mailjet.com.custmer.login.5754224.lafostra.de
Open in
urlscan Pro
199.16.54.102
Malicious Activity!
Public Scan
Effective URL: https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3
Submission: On March 01 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by R3 on February 10th 2024. Valid for: 3 months.
This is the only time mailjet.com.custmer.login.5754224.lafostra.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mailjet (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 54.231.163.0 54.231.163.0 | 16509 (AMAZON-02) (AMAZON-02) | |
4 12 | 199.16.54.102 199.16.54.102 | 17185 (D102-PHL-1) (D102-PHL-1) | |
9 | 2 |
ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
ASN17185 (D102-PHL-1, US)
PTR: 199-16-54-102.static.as40244.net
199.16.54.102 | |
simples.live | |
mailjet.com.custmer.login.5754224.lafostra.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
lafostra.de
mailjet.com.custmer.login.5754224.lafostra.de |
281 KB |
3 |
simples.live
3 redirects
simples.live |
2 KB |
1 |
amazonaws.com
s3.amazonaws.com |
638 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
8 | mailjet.com.custmer.login.5754224.lafostra.de |
s3.amazonaws.com
mailjet.com.custmer.login.5754224.lafostra.de |
3 | simples.live | 3 redirects |
1 | s3.amazonaws.com | |
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
s3.amazonaws.com Amazon RSA 2048 M01 |
2024-02-08 - 2025-01-11 |
a year | crt.sh |
mailjet.com.custmer.login.5754224.lafostra.de R3 |
2024-02-10 - 2024-05-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3
Frame ID: 9287B2D5481919DAA82F7FD4CFC6D848
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
Login | Mailjet LanguagePage URL History Show full URLs
- https://s3.amazonaws.com/account.secure/hrefly.html Page URL
-
http://199.16.54.102/??Z289MSZzMT0xODI4NjIxJnMyPTIxODEzNzExNiZzMz1HTEI=
HTTP 302
http://simples.live/public/?:nav=default::index&go=1&s1=1828621&s2=218137116 HTTP 302
http://simples.live/?var=Om5hdj1jbGljazo6dHJhY2tlciZkZXBsb3k9MTgyODYyMSZ1c2VyPWRhdGFwcm90ZWN0aW9... HTTP 302
http://simples.live/public/?:nav=click::tracker&deploy=1828621&user=dataprotectionofficer%40eib.... HTTP 302
https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://s3.amazonaws.com/account.secure/hrefly.html Page URL
-
http://199.16.54.102/??Z289MSZzMT0xODI4NjIxJnMyPTIxODEzNzExNiZzMz1HTEI=
HTTP 302
http://simples.live/public/?:nav=default::index&go=1&s1=1828621&s2=218137116 HTTP 302
http://simples.live/?var=Om5hdj1jbGljazo6dHJhY2tlciZkZXBsb3k9MTgyODYyMSZ1c2VyPWRhdGFwcm90ZWN0aW9ub2ZmaWNlciU0MGVpYi5vcmcmZW1haWxfaWQ9MjE4MTM3MTE2JnVybD1hSFIwY0hNNkx5OXRZV2xzYW1WMExtTnZiUzVqZFhOMGJXVnlMbXh2WjJsdUxqVTNOVFF5TWpRdWJHRm1iM04wY21FdVpHVXZaVzR2TWpJeUx6RTRNamcyTWpFdFFVeE1YMHRJUVVwSlNGOXRZV2xzYW1WME1qQXlNMTh4TFRRMk1UY3hOQzh5TVRneE16Y3hNVFpmTkRZeE56RTFYekl3TDE5ZlF6TT0= HTTP 302
http://simples.live/public/?:nav=click::tracker&deploy=1828621&user=dataprotectionofficer%40eib.org&email_id=218137116&url=aHR0cHM6Ly9tYWlsamV0LmNvbS5jdXN0bWVyLmxvZ2luLjU3NTQyMjQubGFmb3N0cmEuZGUvZW4vMjIyLzE4Mjg2MjEtQUxMX0tIQUpJSF9tYWlsamV0MjAyM18xLTQ2MTcxNC8yMTgxMzcxMTZfNDYxNzE1XzIwL19fQzM= HTTP 302
https://mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/__C3 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
hrefly.html
s3.amazonaws.com/account.secure/ |
244 B 638 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
__C3
mailjet.com.custmer.login.5754224.lafostra.de/en/222/1828621-ALL_KHAJIH_mailjet2023_1-461714/218137116_461715_20/ Redirect Chain
|
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/css/ |
27 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MailjetBySinchLogo.png
mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mj_signin.png
mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/img/ |
115 KB 115 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/js/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.js
mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/js/ |
892 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f5b1bc3ff0438b15298d.woff2
mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/fonts/ |
20 KB 20 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b009a76ad6afe4ebd301.woff2
mailjet.com.custmer.login.5754224.lafostra.de/Mailjet/core/fonts/ |
15 KB 16 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mailjet (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mailjet.com.custmer.login.5754224.lafostra.de/ | Name: PHPSESSID Value: pg9rtj0njq27o792tlugptjve7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mailjet.com.custmer.login.5754224.lafostra.de
s3.amazonaws.com
simples.live
199.16.54.102
54.231.163.0
2c2b54185e7ace0cd2cd96e21576a141214a46ccd1c3aa74957f11eb52073782
547a2c05a1b8744633148a704ddba5adac238c5cbaf05bbd25606827a372b019
6ddee1fe4f87c5823236b9444906f9a2459c210d9ecc6a047314853f8d792e5c
7964481e687495317501fe40188a5ff8fde08892d246eebb0af386b7c2482824
b843ac2858c3931068be7d72ab2fd11e258830f4bdee94c941b7fdb4447a5420
c19e58d6b29ea3d77c8c828279ef3f92849ceb9630114b514fc6b1829f4e6e98
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d