRocmVhdC5jb20iLCJleHAiOjE2OTQ2MTEyOTJ9.iW3Hlq_0GG_vdd7VzAgqow2dXh_2cbaIZToRsEzbtxQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.75.86 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-75-86.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
26c9591f379c4d5f7901ae9ae5f022d6818a7b6d0cbd39bc5a175247af768293
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Age
0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Jun 2023 05:03:33 GMT
Server
nginx/1.18.0
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
X-Cache
miss
X-rq
lhr3 111 253 443
master.min.css
sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/ 		88 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
Requested by
Host: www.gmailmsg.com
URL: https://www.gmailmsg.com/signin?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6IjJkMGEyM2U3LWVkOGUtNDg2ZS1hZjFiLTQwYmM5MTBlZWZhMyIsImNlbGwiOiJodHRwczovL3V0MHA3amg4NGUuZXhlY3V0ZS1hcGkuZXUtY2VudHJhbC0xLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiNmQ0NGI0NTEtOTczZC00NWY1LWE0NGItNjkwOWY0OTcyNGVjIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiaWF0IjoxNjg2ODM1MjkyLCJpc3MiOiJodHRwczovL2FwcC5waGlzaHRocmVhdC5jb20iLCJleHAiOjE2OTQ2MTEyOTJ9.iW3Hlq_0GG_vdd7VzAgqow2dXh_2cbaIZToRsEzbtxQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f1dd8f33178fc66764414b4552521f686c8c37dec7f8ffe0b255a66e1a81b246
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gmailmsg.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 16 Jun 2023 05:03:33 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 08 Feb 2023 21:44:19 GMT
server
nginx
x-rq
hhn2 96 184 443
etag
W/"63e417b3-160fd"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
cache-control
max-age=31536000
sophos-logo.png
sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/images/sophos-logo.png
Requested by
Host: sophos-phish-threat.go-vip.co
URL: https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5940cb8b477258b23e3d3e2136f22ec12ff9d26964e54e81a4d4582ceb032169
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 16 Jun 2023 05:03:33 GMT
strict-transport-security
max-age=31536000
x-rq
hhn2 96 184 443
last-modified
Wed, 08 Feb 2023 21:44:19 GMT
server
nginx
etag
"63e417b3-10dc"
x-cache
HIT
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
4316
secondary-logo.png
sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/images/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/images/secondary-logo.png
Requested by
Host: sophos-phish-threat.go-vip.co
URL: https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
8a4007fcbdbb05010eeb3b8401048e2c6aef424ff851d25c8409ffe08eb6f526
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 16 Jun 2023 05:03:33 GMT
strict-transport-security
max-age=31536000
x-rq
hhn2 96 185 443
last-modified
Wed, 08 Feb 2023 21:44:19 GMT
server
nginx
etag
"63e417b3-2fe0"
x-cache
HIT
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
12256
flama-book-webfont.ttf
sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/fonts/ 		50 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/fonts/flama-book-webfont.ttf
Requested by
Host: sophos-phish-threat.go-vip.co
URL: https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
d088c5e7ccc85feda2e2f398f4188c8c49f6c0178e75e2e758f9a9c4e3fddff0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
Origin
https://www.gmailmsg.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 16 Jun 2023 05:03:33 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 08 Feb 2023 21:44:19 GMT
server
nginx
x-rq
hhn2 96 185 443
etag
W/"63e417b3-c8f0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/font-ttf
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
max-age=31536000
flama-light-webfont.ttf
sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/fonts/ 		50 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/fonts/flama-light-webfont.ttf
Requested by
Host: sophos-phish-threat.go-vip.co
URL: https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1eee700208fddc9dbea7fd453e8a1dbaca020a9c0dedb43f985f3fd1ddcbda2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
Origin
https://www.gmailmsg.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 16 Jun 2023 05:03:33 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 08 Feb 2023 21:44:19 GMT
server
nginx
x-rq
hhn2 96 185 443
etag
W/"63e417b3-c918"
vary
Accept-Encoding
x-cache
HIT
content-type
application/font-ttf
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
max-age=31536000
flama-medium-webfont.ttf
sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/fonts/ 		51 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/fonts/flama-medium-webfont.ttf
Requested by
Host: sophos-phish-threat.go-vip.co
URL: https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ec341c00863f513a04b66db10c2180649ab00b68275db6dcd7abdf6bd780b947
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://sophos-phish-threat.go-vip.co/_static/wp-content/themes/phishthreat/assets/css/master.min.css
Origin
https://www.gmailmsg.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 16 Jun 2023 05:03:33 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 08 Feb 2023 21:44:19 GMT
server
nginx
x-rq
hhn2 96 185 443
etag
W/"63e417b3-ccf0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/font-ttf
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
max-age=31536000

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

3 Cookies

Domain/Path Name / Value
www.gmailmsg.com/wp-content/plugins Name: wordpress_sec_756c12a83cfbec080e0017373d6ae55f
Value: 2d0a23e7-ed8e-486e-af1b-40bc910eefa3%7C1687064613%7C6SorTLj7ApdNxiPrkCfTdGM80XH75ij3lLFz42J0KX2%7Cb2df494d79f64bf6a23297f151adeb1b5519e917a26faca8b1251dca009410c4
www.gmailmsg.com/wp-admin Name: wordpress_sec_756c12a83cfbec080e0017373d6ae55f
Value: 2d0a23e7-ed8e-486e-af1b-40bc910eefa3%7C1687064613%7C6SorTLj7ApdNxiPrkCfTdGM80XH75ij3lLFz42J0KX2%7Cb2df494d79f64bf6a23297f151adeb1b5519e917a26faca8b1251dca009410c4
www.gmailmsg.com/ Name: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f
Value: 2d0a23e7-ed8e-486e-af1b-40bc910eefa3%7C1687064613%7C6SorTLj7ApdNxiPrkCfTdGM80XH75ij3lLFz42J0KX2%7Cf4494b8090596bb2fca699af2daa62d13b4ab30ee3241dcb0ec8ac832c6485b4

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000