messaging.apps.securedownload.sita.aero Open in urlscan Pro
57.191.0.246 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://messaging.apps.securedownload.sita.aero/
Submission: On November 23 via automatic, source certstream-suspicious (November 23rd 2021, 5:56:04 pm UTC) — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 57.191.0.246, located in Frankfurt am Main, Germany and belongs to SITA-ATICLOUD-FRA, BE. The main domain is messaging.apps.securedownload.sita.aero.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on December 18th 2020. Valid for: a year.

This is the only time messaging.apps.securedownload.sita.aero was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
9	57.191.0.246 57.191.0.246		198912 (SITA-ATIC...) (SITA-ATICLOUD-FRA)
9	1

9 57.191.0.246 (Frankfurt am Main, Germany)

ASN198912 (SITA-ATICLOUD-FRA, BE)

messaging.apps.securedownload.sita.aero	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	sita.aero messaging.apps.securedownload.sita.aero	197 KB
9	1

	Domain	Requested by
9	messaging.apps.securedownload.sita.aero	messaging.apps.securedownload.sita.aero
9	1

This site contains no links.

Subject Issuer	Validity	Valid
messaging.apps.securedownload.sita.aero DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2021-12-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://messaging.apps.securedownload.sita.aero/
Frame ID: EF165518A9BB9B054ADD24DB6B9D2D40
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SITA Messaging Application Download Portal

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

197 kB
Transfer

379 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response messaging.apps.securedownload.sita.aero/	4 KB 2 KB	414ms 351ms	Document text/html	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 Frankfurt am Main, Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / PHP/7.1.24 Resource Hash `3301c3cdabb6c181b0b70c15963e2c0b7f32dcbc24d87caeff645f069d0386fe` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers cache-control no-cache, private content-type text/html; charset=UTF-8 content-encoding gzip vary Accept-Encoding server Microsoft-IIS/10.0 x-powered-by PHP/7.1.24 x-ratelimit-limit 60 x-ratelimit-remaining 59 access-control-allow-origin * access-control-allow-methods POST, GET, OPTIONS, PUT, PATCH, DELETE access-control-allow-headers Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers date Tue, 23 Nov 2021 17:55:59 GMT content-length 1599
GET H2	200	bootstrap.min.css messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/bootstrap/css/	115 KB 26 KB	83ms 83ms	Stylesheet text/css	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/bootstrap/css/bootstrap.min.css Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 Frankfurt am Main, Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `3e87d3d57efc7a94f0cc73fe3eccd5730359a6292014b882c0008fe4c377dbd3` Request headers Accept-Language de-DE,de;q=0.9 Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 17:55:59 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:41:25 GMT server Microsoft-IIS/10.0 etag "8080f2a51e8bd41:0" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 26873
GET H2	200	jquery-1.11.1.min.js Show response messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/jquery/js/	94 KB 42 KB	68ms 68ms	Script application/javascript	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/jquery/js/jquery-1.11.1.min.js Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 Frankfurt am Main, Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef` Request headers Accept-Language de-DE,de;q=0.9 Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 17:55:59 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:41:26 GMT server Microsoft-IIS/10.0 etag "0178ba61e8bd41:0" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 42752
GET H2	200	groovel_users.js Show response messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/groovel/admin/js/	24 KB 6 KB	35ms 34ms	Script application/javascript	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/groovel/admin/js/groovel_users.js Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 Frankfurt am Main, Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `5bcc4f7f69afd13910fed7480405ac267951917e4e26e7c03e1e778851f69696` Request headers Accept-Language de-DE,de;q=0.9 Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 17:55:59 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:41:26 GMT server Microsoft-IIS/10.0 etag "0178ba61e8bd41:0" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 5790
GET H2	200	style.css messaging.apps.securedownload.sita.aero/sita/css/	715 B 601 B	17ms 17ms	Stylesheet text/css	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/sita/css/style.css Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 Frankfurt am Main, Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `4fb1b28716df748bca2b1b072b1875f1c5c90e3eeb4db8e225817909df00e24c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 17:55:59 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:51:49 GMT server Microsoft-IIS/10.0 etag "8058e119208bd41:0" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 510
GET H2	200	font-awesome.min.css messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/css/	30 KB 8 KB	35ms 35ms	Stylesheet text/css	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/css/font-awesome.min.css Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 Frankfurt am Main, Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 17:55:59 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:41:26 GMT server Microsoft-IIS/10.0 etag "0178ba61e8bd41:0" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 8332
GET H2	200	logo.png messaging.apps.securedownload.sita.aero/sita/images/	21 KB 21 KB	19ms 18ms	Image image/png	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Show image Full URL https://messaging.apps.securedownload.sita.aero/sita/images/logo.png Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 Frankfurt am Main, Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `b9f9559caa0fecbfd9561c0429587d95a7f5d842f590dfdba669db992a0f4430` Request headers Accept-Language de-DE,de;q=0.9 Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 17:55:59 GMT last-modified Mon, 03 Dec 2018 15:51:49 GMT server Microsoft-IIS/10.0 accept-ranges bytes etag "8058e119208bd41:0" content-length 21481 content-type image/png
GET H2	200	deco.jpg messaging.apps.securedownload.sita.aero/sita/images/	15 KB 15 KB	19ms 19ms	Image image/jpeg	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Show image Full URL https://messaging.apps.securedownload.sita.aero/sita/images/deco.jpg Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 Frankfurt am Main, Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `9578820980ebba1545efcea705a966a5507a6430270222051793eea141d8c824` Request headers Accept-Language de-DE,de;q=0.9 Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 17:55:59 GMT last-modified Mon, 03 Dec 2018 15:51:49 GMT server Microsoft-IIS/10.0 accept-ranges bytes etag "8058e119208bd41:0" content-length 15607 content-type image/jpeg
GET H2	200	fontawesome-webfont.woff2 messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/fonts/	75 KB 75 KB	20ms 19ms	Font application/font-woff2	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/css/font-awesome.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 Frankfurt am Main, Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe` Request headers Referer https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/css/font-awesome.min.css Origin https://messaging.apps.securedownload.sita.aero Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 17:55:59 GMT last-modified Mon, 03 Dec 2018 15:41:26 GMT server Microsoft-IIS/10.0 accept-ranges bytes etag "0178ba61e8bd41:0" content-length 77160 content-type application/font-woff2

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			messaging.apps.securedownload.sita.aero/	1970-01-19 22:54:57	Name: XSRF-TOKEN Value: eyJpdiI6ImxKaUp0dUtMUmFEOERnK1loWnl0TEE9PSIsInZhbHVlIjoiXC93OTBxZXJ1dENadHFKZkQrdmprV0J4NjhQZ1FxQ1EyTlZaNUNHWlV3UG4wWUNLR21jcnBiVlVodThrZFRuTTgiLCJtYWMiOiJhNzNjZjk0YmYzOGM3MDQ5MTVlOTIzMDU4Yzk1ZTU3OTg1YmRjMmUyMDhhNGUwY2IyOTAwMTAzMjBmMjAwOWVlIn0%3D
			messaging.apps.securedownload.sita.aero/	1970-01-19 22:54:57	Name: laravel_session Value: eyJpdiI6Inc3cnMwdmFOXC9KdUtRZU9PYkZZZXdnPT0iLCJ2YWx1ZSI6IjZMaFwvWk9kWXFtM0kzT2l4K3hNQzZmXC9YZVpKb05wSzlucm1kMm1mcUZaZFFGUVFWWVwvV3pYVlkyU1NnSHFKNWoiLCJtYWMiOiJmOGRlMWZkMjQxMjhhMGM1NzRmMzcwNDU1NjBmZmRjYzcyM2RiYTI5YmM4NTYwOWI1MTAyOTRlOGJhMTAyMGI3In0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

messaging.apps.securedownload.sita.aero
57.191.0.246
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3301c3cdabb6c181b0b70c15963e2c0b7f32dcbc24d87caeff645f069d0386fe
3e87d3d57efc7a94f0cc73fe3eccd5730359a6292014b882c0008fe4c377dbd3
4fb1b28716df748bca2b1b072b1875f1c5c90e3eeb4db8e225817909df00e24c
5bcc4f7f69afd13910fed7480405ac267951917e4e26e7c03e1e778851f69696
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef
9578820980ebba1545efcea705a966a5507a6430270222051793eea141d8c824
b9f9559caa0fecbfd9561c0429587d95a7f5d842f590dfdba669db992a0f4430

messaging.apps.securedownload.sita.aero Open in urlscan Pro 57.191.0.246 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

197 kBTransfer

379 kBSize

2 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

2 Cookies

Indicators

messaging.apps.securedownload.sita.aero Open in urlscan Pro
57.191.0.246 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

197 kB
Transfer

379 kB
Size

2
Cookies

9 HTTP transactions
0 data transactions