mailjet.com.custmer.login.5754224.lafostra.de Open in urlscan Pro
199.16.54.102 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s3.amazonaws.com/account.secure/hrefly.html#?Z289MSZzMT0xODI4NjIxJnMyPTIxODEzNzExNiZzMz1HTEI=
Effective URL:
https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3
Submission: On March 01 via manual (March 1st 2024, 9:59:37 am UTC) from FR — Scanned from FR

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 199.16.54.102, located in United States and belongs to D102-PHL-1, US. The main domain is mailjet.com.custmer.login.5754224.lafostra.de.
TLS certificate: Issued by R3 on February 10th 2024. Valid for: 3 months.

This is the only time mailjet.com.custmer.login.5754224.lafostra.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mailjet (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	54.231.163.0 54.231.163.0	16509 (AMAZON-02) (AMAZON-02)
4 12	199.16.54.102 199.16.54.102	17185 (D102-PHL-1) (D102-PHL-1)
9	2

1 54.231.163.0 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 199.16.54.102 (United States) 4 redirects

ASN17185 (D102-PHL-1, US)
PTR: 199-16-54-102.static.as40244.net

199.16.54.102	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simples.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mailjet.com.custmer.login.5754224.lafostra.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	lafostra.de mailjet.com.custmer.login.5754224.lafostra.de	281 KB
3	simples.live 3 redirects simples.live	2 KB
1	amazonaws.com s3.amazonaws.com	638 B
9	3

	Domain	Requested by
8	mailjet.com.custmer.login.5754224.lafostra.de	s3.amazonaws.com mailjet.com.custmer.login.5754224.lafostra.de
3	simples.live	3 redirects
1	s3.amazonaws.com
9	3

This site contains no links.

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon RSA 2048 M01	`2024-02-08` - `2025-01-11`	a year	crt.sh
mailjet.com.custmer.login.5754224.lafostra.de R3	`2024-02-10` - `2024-05-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3
Frame ID: 9287B2D5481919DAA82F7FD4CFC6D848
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | Mailjet Language

Page URL History Show full URLs

https://s3.amazonaws.com/account.secure/hrefly.html Page URL
http://199.16.54.102/??Z289MSZzMT0xODI4NjIxJnMyPTIxODEzNzExNiZzMz1HTEI= HTTP 302
http://simples.live/public/?:nav=default::index&go=1&s1=1828621&s2=218137116 HTTP 302
http://simples.live/?var=Om5hdj1jbGljazo6dHJhY2tlciZkZXBsb3k9MTgyODYyMSZ1c2VyPWRhdGFwcm90ZWN0aW9... HTTP 302
http://simples.live/public/?:nav=click::tracker&deploy=1828621&user=dataprotectionofficer%40eib.... HTTP 302
https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

282 kB
Transfer

279 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s3.amazonaws.com/account.secure/hrefly.html Page URL
http://199.16.54.102/??Z289MSZzMT0xODI4NjIxJnMyPTIxODEzNzExNiZzMz1HTEI= HTTP 302
http://simples.live/public/?:nav=default::index&go=1&s1=1828621&s2=218137116 HTTP 302
http://simples.live/?var=Om5hdj1jbGljazo6dHJhY2tlciZkZXBsb3k9MTgyODYyMSZ1c2VyPWRhdGFwcm90ZWN0aW9ub2ZmaWNlciU0MGVpYi5vcmcmZW1haWxfaWQ9MjE4MTM3MTE2JnVybD1hSFIwY0hNNkx5OXRZV2xzYW1WMExtTnZiUzVqZFhOMGJXVnlMbXh2WjJsdUxqVTNOVFF5TWpRdWJHRm1iM04wY21FdVpHVXZaVzR2TWpJeUx6RTRNamcyTWpFdFFVeE1YMHRJUVVwSlNGOXRZV2xzYW1WME1qQXlNMTh4TFRRMk1UY3hOQzh5TVRneE16Y3hNVFpmTkRZeE56RTFYekl3TDE5ZlF6TT0= HTTP 302
http://simples.live/public/?:nav=click::tracker&deploy=1828621&user=dataprotectionofficer%40eib.org&email_id=218137116&url=aHR0cHM6Ly9tYWlsamV0LmNvbS5jdXN0bWVyLmxvZ2luLjU3NTQyMjQubGFmb3N0cmEuZGUvZW4vMjIyLzE4Mjg2MjEtQUxMX0tIQUpJSF9tYWlsamV0MjAyM18xLTQ2MTcxNC8yMTgxMzcxMTZfNDYxNzE1XzIwL19fQzM= HTTP 302
https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	hrefly.html s3.amazonaws.com/account.secure/	244 B 638 B	329ms 120ms	Document text/html	54.231.163.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s3.amazonaws.com/account.secure/hrefly.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.231.163.0 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Accept-Ranges bytes Content-Length 244 Content-Type text/html Date Fri, 01 Mar 2024 09:59:31 GMT ETag "34c0fb114ea9e712e09c772443a42bd7" Last-Modified Thu, 29 Feb 2024 17:46:08 GMT Server AmazonS3 x-amz-id-2 VBVFc5p9YdrL0yCSSS1fTbUrNGt1jidIQEtGS/v22SQZxH5vO778BqLuEea94BV4rYqRenzglI4= x-amz-request-id 1P8XEY37TPS3DM00 x-amz-server-side-encryption AES256
GET H/1.1	200 OK	Primary Request __C3 Show response mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/ Redirect Chain http://199.16.54.102/??Z289MSZzMT0xODI4NjIxJnMyPTIxODEzNzExNiZzMz1HTEI= http://simples.live/public/?:nav=default::index&go=1&s1=1828621&s2=218137116 http://simples.live/?var=Om5hdj1jbGljazo6dHJhY2tlciZkZXBsb3k9MTgyODYyMSZ1c2VyPWRhdGFwcm90ZWN0aW9ub2ZmaWNlciU0MGVpYi5vcmcmZW1haWxfaWQ9MjE4MTM3MTE2JnVybD1hSFIwY0hNNkx5OXRZV2xzYW1WMExtTnZiUzVqZFhOMGJX... http://simples.live/public/?:nav=click::tracker&deploy=1828621&user=dataprotectionofficer%40eib.org&email_id=218137116&url=aHR0cHM6Ly9tYWlsamV0LmNvbS5jdXN0bWVyLmxvZ2luLjU3NTQyMjQubGFmb3N0cmEuZGUvZW... https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3	8 KB 8 KB	519ms 211ms	Document text/html	199.16.54.102 D102-PHL-1
General Check archive.org Show headers Download Go to Full URL https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/account.secure/hrefly.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 199.16.54.102 , United States, ASN17185 (D102-PHL-1, US), Reverse DNS 199-16-54-102.static.as40244.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / PHP/5.4.16 Resource Hash `c19e58d6b29ea3d77c8c828279ef3f92849ceb9630114b514fc6b1829f4e6e98` Request headers Referer https://s3.amazonaws.com/account.secure/hrefly.html#?Z289MSZzMT0xODI4NjIxJnMyPTIxODEzNzExNiZzMz1HTEI= Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Fri, 01 Mar 2024 09:59:32 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 Transfer-Encoding chunked X-Powered-By PHP/5.4.16 Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Fri, 01 Mar 2024 09:59:31 GMT Keep-Alive timeout=5, max=98 Location https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 X-Powered-By PHP/5.4.16
GET H/1.1	200 OK	main.css mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/css/	27 KB 28 KB	212ms 211ms	Stylesheet text/css	199.16.54.102 D102-PHL-1
General Check archive.org Show headers Download Go to Full URL https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/css/main.css Requested by Host: mailjet.com.custmer.login.5754224.lafostra.de URL: https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 199.16.54.102 , United States, ASN17185 (D102-PHL-1, US), Reverse DNS 199-16-54-102.static.as40244.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `6ddee1fe4f87c5823236b9444906f9a2459c210d9ecc6a047314853f8d792e5c` Request headers accept-language fr-FR,fr;q=0.9 Referer https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Fri, 01 Mar 2024 09:59:33 GMT Last-Modified Mon, 05 Feb 2024 17:19:43 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "6def-610a5aaeb39c4" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 28143
GET H/1.1	200 OK	MailjetBySinchLogo.png mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/img/	5 KB 5 KB	394ms 210ms	Image image/png	199.16.54.102 D102-PHL-1
General Check archive.org Show headers Download Go to Show image Full URL https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/img/MailjetBySinchLogo.png?v=7550 Requested by Host: mailjet.com.custmer.login.5754224.lafostra.de URL: https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 199.16.54.102 , United States, ASN17185 (D102-PHL-1, US), Reverse DNS 199-16-54-102.static.as40244.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `7964481e687495317501fe40188a5ff8fde08892d246eebb0af386b7c2482824` Request headers accept-language fr-FR,fr;q=0.9 Referer https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Fri, 01 Mar 2024 09:59:33 GMT Last-Modified Mon, 05 Feb 2024 17:19:46 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "12f5-610a5ab1d5619" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4853
GET H/1.1	200 OK	mj_signin.png mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/img/	115 KB 115 KB	410ms 216ms	Image image/png	199.16.54.102 D102-PHL-1
General Check archive.org Show headers Download Go to Show image Full URL https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/img/mj_signin.png?v=7550 Requested by Host: mailjet.com.custmer.login.5754224.lafostra.de URL: https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 199.16.54.102 , United States, ASN17185 (D102-PHL-1, US), Reverse DNS 199-16-54-102.static.as40244.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `b843ac2858c3931068be7d72ab2fd11e258830f4bdee94c941b7fdb4447a5420` Request headers accept-language fr-FR,fr;q=0.9 Referer https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Fri, 01 Mar 2024 09:59:33 GMT Last-Modified Mon, 05 Feb 2024 17:19:46 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "1cc46-610a5ab1e34c2" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 117830
GET H/1.1	200 OK	jquery-3.5.1.min.js Show response mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/js/	87 KB 88 KB	406ms 216ms	Script application/javascript	199.16.54.102 D102-PHL-1
General Check archive.org Show headers Download Go to Full URL https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/js/jquery-3.5.1.min.js Requested by Host: mailjet.com.custmer.login.5754224.lafostra.de URL: https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 199.16.54.102 , United States, ASN17185 (D102-PHL-1, US), Reverse DNS 199-16-54-102.static.as40244.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers accept-language fr-FR,fr;q=0.9 Referer https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Fri, 01 Mar 2024 09:59:33 GMT Last-Modified Mon, 05 Feb 2024 17:19:47 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "15d84-610a5ab220556" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 89476
GET H/1.1	200 OK	app.js Show response mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/js/	892 B 1 KB	409ms 216ms	Script application/javascript	199.16.54.102 D102-PHL-1
General Check archive.org Show headers Download Go to Full URL https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/js/app.js Requested by Host: mailjet.com.custmer.login.5754224.lafostra.de URL: https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 199.16.54.102 , United States, ASN17185 (D102-PHL-1, US), Reverse DNS 199-16-54-102.static.as40244.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `2c2b54185e7ace0cd2cd96e21576a141214a46ccd1c3aa74957f11eb52073782` Request headers accept-language fr-FR,fr;q=0.9 Referer https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Fri, 01 Mar 2024 09:59:33 GMT Last-Modified Mon, 05 Feb 2024 17:19:46 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "37c-610a5ab1fbf4c" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 892
GET H/1.1	200 OK	f5b1bc3ff0438b15298d.woff2 mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/fonts/	20 KB 20 KB	211ms 210ms	Font application/octet-stream	199.16.54.102 D102-PHL-1
General Check archive.org Show headers Download Go to Full URL https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/fonts/f5b1bc3ff0438b15298d.woff2 Requested by Host: mailjet.com.custmer.login.5754224.lafostra.de URL: https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/css/main.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 199.16.54.102 , United States, ASN17185 (D102-PHL-1, US), Reverse DNS 199-16-54-102.static.as40244.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `547a2c05a1b8744633148a704ddba5adac238c5cbaf05bbd25606827a372b019` Request headers Referer https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/css/main.css Origin https://mailjet.com.custmer.login.5754224.lafostra.de accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Fri, 01 Mar 2024 09:59:33 GMT Last-Modified Mon, 05 Feb 2024 17:19:46 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "4e0c-610a5ab145560" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 19980
GET H/1.1	200 OK	b009a76ad6afe4ebd301.woff2 mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/fonts/	15 KB 16 KB	296ms 209ms	Font application/octet-stream	199.16.54.102 D102-PHL-1
General Check archive.org Show headers Download Go to Full URL https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/fonts/b009a76ad6afe4ebd301.woff2 Requested by Host: mailjet.com.custmer.login.5754224.lafostra.de URL: https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/css/main.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 199.16.54.102 , United States, ASN17185 (D102-PHL-1, US), Reverse DNS 199-16-54-102.static.as40244.net Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615` Request headers Referer https://mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/css/main.css Origin https://mailjet.com.custmer.login.5754224.lafostra.de accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers Date Fri, 01 Mar 2024 09:59:33 GMT Last-Modified Mon, 05 Feb 2024 17:19:45 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 ETag "3d80-610a5ab071e82" Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 15744

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mailjet (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mailjet.com.custmer.login.5754224.lafostra.de/	1969-12-31 23:59:59	Name: PHPSESSID Value: pg9rtj0njq27o792tlugptjve7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mailjet.com.custmer.login.5754224.lafostra.de
s3.amazonaws.com
simples.live
199.16.54.102
54.231.163.0
2c2b54185e7ace0cd2cd96e21576a141214a46ccd1c3aa74957f11eb52073782
547a2c05a1b8744633148a704ddba5adac238c5cbaf05bbd25606827a372b019
6ddee1fe4f87c5823236b9444906f9a2459c210d9ecc6a047314853f8d792e5c
7964481e687495317501fe40188a5ff8fde08892d246eebb0af386b7c2482824
b843ac2858c3931068be7d72ab2fd11e258830f4bdee94c941b7fdb4447a5420
c19e58d6b29ea3d77c8c828279ef3f92849ceb9630114b514fc6b1829f4e6e98
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

mailjet.com.custmer.login.5754224.lafostra.de Open in urlscan Pro 199.16.54.102 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

282 kBTransfer

279 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

mailjet.com.custmer.login.5754224.lafostra.de Open in urlscan Pro
199.16.54.102 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

282 kB
Transfer

279 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!