urlscan.io logo urlscan.io
SecurityTrails logo

lmo.rostov202.site Open in urlscan Pro
45.155.249.214  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2B8wmQI4ysG34WwrC39YX...
Effective URL: https://lmo.rostov202.site/?username=ecastillo@savemart.com
Submission: On June 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 45.155.249.214, located in Naaldwijk, Netherlands and belongs to MEER-AS meerfarbig GmbH & Co. KG, DE. The main domain is lmo.rostov202.site.
TLS certificate: Issued by R3 on June 8th 2023. Valid for: 3 months.
This is the only time lmo.rostov202.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.123.122 11377 (SENDGRID)
7 45.223.59.119 19551 (INCAPSULA)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 34.120.88.34 396982 (GOOGLE-CL...)
2 45.155.249.214 34549 (MEER-AS m...)
14 5
1    167.89.123.122 (Chicago, United States)

ASN11377 (SENDGRID, US)
PTR: o16789123x122.outbound-mail.sendgrid.net
u18316585.ct.sendgrid.net
7    45.223.59.119 (United States)

ASN19551 (INCAPSULA, US)
ct.turing.com
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
shreeganeshmetaliks.com
2    34.120.88.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.88.120.34.bc.googleusercontent.com
logging-server.turing.com
2    45.155.249.214 (Naaldwijk, Netherlands)

ASN34549 (MEER-AS meerfarbig GmbH & Co. KG, DE)
lmo.rostov202.site
Apex Domain
Subdomains		 Transfer
9 turing.com
ct.turing.com
mail.turing.com Failed
logging-server.turing.com — Cisco Umbrella Rank: 896637
140 KB
2 rostov202.site
lmo.rostov202.site
132 KB
1 shreeganeshmetaliks.com
shreeganeshmetaliks.com
748 B
1 sendgrid.net
u18316585.ct.sendgrid.net
561 B
14 4
Domain Requested by
7 ct.turing.com ct.turing.com
2 lmo.rostov202.site lmo.rostov202.site
2 logging-server.turing.com ct.turing.com
1 shreeganeshmetaliks.com ct.turing.com
1 u18316585.ct.sendgrid.net 1 redirects
0 mail.turing.com Failed ct.turing.com
14 6

This site contains no links.

Subject Issuer Validity Valid
imperva.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-05-23 -
2023-11-19		 6 months crt.sh
*.turing.com
Sectigo RSA Domain Validation Secure Server CA		 2022-10-18 -
2023-11-18		 a year crt.sh
rostov202.site
R3		 2023-06-08 -
2023-09-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://lmo.rostov202.site/?username=ecastillo@savemart.com
Frame ID: 4D58B7850B2AA7FABF2704D1BA50DE0A
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

reCAPTCHA

Page URL History Show full URLs

  1. https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2... HTTP 302
    https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e7... Page URL
  2. https://lmo.rostov202.site/?username=ecastillo@savemart.com Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

14
Requests

79 %
HTTPS

20 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

274 kB
Transfer

833 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2B8wmQI4ysG34WwrC39YXBR-2BMii1Ytc3B24b3mNEFhPtIsakLSMv6ORj5Rhzyz4GOSNDhvsnUqYKnX2u5AnolNqwVxE4Tz7u0AOnivftihuCUQd4SjoV-2BgUlNB-2BSnihTscLWs1yBv-2BiW5b6uTXdtJTqRdQ4p-2BppMwHpXtV6fgpM0WeW9zyyEpauswswBv-2BE7H1f5x0BI27EQkCMRLnHgJtGXfeymR2mwzzO-2B9RD1PDLTXbr1iRdcEtkQ6Tooffsq2T510Ga7fsPClk3wYp3KyCVYq5FsrbpNKfIODhIlzsr4GymBakIAFPKU92O-2FvBDAa7PauswjW0r-2FRsL1vpgVE4R3i9wWg4NDCLCM7w0T2W0HfSVQ4UGoVWBZUM35Q-2BrL4aPDGeTKENvXXZjw-2Bzke9vS2jYt5SXfaF44gQTNGXXTqWJh7g-3D042u_3L7tStLlnw1-2Bef5iKHoFj69v9JvWVJwcv8yr5gQNZlDzdAp-2BolKYdN7XkBdg28J0wpyqyNkbbnqiwf4ODeiP6MOYCyCSdzwC9STtNfsTb2s5o-2FKO7NU5ml-2FAzq1kGnqx814s9Xp36kyOOemQUoV8R35px2-2B0idUOGK3D5GaYE5-2Fkq4FY1S81P8c6davnUvnuDye4f32DMM-2B15jnO0PFiOqoP0jqkh9-2BhrMeFlHC6u8c-3D HTTP 302
    https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ== Page URL
  2. https://lmo.rostov202.site/?username=ecastillo@savemart.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2B8wmQI4ysG34WwrC39YXBR-2BMii1Ytc3B24b3mNEFhPtIsakLSMv6ORj5Rhzyz4GOSNDhvsnUqYKnX2u5AnolNqwVxE4Tz7u0AOnivftihuCUQd4SjoV-2BgUlNB-2BSnihTscLWs1yBv-2BiW5b6uTXdtJTqRdQ4p-2BppMwHpXtV6fgpM0WeW9zyyEpauswswBv-2BE7H1f5x0BI27EQkCMRLnHgJtGXfeymR2mwzzO-2B9RD1PDLTXbr1iRdcEtkQ6Tooffsq2T510Ga7fsPClk3wYp3KyCVYq5FsrbpNKfIODhIlzsr4GymBakIAFPKU92O-2FvBDAa7PauswjW0r-2FRsL1vpgVE4R3i9wWg4NDCLCM7w0T2W0HfSVQ4UGoVWBZUM35Q-2BrL4aPDGeTKENvXXZjw-2Bzke9vS2jYt5SXfaF44gQTNGXXTqWJh7g-3D042u_3L7tStLlnw1-2Bef5iKHoFj69v9JvWVJwcv8yr5gQNZlDzdAp-2BolKYdN7XkBdg28J0wpyqyNkbbnqiwf4ODeiP6MOYCyCSdzwC9STtNfsTb2s5o-2FKO7NU5ml-2FAzq1kGnqx814s9Xp36kyOOemQUoV8R35px2-2B0idUOGK3D5GaYE5-2Fkq4FY1S81P8c6davnUvnuDye4f32DMM-2B15jnO0PFiOqoP0jqkh9-2BhrMeFlHC6u8c-3D HTTP 302
  • https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ct.turing.com/
Redirect Chain
  • https://u18316585.ct.sendgrid.net/ls/click?upn=NvROHCvVxUzCnVSEfwNmna0tyf2DcqE89FUk-2BSaV0J7iaH3j2wPJtbhsIrg-2B8wmQI4ysG34WwrC39YXBR-2BMii1Ytc3B24b3mNEFhPtIsakLSMv6ORj5Rhzyz4GOSNDhvsnUqYKnX2u5AnolN...
  • https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9...
942 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
UploadServer /
Resource Hash
3ae41a2e873454071786167cc177cfdc9ee35fcc1cef135c45f81a30fa0b8131

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3916
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=3600
content-type
text/html
date
Wed, 14 Jun 2023 17:32:57 GMT
etag
"4c43468b87c1001d88f88a5de775fbff"
last-modified
Thu, 11 May 2023 12:34:35 GMT
server
UploadServer
x-cdn
Imperva
x-goog-generation
1683808475439233
x-goog-hash
crc32c=N7OZ+g== md5=TENGi4fBAB2I+Ipd53X7/w==
x-goog-meta-goog-reserved-file-mtime
1683808466
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
729
x-guploader-uploadid
ADPycdvKg2IS_kkmbAl0J2wd17afaYdEXh0KQtOOQ8jdQly8wUOIFMDHnYHWTTQxs0Iqw-q6hOnSRaxuB1eL_IV-BAEOlA
x-iinfo
14-16255588-16255658 NNNN CT(17 24 0) RT(1686767893331 74) q(0 1 1 109) r(1 1) U24

Redirect headers

Connection
keep-alive
Content-Length
384
Content-Type
text/html; charset=utf-8
Date
Wed, 14 Jun 2023 18:38:13 GMT
Location
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
Server
nginx
X-Robots-Tag
noindex, nofollow
yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl
ct.turing.com/ 		207 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash
daf948a7146a508341f363bdd764f52e53718af5fdc29f291857733b983697d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 18:38:13 GMT
content-encoding
gzip
server
bon
x-cdn
Imperva
content-type
text/javascript
access-control-allow-origin
*
x-iinfo
14-16255588-16255709 NNNN CT(9 14 0) RT(1686767893331 304) q(0 0 0 -1) r(0 0)
cache-control
max-age=0
server-timing
bon, total;dur=13.056327
content-length
67959
main.013c44c458e6d0da5b13.js
ct.turing.com/ 		150 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/main.013c44c458e6d0da5b13.js
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
UploadServer /
Resource Hash
8122903b79d84100ccec113aa2709c771699b68cd2f0ece9063a2f0d0bba12df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 18:22:11 GMT
content-encoding
br
x-cdn
Imperva
x-goog-meta-goog-reserved-file-mtime
1683808466
age
962
x-guploader-uploadid
ADPycdukmwxYtlPXpYo3x-lW2FBWE-HD2Vpptcqu9iOG122AEl03QyAH82o5Jwu-zSefQWaYwVii6i3qhnLu-8qeDwaxWg
x-goog-storage-class
STANDARD
x-iinfo
14-16255588-16255712 NNNN CT(36 26 0) RT(1686767893331 309) q(0 0 1 -1) r(1 1) U24
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47249
last-modified
Thu, 11 May 2023 12:34:35 GMT
server
UploadServer
etag
W/"51864cbf642cef61c0eacdba6cd899f6"
vary
Accept-Encoding
x-goog-generation
1683808475826181
x-goog-hash
crc32c=MsdItA==, md5=UYZMv2Qs72HA6s26bNiZ9g==
content-type
application/javascript
cache-control
public,max-age=3600
x-goog-stored-content-length
153933
accept-ranges
none
main.013c44c458e6d0da5b13.css
ct.turing.com/ 		669 B
981 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/main.013c44c458e6d0da5b13.css
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
UploadServer /
Resource Hash
5bea97352ebb1f24a716891a46ab47a20ea529f957dd6ba100c1e46b8976c478

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 18:20:33 GMT
x-cdn
Imperva
x-goog-meta-goog-reserved-file-mtime
1683808466
age
1060
x-guploader-uploadid
ADPycdtCBx5Ycm8CowR00mmZrtrkyRsW1-vXEZy-wFbNKcyMzgrgPMCRyfpWCkv3fUY3OtkBuwgzW2eCvbHs7gPZLOLKIoAtmLUe
x-goog-storage-class
STANDARD
x-iinfo
14-16255588-16255658 PNNN RT(1686767893331 305) q(0 0 0 -1) r(0 0) U24
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
669
last-modified
Thu, 11 May 2023 12:34:35 GMT
server
UploadServer
etag
"a9378920a02242888934bc0f07a3abad"
x-goog-generation
1683808475672560
x-goog-hash
crc32c=q7es5A==, md5=qTeJIKAiQoiJNLwPB6OrrQ==
content-type
text/css
cache-control
public,max-age=3600
x-goog-stored-content-length
669
accept-ranges
bytes
_Incapsula_Resource
ct.turing.com/ 		156 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1116252264
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
76f1d18c3da814a274d2bd23ddcd4645698c86140f5813355e849a14acd6a998

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
x-robots-tag
noindex
content-length
22511
content-type
application/javascript
_Incapsula_Resource
ct.turing.com/ 		1 B
89 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.turing.com/_Incapsula_Resource?SWKMTFSR=1&e=0.08218749005654513
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
content-type
text/plain
email-clicked
mail.turing.com/api/logging/ 		0
0
analytics
mail.turing.com/api/ 		0
0
ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
shreeganeshmetaliks.com/lobatan/ 		0
748 B 		Document
General
Check archive.org
Download Go to
Full URL
http://shreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/main.013c44c458e6d0da5b13.js
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
7d74b06988899249-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 14 Jun 2023 18:38:14 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nQJHxYacX4YXN9wL0Civig1cl18kkOUWs%2FeLB9SLWgu9HpLRN3ev1LEPA8GE4UlvR5O3ndf%2BsTF3FtARjZZfJ1FGJD7YiGsW3JWYlbAY%2B%2FeEd9bxK%2BeV705QowyecF8tLycD9oPRmy51EB%2BH6PscFSbuM%2FupAA%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400
refresh
0;url=https://lmo.rostov202.site/?username=ecastillo@savemart.com
log
logging-server.turing.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://logging-server.turing.com/log
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.88.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
34.88.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,visitor-token,x-client-logging-version,x-is-bot,x-log-name,x-product-name,x-seq
Access-Control-Request-Method
POST
Origin
https://ct.turing.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,content-type,visitor-token,x-client-logging-version,x-is-bot,x-log-name,x-product-name,x-seq
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://ct.turing.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 14 Jun 2023 18:38:14 GMT
vary
Origin, Access-Control-Request-Headers
via
1.1 google
x-powered-by
Express
log
logging-server.turing.com/ 		285 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://logging-server.turing.com/log
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/main.013c44c458e6d0da5b13.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.88.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
34.88.120.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

visitor-token
accept-language
de-DE,de;q=0.9
Authorization
Basic Y2xpZW50VXNlcjpRb2shMjMzISEjM2Fs
x-seq
0
x-client-logging-version
6.12.0
Content-Type
application/json
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Referer
https://ct.turing.com/
x-is-bot
false
x-log-name
PAGEVIEWS
x-product-name
EMAIL_COMMUNICATION_SYSTEM

Response headers

content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
date
Wed, 14 Jun 2023 18:38:14 GMT
via
1.1 google
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
285
x-xss-protection
0
referrer-policy
no-referrer
cross-origin-opener-policy
same-origin
etag
W/"11d-l6hWEX/DTgWdP4XEmL6WMVFgYB0"
expect-ct
max-age=0
vary
Origin
x-frame-options
SAMEORIGIN
x-download-options
noopen
access-control-allow-origin
https://ct.turing.com
origin-agent-cluster
?1
content-type
application/json; charset=utf-8
access-control-allow-credentials
true
x-ls-version
4.3.1
yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl
ct.turing.com/ 		762 B
991 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.turing.com/yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl?d=ct.turing.com
Requested by
Host: ct.turing.com
URL: https://ct.turing.com/yers-tiedgemes-Arme-selfe-a-Day-Macb-Shall-Widdl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.223.59.119 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash

Request headers

Accept
application/json; charset=utf-8
Referer
https://ct.turing.com/?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain; charset=utf-8

Response headers

date
Wed, 14 Jun 2023 18:38:14 GMT
server
bon
x-cdn
Imperva
content-type
application/json
access-control-allow-origin
*
x-iinfo
14-16255588-16255709 PNNN RT(1686767893331 712) q(0 0 0 -1) r(0 0) U6
cache-control
no-cache, no-store
server-timing
bon, total;dur=30.817645000000002
content-length
762
Primary Request /
lmo.rostov202.site/ 		277 KB
132 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lmo.rostov202.site/?username=ecastillo@savemart.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.155.249.214 Naaldwijk, Netherlands, ASN34549 (MEER-AS meerfarbig GmbH & Co. KG, DE),
Reverse DNS
Software
nginx /
Resource Hash
b1de42babd05880444daee8e0a0c69395d9e928dc44dc7c3bc723f369f7b0ef4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://shreeganeshmetaliks.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 14 Jun 2023 18:38:15 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
truncated
/ 		858 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
19b8ee66ab60c45d5d24988d090b61c938b44c2ee9a5f8558335b27a2f315072

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		40 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
64c2019b369b4f3b45009d1740f4c7ae0856bb2608aea7d7628b78f43cecb3fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
/
lmo.rostov202.site/ 		143 B
310 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lmo.rostov202.site/?username=ecastillo@savemart.com
Requested by
Host: lmo.rostov202.site
URL: https://lmo.rostov202.site/?username=ecastillo@savemart.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.155.249.214 Naaldwijk, Netherlands, ASN34549 (MEER-AS meerfarbig GmbH & Co. KG, DE),
Reverse DNS
Software
nginx /
Resource Hash
c337ee247fd4858cb2f17663ebab9ac8e27ad3e24975dac0f29785c84d729779
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 14 Jun 2023 18:38:17 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/json

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mail.turing.com
URL
https://mail.turing.com/api/logging/email-clicked?ti=eyJpc19hdXRvbWF0aW9uX3Rvb2wiOmZhbHNlLCJvcmlnaW5hbF91cmwiOiJodHRwOi8vc2hyZWVnYW5lc2htZXRhbGlrcy5jb20vbG9iYXRhbi9aV05oYzNScGJHeHZRSE5oZG1WdFlYSjBMbU52YlE9PSIsImlzX2JlYWNvbl9zdXBwb3J0ZWQiOnRydWUsImRldmljZVdpZHRoIjoxNjAwLCJkZXZpY2VIZWlnaHQiOjEyMDAsImJyb3dzZXJXaWR0aCI6MTYwMCwiYnJvd3NlckhlaWdodCI6MTIwMCwibGFuZ3VhZ2UiOiJlbi1VUyIsInVzZXJBZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTQuMC41NzM1LjEzMyBTYWZhcmkvNTM3LjM2IiwidXJsIjoiaHR0cHM6Ly9jdC50dXJpbmcuY29tLz90aT04MGQ3NTVlYmU4OGMyZDBiNWEzZmVhOGI1YTBkMDk4ZGYxNWQ2OTczNzM1OGU2ZTYzZDkxYWM3YjgwNmNhZTE1MTY4ODY3ZTc1NWJkNTk3ZGM5NGZjYmQzYTQ4MzE3Nzc0YWRhODJiNTEwZDkzYTM1OTMxOWJlMTU2ZjY3ZjI0OGRjMGM4ZGJlNzU1OTA3MmM3NTQxM2RjOGQ4YTY1OWNjZGMwYTc3MDE5ZDkzNTMxMDVkZjI0MzFjMWQ4MTRiZmJiZGEzZTVjYTljZWU1OTM1Y2U2ZmJhNDFjYWY3YjM1N2YyYmZlZjE5YTBmNTBmNWMyNzdmOWI0MWZkJnJkPWh0dHAlM0ElMkYlMkZzaHJlZWdhbmVzaG1ldGFsaWtzLmNvbS9sb2JhdGFuL1pXTmhjM1JwYkd4dlFITmhkbVZ0WVhKMExtTnZiUT09In0=
Domain
mail.turing.com
URL
https://mail.turing.com/api/analytics?ti=80d755ebe88c2d0b5a3fea8b5a0d098df15d69737358e6e63d91ac7b806cae15168867e755bd597dc94fcbd3a48317774ada82b510d93a359319be156f67f248dc0c8dbe7559072c75413dc8d8a659ccdc0a77019d9353105df2431c1d814bfbbda3e5ca9cee5935ce6fba41caf7b357f2bfef19a0f50f5c277f9b41fd&rd=http%3A%2F%2Fshreeganeshmetaliks.com/lobatan/ZWNhc3RpbGxvQHNhdmVtYXJ0LmNvbQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| a0f function| a0e function| setCookie function| onCheckBoxChange

6 Cookies

Domain/Path Name / Value
.turing.com/ Name: visid_incap_2912814
Value: 7g1s5RxuR7SNbRimmz9EVxUJimQAAAAAQUIPAAAAAADdlJpt2qlIpHg9xSLqI5sG
.turing.com/ Name: nlbi_2912814
Value: as7YX8PobS3FGuCDoaY+eQAAAABAu8DXCm4LJtxRV0Qalj5j
.turing.com/ Name: incap_ses_1515_2912814
Value: 6lqCa4WD80uMAdCK9FwGFRUJimQAAAAAl7R6aZ6+RjdWEAErAdt9LA==
.turing.com/ Name: nlbi_2912814_2147483392
Value: 8B/RENmcajuqXG/eoaY+eQAAAAAhRiHkXXb0iNSe2nxExfau
ct.turing.com/ Name: reese84
Value: 3:afTlRsKt7bRzyzGB097eaQ==:Tj0/LiEXtEPdr0bpomOpBWGj7UsObbUuBi/aBQ3bLxVD/IZ2ic2wWHXXv1GUQwcyQApGpOp2D/TgHUCKh+caaaN2ipWQhE1MR6QkRBGbp+NOci6Zrp3ICHg6CHoUjLk++1kMr+jkroNP2KEgkyoMooLCRtwBRFQu0Oy08K06wxoR4+vu3IUCahkFZq3bL5noh2E6gvIjhQfKti+h79FggtKtoQ1BxNjXHK0pFdyQQpWiwf7RctfUA1jqueV5MbkMTjE7MxkhoKIqxtiwecQjmTu3Vv8lHTbZ5Xq1NoKuaf5023rrAGRxEKpZp/D2n+TKbM7XVwbf9n4pv1dSCGoXcDp0dbMxmoUGSBvxH1hiUoIpF5+fWYL9v4ooq8Tsx/VS3KBeK5h73MCVULSSp5kq5M2KR6MecXxNaknK1EiVX5yrvXN0fSX2KG6Oeo9ezilkj5ca+2OjyOZ5tsYDJ0qRnbQxtJhzDiTGTWDz9xQmrMkxykkfLVJ4PlEVYD00uN/+1g8J81i6toAHOLBWXactax5M2YyThTi7gzPG36J9R7NicDdQdgcpterIAebBFDzUEypkDYEpCh4RU2hUnrEk22R05GAzu5/jXsZGOBmNIpNu29MHYeSqA9xP22lyXncw:HbAX6vor5hvfpi8cVbVezy3HHALDH4aONvqKcv4Qkec=
.turing.com/ Name: visitor_token
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2aXNpdG9ySWQiOiI5ZjE0MDRjZC0xYmFhLTRiNzAtOGExMC1hNzY0ZmQ5NTc2M2EiLCJzZXNzaW9uSWQiOiJlMTQxZDgwNS0wMmRjLTRhYTItYjkxMi01NGNiZWIzZWM1ZDYiLCJzZXNzaW9uRXhwIjoxNjg2NzY5Njk0LCJpYXQiOjE2ODY3Njc4OTR9.Xv2GvsDlk_3ipbk-Q6Fec2UwTV3JVH92aTg22jSOuSY