urlscan.io logo urlscan.io
SecurityTrails logo

portal.s21sec.com Open in urlscan Pro
34.111.165.252  Public Scan

Go To Rescan Add Verdict Report
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Submission: On April 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 1 domains to perform 24 HTTP transactions. The main IP is 34.111.165.252, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is portal.s21sec.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on October 2nd 2023. Valid for: a year.
This is the only time portal.s21sec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
21 34.111.165.252 396982 (GOOGLE-CL...)
2 88.84.64.8 15830 (EQUINIX)
24 3
Apex Domain
Subdomains		 Transfer
23 s21sec.com
portal.s21sec.com
api.s21sec.com
3 MB
24 1
Domain Requested by
21 portal.s21sec.com portal.s21sec.com
2 api.s21sec.com portal.s21sec.com
24 2

This site contains links to these domains. Also see Links.

Domain
www.s21sec.com
Subject Issuer Validity Valid
portal.s21sec.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-02 -
2024-10-01		 a year crt.sh
api.s21sec.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-02 -
2024-10-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Frame ID: 13354DD0A9D6378A5D66D9F6FFEAAA11
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

S21 Customer MSS Portal

Page URL History Show full URLs

  1. https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatt... Page URL
  2. https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatt... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]+href="[^>]*bootstrap-table(?:\.min)?\.css

Page Statistics

24
Requests

96 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

2
Countries

3046 kB
Transfer

9595 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/ Page URL
  2. https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/ 		568 B
735 B 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
e574d5f526e2eeb8c670acfae4803cb5776a649a518a07e967fff8275ec52881

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
clear
cache-control
no-cache
content-type
text/html; charset=utf-8
date
Tue, 02 Apr 2024 14:04:26 GMT
expires
Thu, 01 Aug 1978 00:01:48 GMT
server
openresty
via
1.1 google
kramericaindustries.ac.lib.js
portal.s21sec.com/ 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/kramericaindustries.ac.lib.js
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
ae445fbd2829b45f50ea9105d0907b57515ca958b05b9deea71ecf6665292825

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 02 Apr 2024 00:06:13 GMT
server
openresty
etag
W/"660b4bf5-a5a6"
vary
Accept-Encoding
content-type
application/javascript
alt-svc
clear
E72PI51mqwWktJfE7Oy8bxFcstnipXMh
portal.s21sec.com/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/ 		3 B
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/E72PI51mqwWktJfE7Oy8bxFcstnipXMh
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/kramericaindustries.ac.lib.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
x-zebra-xCf28mWQ
Y2E5MmFjYmI5MDQ4ZmM5NjIyM2U3ZTIzYzk0ZGIyZjY4OWYwNDYxZTskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzA7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTstMTQ4MTQ4MTQ2ODA7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTtkaXNhYmxlZDskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpO0JkUzd1U0JMNzZZMm5TZU5VV3JkMTJGWm8xRGMybTNObVBqWXVDV2F0RGRlN05IRy80YVJXb09VUVF3SlBpSHdKSDVZQ2g2RUZRamRKdG5mU0YrMCtqeXRYNDBxRGZaUlUvQWZJKzl1RGFPTnVjdWtJVkRNUllTY0NUM0xoYXRqWGxxRXZobHRlenp3aVloakh3T2VyZEJ2b0FLbHY3dkpKaG5DaEdVekRLY3g1VUNOUzBNa0Jlbms4L0ZtUmFuVmZiTHVvemh0WFV2dEswUFg2a1NJS2VKRlBkWUVadlc3UHF3Z0IxRHQzYldpdTZrS0RYZUNSb0FqN3plUw--
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
via
1.1 google
server
openresty
alt-svc
clear
content-type
application/octet-stream
/
portal.s21sec.com/8d47-ffc3-0f63-4b3c-c5c9-5699-6d5b-3a1f/d/ 		1 B
66 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/8d47-ffc3-0f63-4b3c-c5c9-5699-6d5b-3a1f/d/
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/kramericaindustries.ac.lib.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
via
1.1 google
server
openresty
alt-svc
clear
content-type
application/octet-stream
favicon.ico
portal.s21sec.com/ 		0
0
Primary Request /
portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/kramericaindustries.ac.lib.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
c3e9cc3c1b00331648f551b4c832833d14effe146f57e11b7799dafeb19c7475
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
clear
content-encoding
gzip
content-type
text/html
date
Tue, 02 Apr 2024 14:04:26 GMT
etag
W/"65fc0ca4-1031"
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
strict-transport-security
max-age=63072000
vary
Accept-Encoding
via
1.1 google
google-font-roboto.css
portal.s21sec.com/css/ 		9 KB
707 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/css/google-font-roboto.css?v=36
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
ca59f2f15d160cedf11efc8ffec08f9d40208aa94d5f9149c06053e2d2846c37
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
via
1.1 google
etag
W/"65fc0ca4-25b3"
vary
Accept-Encoding
content-type
text/css
alt-svc
clear
default-theme.css
portal.s21sec.com/css/ 		310 KB
45 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/css/default-theme.css?v=36
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
91c4b8ffb278a9c5d7b7476679621eb635d8578cfe11fc5ffbb4cbb9e7ceae17
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
via
1.1 google
etag
W/"65fc0ca4-4d6ec"
vary
Accept-Encoding
content-type
text/css
alt-svc
clear
react-bootstrap-table.min.css
portal.s21sec.com/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/css/react-bootstrap-table.min.css?v=36
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
1d0a3869fefd9e6682809a09a868f0581a4b38b475d3792e3f948675d25a40b0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
via
1.1 google
etag
W/"65fc0ca4-1ee5"
vary
Accept-Encoding
content-type
text/css
alt-svc
clear
Typeahead.min.css
portal.s21sec.com/css/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/css/Typeahead.min.css?v=36
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
8077aaefb7b656d4d375c8ed68246e68fe3332081a87853e5545fd46a8553e7b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
via
1.1 google
etag
W/"65fc0ca4-1371"
vary
Accept-Encoding
content-type
text/css
alt-svc
clear
popup-aviso.css
portal.s21sec.com/css/ 		2 KB
794 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/css/popup-aviso.css?v=36
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
d5f813b04501ee3f5e342eb816d9c929c88f7a3dc5f4f11952e9980d77f49ce7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
via
1.1 google
etag
W/"65fc0ca4-86c"
vary
Accept-Encoding
content-type
text/css
alt-svc
clear
multiselect.css
portal.s21sec.com/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/css/multiselect.css?v=36
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
89387c656875a1db1aa47ba1106db1e1ee8b0cac521e7526da7040ec91b85a50
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
strict-transport-security
max-age=63072000
via
1.1 google
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
etag
"65fc0ca4-4f4"
content-type
text/css
accept-ranges
bytes
alt-svc
clear
content-length
1268
2.3e193ca7.chunk.js
portal.s21sec.com/static/js/ 		5 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/static/js/2.3e193ca7.chunk.js
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
280a0bbf9ef0d5bb3b07e4475f7c5c88fde5119ec7220b6aada7d5ee75dc0347
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
via
1.1 google
etag
W/"65fc0ca4-53601f"
vary
Accept-Encoding
content-type
application/javascript
alt-svc
clear
main.764e9efb.chunk.js
portal.s21sec.com/static/js/ 		3 MB
575 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/static/js/main.764e9efb.chunk.js
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
fe4374a8a90f65342966e50f84698290cbc97e0e48413c32bd1392bae0245a39
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:26 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
via
1.1 google
etag
W/"65fc0ca4-309d34"
vary
Accept-Encoding
content-type
application/javascript
alt-svc
clear
/
api.s21sec.com/en/auth/token/jwt/verify/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.s21sec.com/en/auth/token/jwt/verify/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.84.64.8 Leganés, Spain, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; connect-src https: wss:
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://portal.s21sec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
accept, authorization, content-type, user-agent, x-csrftoken, x-requested-with
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin
https://portal.s21sec.com
access-control-max-age
600
content-length
0
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; connect-src https: wss:
content-type
text/html; charset=utf-8
date
Tue, 02 Apr 2024 14:04:27 GMT
referrer-policy
same-origin strict-origin
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains; preload
vary
origin
x-content-type-options
nosniff
x-xss-protection
1; mode=block
/
api.s21sec.com/en/auth/token/jwt/verify/ 		41 B
303 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.s21sec.com/en/auth/token/jwt/verify/
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/static/js/2.3e193ca7.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.84.64.8 Leganés, Spain, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
633b00ff8c48451a6d08c47bdb7b257711893814bbf4000c9683654aaac9f600
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
Authorization
JWT null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://portal.s21sec.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:27 GMT
x-content-type-options
nosniff
referrer-policy
same-origin
server
nginx
x-frame-options
DENY
vary
Accept, origin, Cookie
content-language
en
allow
POST, OPTIONS
access-control-allow-origin
https://portal.s21sec.com
content-type
application/json
content-length
41
x-xss-protection
1; mode=block
audio.svg
portal.s21sec.com/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.s21sec.com/img/audio.svg
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/css/default-theme.css?v=36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
bc99c08e427f963915fd1a48c3abdd823c2a555f9d242d246c0257da0ebf8806
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/css/default-theme.css?v=36
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:27 GMT
strict-transport-security
max-age=63072000
via
1.1 google
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
etag
"65fc0ca4-564"
content-type
image/svg+xml
accept-ranges
bytes
alt-svc
clear
content-length
1380
favicon-32x32.png
portal.s21sec.com/img/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/img/favicon-32x32.png?v=36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
459b3a52533ccac3900b70175c6c667d56f2117172a109febaceb350b218f490
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32217/phishingybersquatting/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:27 GMT
strict-transport-security
max-age=63072000
via
1.1 google
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
etag
"65fc0ca4-4a9"
content-type
image/png
accept-ranges
bytes
alt-svc
clear
content-length
1193
s21-thales-logo-white.png
portal.s21sec.com/img/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.s21sec.com/img/s21-thales-logo-white.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
e53396afb73ca5a48d4492ff1ece45dc834e9cb9258fb1a4019f215c30a8d6ab
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/login
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:27 GMT
strict-transport-security
max-age=63072000
via
1.1 google
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
etag
"65fc0ca4-27dd"
content-type
image/png
accept-ranges
bytes
alt-svc
clear
content-length
10205
flag-spain.svg
portal.s21sec.com/img/ 		4 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.s21sec.com/img/flag-spain.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
79631ff960513b9cab7ae470bc3ba0329e394d08075d0633287874c542203c6c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/login
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:27 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
via
1.1 google
etag
W/"65fc0ca4-10c8"
vary
Accept-Encoding
content-type
image/svg+xml
alt-svc
clear
flag-portugal.svg
portal.s21sec.com/img/ 		2 KB
806 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.s21sec.com/img/flag-portugal.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
4c8e318a643b55e956282a56c51fdcf1adae7069a333ade3d714882c224c99d7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/login
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:27 GMT
strict-transport-security
max-age=63072000
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
via
1.1 google
etag
W/"65fc0ca4-765"
vary
Accept-Encoding
content-type
image/svg+xml
alt-svc
clear
favicon-32x32.png
portal.s21sec.com/img/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/img/favicon-32x32.png?v=36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
459b3a52533ccac3900b70175c6c667d56f2117172a109febaceb350b218f490
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/login
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:27 GMT
strict-transport-security
max-age=63072000
via
1.1 google
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
etag
"65fc0ca4-4a9"
content-type
image/png
accept-ranges
bytes
alt-svc
clear
content-length
1193
login-bg-2023.jpg
portal.s21sec.com/img/ 		738 KB
739 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.s21sec.com/img/login-bg-2023.jpg
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/css/default-theme.css?v=36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
ef195974286947217a867981c6a3ee92f9c13eb503bf11e82f981459938d3adf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/css/default-theme.css?v=36
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:27 GMT
strict-transport-security
max-age=63072000
via
1.1 google
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
etag
"65fc0ca4-b89ba"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
clear
content-length
756154
S21sec-CMSSP.ttf
portal.s21sec.com/fonts/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://portal.s21sec.com/fonts/S21sec-CMSSP.ttf?u9gbf8
Requested by
Host: portal.s21sec.com
URL: https://portal.s21sec.com/css/default-theme.css?v=36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.165.111.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
b40a8469dff7393dc74d05bb290eda167438edbc945266c772169a7debac717e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://portal.s21sec.com/css/default-theme.css?v=36
Origin
https://portal.s21sec.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 14:04:27 GMT
strict-transport-security
max-age=63072000
via
1.1 google
last-modified
Thu, 21 Mar 2024 10:32:04 GMT
server
openresty
etag
"65fc0ca4-2088"
content-type
application/octet-stream
accept-ranges
bytes
alt-svc
clear
content-length
8328

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
portal.s21sec.com
URL
https://portal.s21sec.com/favicon.ico

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal object| webpackJsonps21sec object| __core-js_shared__ function| BootstrapTable function| TableHeaderColumn function| InsertModalHeader function| InsertModalBody function| InsertModalFooter function| InsertButton function| DeleteButton function| ShowSelectedOnlyButton function| ExportCSVButton function| ClearSearchButton function| SearchField function| ButtonGroup function| SizePerPageDropDown function| saveAs object| regeneratorRuntime function| setImmediate function| clearImmediate object| pdfMake function| isIE function| checkIEAlert function| showNotice function| hideNotice object| specifiedElement

2 Cookies

Domain/Path Name / Value
portal.s21sec.com/ Name: GCLB
Value: CKv1-a_Wo5vfNRAD
.portal.s21sec.com/ Name: rbzid
Value: sNNt8T36uQASO7fVl2brYufRqlFS1tPce06nsL+c7oyTlh1UYoP4uHPlICGVwE0yFO06chhdFI1NxNCNCZ5lmBEiiX3+8lJbabh9AYGJpI2eCBbBmLeNxnotNEz9qSQ+BcdaqHWsm6LbeieLukXtO7i3pbCPm5APa73tq/PGzLAVdsEvkE/PWap5vH+bTzCMoJPw4W57QqAc3rAmScUA3L7YeCdj7kCwzA+HZ/R6Gu56/J8ZSfaeKPvFvizc

2 Console Messages

Source Level URL
Text
network error URL: https://api.s21sec.com/en/auth/token/jwt/verify/
Message:
Failed to load resource: the server responded with a status of 400 ()
recommendation verbose URL: https://portal.s21sec.com/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.s21sec.com
portal.s21sec.com
portal.s21sec.com
34.111.165.252
88.84.64.8
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
1d0a3869fefd9e6682809a09a868f0581a4b38b475d3792e3f948675d25a40b0
280a0bbf9ef0d5bb3b07e4475f7c5c88fde5119ec7220b6aada7d5ee75dc0347
459b3a52533ccac3900b70175c6c667d56f2117172a109febaceb350b218f490
4c8e318a643b55e956282a56c51fdcf1adae7069a333ade3d714882c224c99d7
633b00ff8c48451a6d08c47bdb7b257711893814bbf4000c9683654aaac9f600
79631ff960513b9cab7ae470bc3ba0329e394d08075d0633287874c542203c6c
8077aaefb7b656d4d375c8ed68246e68fe3332081a87853e5545fd46a8553e7b
89387c656875a1db1aa47ba1106db1e1ee8b0cac521e7526da7040ec91b85a50
91c4b8ffb278a9c5d7b7476679621eb635d8578cfe11fc5ffbb4cbb9e7ceae17
ae445fbd2829b45f50ea9105d0907b57515ca958b05b9deea71ecf6665292825
b40a8469dff7393dc74d05bb290eda167438edbc945266c772169a7debac717e
bc99c08e427f963915fd1a48c3abdd823c2a555f9d242d246c0257da0ebf8806
c3e9cc3c1b00331648f551b4c832833d14effe146f57e11b7799dafeb19c7475
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca59f2f15d160cedf11efc8ffec08f9d40208aa94d5f9149c06053e2d2846c37
d5f813b04501ee3f5e342eb816d9c929c88f7a3dc5f4f11952e9980d77f49ce7
e53396afb73ca5a48d4492ff1ece45dc834e9cb9258fb1a4019f215c30a8d6ab
e574d5f526e2eeb8c670acfae4803cb5776a649a518a07e967fff8275ec52881
ef195974286947217a867981c6a3ee92f9c13eb503bf11e82f981459938d3adf
fe4374a8a90f65342966e50f84698290cbc97e0e48413c32bd1392bae0245a39