portal.s21sec.com Open in urlscan Pro
34.111.165.252  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Page URL
2. https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	247	/ Show response portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/	572 B 741 B	150ms 46ms	Document text/html	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash a1e65ef86ee802e5ece6c56647c991a4bf941a3b3ddb365607dba9a2c5ee3a53 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc clear cache-control no-cache content-type text/html; charset=utf-8 date Thu, 04 Apr 2024 14:07:43 GMT expires Thu, 01 Aug 1978 00:01:48 GMT server openresty via 1.1 google
GET H2	200	kramericaindustries.ac.lib.js Show response portal.s21sec.com/	41 KB 14 KB	46ms 46ms	Script application/javascript	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/kramericaindustries.ac.lib.js Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash ae445fbd2829b45f50ea9105d0907b57515ca958b05b9deea71ecf6665292825 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT content-encoding gzip via 1.1 google last-modified Thu, 04 Apr 2024 00:06:14 GMT server openresty etag W/"660deef6-a5a6" vary Accept-Encoding content-type application/javascript alt-svc clear
GET H2	248	HFNBpOX3xuNChuygA6BLwldrpEt9go6C Show response portal.s21sec.com/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/	3 B 302 B	47ms 47ms	XHR application/octet-stream	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/HFNBpOX3xuNChuygA6BLwldrpEt9go6C Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/kramericaindustries.ac.lib.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" accept-language de-DE,de;q=0.9 x-zebra-qgbuTPuf YmY3YTdmNzEwYjIwYjA2ZTA0NGM2NzE5MDRmNTUxZDY5NjNmNmQyYjskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzA7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTstMTQ4MTQ4MTQ2ODA7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTtkaXNhYmxlZDskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpO3FLalNTdmp4MlZtSHYxZnpTbTNqZjV3N3VGTnRKSzJsL0tROFd6RzhvYUdTYVdJU1pkRVV4akY4VTRkL1JUTy9LS0k1RXQ2Y2NzekhaMFZvNVh1TzQxQ1Q0TmtCeUxCNmV5L3NZeWhIeC81ei9rM1dla0luMjI5eG1TS2x4YzlxTjlSUlJaVlhYZC9mWEhBeWpJdkU3T1R3ekdXTkZuS1owRHRPNm9McEpnV2tOeWFXNCt6S0FNU3FWTDBPd1lQRjVWaG00K2ZvMXNwc1p2WnFlWDlLY0l5MFltTVMwSWpobUpyVWFHajdZSHdsZFRTZzF5dFp1RVdOZ0ZjY2crZz0- sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-type application/x-www-form-urlencoded Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT via 1.1 google server openresty alt-svc clear content-type application/octet-stream
POST H2	200	/ Show response portal.s21sec.com/8d47-ffc3-0f63-4b3c-c5c9-5699-6d5b-3a1f/d/	1 B 66 B	44ms 44ms	XHR application/octet-stream	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/8d47-ffc3-0f63-4b3c-c5c9-5699-6d5b-3a1f/d/ Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/kramericaindustries.ac.lib.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Thu, 04 Apr 2024 14:07:43 GMT via 1.1 google server openresty alt-svc clear content-type application/octet-stream
GET H2	200	favicon.ico portal.s21sec.com/	15 KB 2 KB	152ms 152ms	Other image/x-icon	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-3aee" vary Accept-Encoding content-type image/x-icon alt-svc clear
GET H2	200	Primary Request / Show response portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/	4 KB 2 KB	145ms 142ms	Document text/html	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/kramericaindustries.ac.lib.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash ff9577d6f76e79481814f34b5462ff4fa1329018311a5bcf917e7a97b0479f73 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc clear content-encoding gzip content-type text/html date Thu, 04 Apr 2024 14:07:43 GMT etag W/"660c23e4-1031" last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty strict-transport-security max-age=63072000 vary Accept-Encoding via 1.1 google
GET H2	200	google-font-roboto.css portal.s21sec.com/css/	9 KB 714 B	77ms 75ms	Stylesheet text/css	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/css/google-font-roboto.css?v=36 Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash ca59f2f15d160cedf11efc8ffec08f9d40208aa94d5f9149c06053e2d2846c37 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-25b3" vary Accept-Encoding content-type text/css alt-svc clear
GET H2	200	default-theme.css portal.s21sec.com/css/	311 KB 45 KB	244ms 242ms	Stylesheet text/css	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/css/default-theme.css?v=36 Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 8405518258f8929f583124485f349eaaf4faaf4fa1e51ebd1ca83076fb9d5ad3 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-4da5b" vary Accept-Encoding content-type text/css alt-svc clear
GET H2	200	react-bootstrap-table.min.css portal.s21sec.com/css/	8 KB 2 KB	78ms 76ms	Stylesheet text/css	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/css/react-bootstrap-table.min.css?v=36 Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 1d0a3869fefd9e6682809a09a868f0581a4b38b475d3792e3f948675d25a40b0 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-1ee5" vary Accept-Encoding content-type text/css alt-svc clear
GET H2	200	Typeahead.min.css portal.s21sec.com/css/	5 KB 1 KB	146ms 145ms	Stylesheet text/css	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/css/Typeahead.min.css?v=36 Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 8077aaefb7b656d4d375c8ed68246e68fe3332081a87853e5545fd46a8553e7b Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-1371" vary Accept-Encoding content-type text/css alt-svc clear
GET H2	200	popup-aviso.css portal.s21sec.com/css/	2 KB 787 B	146ms 145ms	Stylesheet text/css	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/css/popup-aviso.css?v=36 Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash d5f813b04501ee3f5e342eb816d9c929c88f7a3dc5f4f11952e9980d77f49ce7 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-86c" vary Accept-Encoding content-type text/css alt-svc clear
GET H2	200	multiselect.css portal.s21sec.com/css/	1 KB 1 KB	130ms 129ms	Stylesheet text/css	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/css/multiselect.css?v=36 Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 89387c656875a1db1aa47ba1106db1e1ee8b0cac521e7526da7040ec91b85a50 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT strict-transport-security max-age=63072000 via 1.1 google last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty etag "660c23e4-4f4" content-type text/css accept-ranges bytes alt-svc clear content-length 1268
GET H2	200	2.3e193ca7.chunk.js Show response portal.s21sec.com/static/js/	5 MB 2 MB	213ms 212ms	Script application/javascript	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/static/js/2.3e193ca7.chunk.js Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 280a0bbf9ef0d5bb3b07e4475f7c5c88fde5119ec7220b6aada7d5ee75dc0347 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-53601f" vary Accept-Encoding content-type application/javascript alt-svc clear
GET H2	200	main.562e1760.chunk.js Show response portal.s21sec.com/static/js/	3 MB 576 KB	231ms 230ms	Script application/javascript	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/static/js/main.562e1760.chunk.js Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 984dfad66a26aabd3aaf2d22394a9a2eb3a3b09b2ffbc7469e0402e1b7c3ef77 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:43 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-30b157" vary Accept-Encoding content-type application/javascript alt-svc clear
OPTIONS H2	200	/ api.s21sec.com/en/auth/token/jwt/verify/	0 0	223ms 70ms	Preflight text/html	88.84.64.8 EQUINIX
General Check archive.org Show headers Download Go to Full URL https://api.s21sec.com/en/auth/token/jwt/verify/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 88.84.64.8 Leganés, Spain, ASN15830 (EQUINIX, NL), Reverse DNS Software nginx / Resource Hash Security Headers Name Value Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; connect-src https: wss: Strict-Transport-Security max-age=15768000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept */* Access-Control-Request-Headers authorization,content-type Access-Control-Request-Method POST Origin https://portal.s21sec.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers access-control-allow-headers accept, authorization, content-type, user-agent, x-csrftoken, x-requested-with access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS access-control-allow-origin https://portal.s21sec.com access-control-max-age 600 content-length 0 content-security-policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; connect-src https: wss: content-type text/html; charset=utf-8 date Thu, 04 Apr 2024 14:07:44 GMT referrer-policy same-origin strict-origin server nginx strict-transport-security max-age=15768000; includeSubDomains; preload vary origin x-content-type-options nosniff x-xss-protection 1; mode=block
POST H2	400	/ Show response api.s21sec.com/en/auth/token/jwt/verify/	41 B 303 B	70ms 69ms	XHR application/json	88.84.64.8 EQUINIX
General Check archive.org Show headers Download Go to Full URL https://api.s21sec.com/en/auth/token/jwt/verify/ Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/static/js/2.3e193ca7.chunk.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 88.84.64.8 Leganés, Spain, ASN15830 (EQUINIX, NL), Reverse DNS Software nginx / Resource Hash 633b00ff8c48451a6d08c47bdb7b257711893814bbf4000c9683654aaac9f600 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 Authorization JWT null User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type application/json Accept application/json, text/plain, */* Referer https://portal.s21sec.com/ sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:44 GMT x-content-type-options nosniff referrer-policy same-origin server nginx x-frame-options DENY vary Accept, origin, Cookie content-language en allow POST, OPTIONS access-control-allow-origin https://portal.s21sec.com content-type application/json content-length 41 x-xss-protection 1; mode=block
GET H2	200	audio.svg portal.s21sec.com/img/	1 KB 1 KB	71ms 71ms	Image image/svg+xml	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://portal.s21sec.com/img/audio.svg Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/css/default-theme.css?v=36 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash bc99c08e427f963915fd1a48c3abdd823c2a555f9d242d246c0257da0ebf8806 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/css/default-theme.css?v=36 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:44 GMT strict-transport-security max-age=63072000 via 1.1 google last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty etag "660c23e4-564" content-type image/svg+xml accept-ranges bytes alt-svc clear content-length 1380
GET H2	200	favicon-32x32.png portal.s21sec.com/img/	1 KB 1 KB	72ms 71ms	Other image/png	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/img/favicon-32x32.png?v=36 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 459b3a52533ccac3900b70175c6c667d56f2117172a109febaceb350b218f490 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/threat-intelligence/digital-brand-protection/detail/32321/phishingybersquatting/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:44 GMT strict-transport-security max-age=63072000 via 1.1 google last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty etag "660c23e4-4a9" content-type image/png accept-ranges bytes alt-svc clear content-length 1193
GET H2	200	s21-thales-logo-white.png portal.s21sec.com/img/	10 KB 10 KB	74ms 73ms	Image image/png	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://portal.s21sec.com/img/s21-thales-logo-white.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash e53396afb73ca5a48d4492ff1ece45dc834e9cb9258fb1a4019f215c30a8d6ab Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/login accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:44 GMT strict-transport-security max-age=63072000 via 1.1 google last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty etag "660c23e4-27dd" content-type image/png accept-ranges bytes alt-svc clear content-length 10205
GET H2	200	flag-spain.svg portal.s21sec.com/img/	4 KB 1 KB	73ms 72ms	Image image/svg+xml	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://portal.s21sec.com/img/flag-spain.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 79631ff960513b9cab7ae470bc3ba0329e394d08075d0633287874c542203c6c Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/login accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:44 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-10c8" vary Accept-Encoding content-type image/svg+xml alt-svc clear
GET H2	200	flag-portugal.svg portal.s21sec.com/img/	2 KB 806 B	75ms 74ms	Image image/svg+xml	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://portal.s21sec.com/img/flag-portugal.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 4c8e318a643b55e956282a56c51fdcf1adae7069a333ade3d714882c224c99d7 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/login accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:44 GMT strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty via 1.1 google etag W/"660c23e4-765" vary Accept-Encoding content-type image/svg+xml alt-svc clear
GET H2	200	favicon-32x32.png portal.s21sec.com/img/	1 KB 1 KB	72ms 71ms	Other image/png	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/img/favicon-32x32.png?v=36 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash 459b3a52533ccac3900b70175c6c667d56f2117172a109febaceb350b218f490 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/login accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:44 GMT strict-transport-security max-age=63072000 via 1.1 google last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty etag "660c23e4-4a9" content-type image/png accept-ranges bytes alt-svc clear content-length 1193
GET H2	200	login-bg-2023.jpg portal.s21sec.com/img/	738 KB 739 KB	178ms 178ms	Image image/jpeg	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://portal.s21sec.com/img/login-bg-2023.jpg Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/css/default-theme.css?v=36 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash ef195974286947217a867981c6a3ee92f9c13eb503bf11e82f981459938d3adf Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/css/default-theme.css?v=36 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:44 GMT strict-transport-security max-age=63072000 via 1.1 google last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty etag "660c23e4-b89ba" content-type image/jpeg accept-ranges bytes alt-svc clear content-length 756154
GET H2	200	S21sec-CMSSP.ttf portal.s21sec.com/fonts/	8 KB 8 KB	71ms 70ms	Font application/octet-stream	34.111.165.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://portal.s21sec.com/fonts/S21sec-CMSSP.ttf?u9gbf8 Requested by Host: portal.s21sec.com URL: https://portal.s21sec.com/css/default-theme.css?v=36 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.165.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.165.111.34.bc.googleusercontent.com Software openresty / Resource Hash b40a8469dff7393dc74d05bb290eda167438edbc945266c772169a7debac717e Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://portal.s21sec.com/css/default-theme.css?v=36 Origin https://portal.s21sec.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 04 Apr 2024 14:07:44 GMT strict-transport-security max-age=63072000 via 1.1 google last-modified Tue, 02 Apr 2024 15:27:32 GMT server openresty etag "660c23e4-2088" content-type application/octet-stream accept-ranges bytes alt-svc clear content-length 8328

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackJsonps21sec object| __core-js_shared__ function| BootstrapTable function| TableHeaderColumn function| InsertModalHeader function| InsertModalBody function| InsertModalFooter function| InsertButton function| DeleteButton function| ShowSelectedOnlyButton function| ExportCSVButton function| ClearSearchButton function| SearchField function| ButtonGroup function| SizePerPageDropDown function| saveAs object| regeneratorRuntime function| setImmediate function| clearImmediate object| pdfMake function| isIE function| checkIEAlert function| showNotice function| hideNotice object| specifiedElement

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			portal.s21sec.com/	1969-12-31 23:59:59	Name: GCLB Value: COXn9rzu-oL60AEQAw
			.portal.s21sec.com/	1969-12-31 23:59:59	Name: rbzid Value: flQpHmvq7s/GhlLtGKUWQhzjAgraYiauxnvoVfz+hr6s2L6YvjWNQhJGYv4uX2lKbInfP/9+8hkp18hMNRoHCx4+FyPa8+EDk7/tMVAz5WdDApVdwo+eBxmBmx93VRD9ZhjbnCMs99eRk4ipm/1T4QizX9J3iyQx6wEpf3/7gOpOm1xg2l3aSJ9vQU5ttiWz1nRv39ADC17zBJ8adbknzSKRKGPDaZua66qDxOc8DYO7i2qDg7jw//Jf42jroTk-

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.s21sec.com/en/auth/token/jwt/verify/ Message: Failed to load resource: the server responded with a status of 400 ()
recommendation	verbose	URL: https://portal.s21sec.com/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.s21sec.com
portal.s21sec.com
34.111.165.252
88.84.64.8
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
1d0a3869fefd9e6682809a09a868f0581a4b38b475d3792e3f948675d25a40b0
280a0bbf9ef0d5bb3b07e4475f7c5c88fde5119ec7220b6aada7d5ee75dc0347
459b3a52533ccac3900b70175c6c667d56f2117172a109febaceb350b218f490
4c8e318a643b55e956282a56c51fdcf1adae7069a333ade3d714882c224c99d7
633b00ff8c48451a6d08c47bdb7b257711893814bbf4000c9683654aaac9f600
79631ff960513b9cab7ae470bc3ba0329e394d08075d0633287874c542203c6c
8077aaefb7b656d4d375c8ed68246e68fe3332081a87853e5545fd46a8553e7b
8405518258f8929f583124485f349eaaf4faaf4fa1e51ebd1ca83076fb9d5ad3
89387c656875a1db1aa47ba1106db1e1ee8b0cac521e7526da7040ec91b85a50
984dfad66a26aabd3aaf2d22394a9a2eb3a3b09b2ffbc7469e0402e1b7c3ef77
a1e65ef86ee802e5ece6c56647c991a4bf941a3b3ddb365607dba9a2c5ee3a53
ae445fbd2829b45f50ea9105d0907b57515ca958b05b9deea71ecf6665292825
b40a8469dff7393dc74d05bb290eda167438edbc945266c772169a7debac717e
bc99c08e427f963915fd1a48c3abdd823c2a555f9d242d246c0257da0ebf8806
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca59f2f15d160cedf11efc8ffec08f9d40208aa94d5f9149c06053e2d2846c37
d5f813b04501ee3f5e342eb816d9c929c88f7a3dc5f4f11952e9980d77f49ce7
e53396afb73ca5a48d4492ff1ece45dc834e9cb9258fb1a4019f215c30a8d6ab
ef195974286947217a867981c6a3ee92f9c13eb503bf11e82f981459938d3adf
ff9577d6f76e79481814f34b5462ff4fa1329018311a5bcf917e7a97b0479f73