santuywaef.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 162.241.70.123, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is santuywaef.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 20th 2020. Valid for: 3 months.

This is the only time santuywaef.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 2	67.23.236.82 67.23.236.82	33182 (DIMENOC) (DIMENOC)
1 1	2606:4700:303... 2606:4700:3034::6812:3118	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	162.241.70.123 162.241.70.123	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
6	2

2 67.23.236.82 (Orlando, United States) 1 redirects

ASN33182 (DIMENOC, US)
PTR: vps.toqueeltimbre.com

www.jg41nt.vitaliciasrl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6812:3118 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

downloadvidmatepcmac.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 162.241.70.123 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-70-123.unifiedlayer.com

santuywaef.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	santuywaef.com santuywaef.com	311 KB
2	vitaliciasrl.com 1 redirects www.jg41nt.vitaliciasrl.com	231 KB
1	downloadvidmatepcmac.com 1 redirects downloadvidmatepcmac.com	383 B
6	3

	Domain	Requested by
5	santuywaef.com	www.jg41nt.vitaliciasrl.com santuywaef.com
2	www.jg41nt.vitaliciasrl.com	1 redirects
1	downloadvidmatepcmac.com	1 redirects
6	3

This site contains no links.

Subject Issuer	Validity	Valid
webmail.santuywaef.com Let's Encrypt Authority X3	`2020-05-20` - `2020-08-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com
Frame ID: 324CE58D0FDFC577CE343BCCA63A226F
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.jg41nt.vitaliciasrl.com//c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t Page URL
http://www.jg41nt.vitaliciasrl.com//c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t HTTP 302
https://downloadvidmatepcmac.com/QMD/?H_0=stuart.machin@marksandspencer.com&%22 HTTP 302
https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com Page URL

Page Statistics

6
Requests

83 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

542 kB
Transfer

673 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.jg41nt.vitaliciasrl.com//c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t Page URL
http://www.jg41nt.vitaliciasrl.com//c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t HTTP 302
https://downloadvidmatepcmac.com/QMD/?H_0=stuart.machin@marksandspencer.com&%22 HTTP 302
https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t Show response www.jg41nt.vitaliciasrl.com//	230 KB 231 KB	416ms 269ms	Document text/html	67.23.236.82 DIMENOC
General Check archive.org Show headers Download Go to Full URL http://www.jg41nt.vitaliciasrl.com//c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t Protocol HTTP/1.1 Server 67.23.236.82 Orlando, United States, ASN33182 (DIMENOC, US), Reverse DNS vps.toqueeltimbre.com Software Apache / PHP/5.6.40 Resource Hash `a08d3d27c7ffb92ad8225dc448d939b008fe1d7d01df3bc0dcdc223306f49f71` Request headers Host www.jg41nt.vitaliciasrl.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 21 May 2020 15:02:27 GMT Server Apache X-Powered-By PHP/5.6.40 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=12ada6513d00ecb435f02eaecba01343; path=/ Connection close Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Primary Request Cookie set / Show response santuywaef.com/mss/ Redirect Chain http://www.jg41nt.vitaliciasrl.com//c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t https://downloadvidmatepcmac.com/QMD/?H_0=stuart.machin@marksandspencer.com&%22 https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com	5 KB 4 KB	1739ms 1473ms	Document text/html	162.241.70.123 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com Requested by Host: www.jg41nt.vitaliciasrl.com URL: http://www.jg41nt.vitaliciasrl.com//c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 162.241.70.123 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-70-123.unifiedlayer.com Software Apache / Resource Hash `2a64dc94daea57eb30331698f68019de20889319e751ecd8be0946966e7dccd1` Request headers Host santuywaef.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer http://www.jg41nt.vitaliciasrl.com//c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 Origin http://www.jg41nt.vitaliciasrl.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://www.jg41nt.vitaliciasrl.com//c3R1YXJ0Lm1hY2hpbkBtYXJrc2FuZHNwZW5jZXIuY29t Response headers Date Thu, 21 May 2020 15:02:28 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Content-Encoding gzip Vary Accept-Encoding Set-Cookie toxic_hydra=939ad064d9854917cd0726e56e06bbff135123f3; expires=Thu, 21-May-2020 17:02:28 GMT; Max-Age=7200; path=/; HttpOnly Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers status 302 date Thu, 21 May 2020 15:02:29 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d64719080afb9c9bfcfa25ca32f64647c1590073349; expires=Sat, 20-Jun-20 15:02:29 GMT; path=/; domain=.downloadvidmatepcmac.com; HttpOnly; SameSite=Lax location https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 596f2dc028b00605-FRA cf-request-id 02d95aec1b00000605a01b5200000001
GET H/1.1	200 OK	97B2DEA08889E85A.css santuywaef.com/mss/ASSETS-327845/_css/	7 KB 2 KB	256ms 255ms	Stylesheet text/css	162.241.70.123 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://santuywaef.com/mss/ASSETS-327845/_css/97B2DEA08889E85A.css Requested by Host: santuywaef.com URL: https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 162.241.70.123 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-70-123.unifiedlayer.com Software Apache / Resource Hash `42187e8f846f2e1c3c0ce8142a63693f295625404d3f6eb27291b7a3f22b9449` Request headers Referer https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Thu, 21 May 2020 15:02:30 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/css; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 1823 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	4E28447E8AFEE989.js Show response santuywaef.com/mss/ASSETS-327845/_js/	184 KB 56 KB	558ms 311ms	Script text/javascript	162.241.70.123 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://santuywaef.com/mss/ASSETS-327845/_js/4E28447E8AFEE989.js Requested by Host: santuywaef.com URL: https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 162.241.70.123 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-70-123.unifiedlayer.com Software Apache / Resource Hash `6b045fc533c6aaf0590a2acdf82263388bbf2b1f7695c944b167ff6bd79bc404` Request headers Referer https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Thu, 21 May 2020 15:02:30 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/javascript; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Transfer-Encoding chunked Connection Keep-Alive Keep-Alive timeout=5, max=100 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	bg.jpg santuywaef.com/mss/ASSETS-327845/_img/	243 KB 244 KB	423ms 423ms	Image image/jpeg	162.241.70.123 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://santuywaef.com/mss/ASSETS-327845/_img/bg.jpg Requested by Host: santuywaef.com URL: https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 162.241.70.123 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-70-123.unifiedlayer.com Software Apache / Resource Hash `8da7cbbe215e5a1f916772bbfbc189be9d038417dc03ea2a2d246e5272abd36d` Request headers Referer https://santuywaef.com/mss/ASSETS-327845/_css/97B2DEA08889E85A.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Thu, 21 May 2020 15:02:31 GMT Last-Modified Thu, 21 May 2020 15:02:31 GMT Server Apache Transfer-Encoding chunked Content-Type image/jpeg Cache-Control no-store, no-cache, must-revalidate Content-Transfer-Encoding binary Content-Disposition filename=bg.jpg; Connection Keep-Alive Keep-Alive timeout=5, max=99 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	l.png santuywaef.com/mss/ASSETS-327845/img/	5 KB 4 KB	125ms 125ms	Image image/png	162.241.70.123 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://santuywaef.com/mss/ASSETS-327845/img/l.png Requested by Host: santuywaef.com URL: https://santuywaef.com/mss/?D_0=stuart.machin@marksandspencer.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 162.241.70.123 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-70-123.unifiedlayer.com Software Apache / Resource Hash `f5a6c424ceebb1207b1bf6183240bc298bf5e212a6ee66fb94f233c37ad66695` Request headers Referer https://santuywaef.com/mss/ASSETS-327845/_css/97B2DEA08889E85A.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 21 May 2020 15:02:31 GMT Content-Encoding gzip Last-Modified Tue, 10 Mar 2020 00:58:26 GMT Server Apache Vary Accept-Encoding Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4115

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			santuywaef.com/	1970-01-19 09:41:20	Name: toxic_hydra Value: 69b86654838801c49c22ee20d9ed892a5076b8ca

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

downloadvidmatepcmac.com
santuywaef.com
www.jg41nt.vitaliciasrl.com
162.241.70.123
2606:4700:3034::6812:3118
67.23.236.82
2a64dc94daea57eb30331698f68019de20889319e751ecd8be0946966e7dccd1
42187e8f846f2e1c3c0ce8142a63693f295625404d3f6eb27291b7a3f22b9449
6b045fc533c6aaf0590a2acdf82263388bbf2b1f7695c944b167ff6bd79bc404
8da7cbbe215e5a1f916772bbfbc189be9d038417dc03ea2a2d246e5272abd36d
a08d3d27c7ffb92ad8225dc448d939b008fe1d7d01df3bc0dcdc223306f49f71
f5a6c424ceebb1207b1bf6183240bc298bf5e212a6ee66fb94f233c37ad66695

santuywaef.com Open in urlscan Pro 162.241.70.123 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

6 Requests

83 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

542 kBTransfer

673 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Indicators

santuywaef.com Open in urlscan Pro
162.241.70.123 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

542 kB
Transfer

673 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!