urlscan.io logo urlscan.io
SecurityTrails logo

boring-gates-a0cb1c.netlify.app Open in urlscan Pro
206.189.58.26  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u23324797.ct.sendgrid.net/ls/click?upn=PBG5whjwAIZofPr9hcHeXIYD3ovgw2RAlTvmoENqMNn-2BQR1WBe4xgkvvA0-2FO6wcU1ZCSzgAJvWYd0WM...
Effective URL: https://boring-gates-a0cb1c.netlify.app/alldom.htm
Submission: On October 04 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 206.189.58.26, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is boring-gates-a0cb1c.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on March 9th 2021. Valid for: a year.
This is the only time boring-gates-a0cb1c.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.123.16 11377 (SENDGRID)
1 50.19.254.224 14618 (AMAZON-AES)
5 206.189.58.26 14061 (DIGITALOC...)
1 143.204.98.21 16509 (AMAZON-02)
7 3
Domain Requested by
5 boring-gates-a0cb1c.netlify.app carbonated-luxuriant-maple.glitch.me
boring-gates-a0cb1c.netlify.app
1 logo.clearbit.com boring-gates-a0cb1c.netlify.app
1 carbonated-luxuriant-maple.glitch.me
1 u23324797.ct.sendgrid.net 1 redirects
7 4

This site contains no links.

Subject Issuer Validity Valid
glitch.com
Amazon		 2021-01-18 -
2022-02-15		 a year crt.sh
*.netlify.app
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-03-09 -
2022-03-01		 a year crt.sh
clearbit.com
Amazon		 2021-04-22 -
2022-05-21		 a year crt.sh

This page contains 1 frames:

Primary Page: https://boring-gates-a0cb1c.netlify.app/alldom.htm
Frame ID: 832F53C8443B0FA4E2D561D001146855
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://u23324797.ct.sendgrid.net/ls/click?upn=PBG5whjwAIZofPr9hcHeXIYD3ovgw2RAlTvmoENqMNn-2BQR1WBe4xgkvvA0-2F... HTTP 302
    https://carbonated-luxuriant-maple.glitch.me/oldred.htm Page URL
  2. https://boring-gates-a0cb1c.netlify.app/alldom.htm Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • ^https?://[^/]+\.netlify\.(?:com|app)/

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

57 kB
Transfer

59 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u23324797.ct.sendgrid.net/ls/click?upn=PBG5whjwAIZofPr9hcHeXIYD3ovgw2RAlTvmoENqMNn-2BQR1WBe4xgkvvA0-2FO6wcU1ZCSzgAJvWYd0WMrSNFgXnWx6nOifQ2Per0svv16cVuy0Ze1ccC0XY6vKm1OMgrYEtqR_GRFpP-2FTy-2BZdqNxu3hLB7qqEdu2vIYUf3w8H7QAX-2B5zxazf6iPEOQlI6J-2BqjMrbNftTDpMkazUKypxPuzaPKG3fW5guAQHjOYbuJRyugs5CKWU69G3YuZhAI1Q1PB2PP-2FqAcmLBsk1-2BNbsUQFcyhBt3-2Fqr7rcUQCfIMZZFfkjCDxdTMh1vIijzV3d1azSRGYblynXyVBC-2FulFZzMoMikhKGqH78kmKtBpZA7kcgWZ-2FLg-3D HTTP 302
    https://carbonated-luxuriant-maple.glitch.me/oldred.htm Page URL
  2. https://boring-gates-a0cb1c.netlify.app/alldom.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://u23324797.ct.sendgrid.net/ls/click?upn=PBG5whjwAIZofPr9hcHeXIYD3ovgw2RAlTvmoENqMNn-2BQR1WBe4xgkvvA0-2FO6wcU1ZCSzgAJvWYd0WMrSNFgXnWx6nOifQ2Per0svv16cVuy0Ze1ccC0XY6vKm1OMgrYEtqR_GRFpP-2FTy-2BZdqNxu3hLB7qqEdu2vIYUf3w8H7QAX-2B5zxazf6iPEOQlI6J-2BqjMrbNftTDpMkazUKypxPuzaPKG3fW5guAQHjOYbuJRyugs5CKWU69G3YuZhAI1Q1PB2PP-2FqAcmLBsk1-2BNbsUQFcyhBt3-2Fqr7rcUQCfIMZZFfkjCDxdTMh1vIijzV3d1azSRGYblynXyVBC-2FulFZzMoMikhKGqH78kmKtBpZA7kcgWZ-2FLg-3D HTTP 302
  • https://carbonated-luxuriant-maple.glitch.me/oldred.htm

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
oldred.htm
carbonated-luxuriant-maple.glitch.me/
Redirect Chain
  • https://u23324797.ct.sendgrid.net/ls/click?upn=PBG5whjwAIZofPr9hcHeXIYD3ovgw2RAlTvmoENqMNn-2BQR1WBe4xgkvvA0-2FO6wcU1ZCSzgAJvWYd0WMrSNFgXnWx6nOifQ2Per0svv16cVuy0Ze1ccC0XY6vKm1OMgrYEtqR_GRFpP-2FTy-2B...
  • https://carbonated-luxuriant-maple.glitch.me/oldred.htm
438 B
773 B 		Document
General
Check archive.org
Download Go to
Full URL
https://carbonated-luxuriant-maple.glitch.me/oldred.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.19.254.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-19-254-224.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
df537b6ae1e6604bf40702c937018c8d7dfc2c2a4baef3a2f0c8f38458b4c7fb

Request headers

:method
GET
:authority
carbonated-luxuriant-maple.glitch.me
:scheme
https
:path
/oldred.htm
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Mon, 04 Oct 2021 07:53:37 GMT
content-type
text/html; charset=utf-8
content-length
438
x-amz-id-2
66QxF9+nz7E/MvCJd7cckiG5AZLTQWMHEn8B6nLK2OOiCL3ES7gLlxEGoyV6YuT3LNPcy3RzZKs=
x-amz-request-id
BQBY000AAMNK4HSJ
last-modified
Fri, 01 Oct 2021 08:38:30 GMT
etag
"daa18195962c5973bd0a2a8a33435368"
cache-control
no-cache
x-amz-version-id
R46d3SRLLpyAljVEiBnkuSahlk0WZw_B
accept-ranges
bytes
server
AmazonS3

Redirect headers

Server
nginx
Date
Mon, 04 Oct 2021 07:53:36 GMT
Content-Type
text/html; charset=utf-8
Content-Length
107
Connection
keep-alive
Location
https://carbonated-luxuriant-maple.glitch.me/oldred.htm#info.balzers.cn@oerlikon.com
X-Robots-Tag
noindex, nofollow
Primary Request alldom.htm
boring-gates-a0cb1c.netlify.app/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://boring-gates-a0cb1c.netlify.app/alldom.htm
Requested by
Host: carbonated-luxuriant-maple.glitch.me
URL: https://carbonated-luxuriant-maple.glitch.me/oldred.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
206.189.58.26 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
973b70fb5d313112671077d81c12a2f4511669c3b38d7878059497faa47636c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
boring-gates-a0cb1c.netlify.app
:scheme
https
:path
/alldom.htm
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://carbonated-luxuriant-maple.glitch.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://carbonated-luxuriant-maple.glitch.me/

Response headers

cache-control
public, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8
date
Mon, 04 Oct 2021 06:57:42 GMT
etag
"72710b784b1ca2a577c189637830bbc8-ssl-df"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-nf-request-id
01FH54PFD0A4T1CPPQ170WWFHD
server
Netlify
content-encoding
gzip
age
3355
vary
Accept-Encoding
content-length
1303
style.css
boring-gates-a0cb1c.netlify.app/ 		3 KB
927 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://boring-gates-a0cb1c.netlify.app/style.css
Requested by
Host: boring-gates-a0cb1c.netlify.app
URL: https://boring-gates-a0cb1c.netlify.app/alldom.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
206.189.58.26 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
77a077645387f31d3c0c823b3f278066b382f4068011ce72e8ca43f68bb28c45
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/style.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
boring-gates-a0cb1c.netlify.app
referer
https://boring-gates-a0cb1c.netlify.app/alldom.htm
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://boring-gates-a0cb1c.netlify.app/alldom.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nf-request-id
01FH54PFKAP3VXRRGY7HMNSCF8
date
Mon, 04 Oct 2021 06:57:42 GMT
content-encoding
gzip
server
Netlify
age
3355
etag
"5d1ab4c3ebe5ac50703326f40cfe0724-ssl-df"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-length
803
smiley.gif
boring-gates-a0cb1c.netlify.app/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://boring-gates-a0cb1c.netlify.app/smiley.gif
Requested by
Host: boring-gates-a0cb1c.netlify.app
URL: https://boring-gates-a0cb1c.netlify.app/alldom.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
206.189.58.26 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
26dcc88c615d3234a871987ae9b834558ee7139d0a9a2dd77dda6db37e14d2c4

Request headers

:path
/smiley.gif
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
boring-gates-a0cb1c.netlify.app
referer
https://boring-gates-a0cb1c.netlify.app/alldom.htm
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://boring-gates-a0cb1c.netlify.app/alldom.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nf-request-id
01FH54PFKAA572D8TQP6HHXWSD
date
Mon, 04 Oct 2021 06:57:42 GMT
content-encoding
gzip
server
Netlify
age
3355
etag
1633077380-ssl-df
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
public, max-age=0, must-revalidate
content-length
1439
arrow_left.svg
boring-gates-a0cb1c.netlify.app/ 		513 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://boring-gates-a0cb1c.netlify.app/arrow_left.svg
Requested by
Host: boring-gates-a0cb1c.netlify.app
URL: https://boring-gates-a0cb1c.netlify.app/alldom.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
206.189.58.26 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/arrow_left.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
boring-gates-a0cb1c.netlify.app
referer
https://boring-gates-a0cb1c.netlify.app/alldom.htm
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://boring-gates-a0cb1c.netlify.app/alldom.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nf-request-id
01FH54PFKARMCXRMJG373EHPKV
date
Mon, 04 Oct 2021 06:57:42 GMT
server
Netlify
age
3355
etag
"9d9169bd01751ad0f7026ec26227376b-ssl"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/svg+xml
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
content-length
513
oerlikon.com
logo.clearbit.com/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logo.clearbit.com/oerlikon.com
Requested by
Host: boring-gates-a0cb1c.netlify.app
URL: https://boring-gates-a0cb1c.netlify.app/alldom.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-21.fra50.r.cloudfront.net
Software
envoy /
Resource Hash
68dff14c592807b2516d65ce36e5dddef245af9346b0780097797d36b9556d39

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://boring-gates-a0cb1c.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 10:25:15 GMT
via
1.1 45de888accabe1a1cb5a389e8c9c1e07.cloudfront.net (CloudFront)
server
envoy
age
77302
x-edge-origin-shield-skipped
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
qxNrUbUIgJavLZsiuuNXje0uaVx6JtHHv2p2gV5kAonpPBfdugflog==
pool.PNG
boring-gates-a0cb1c.netlify.app/ 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://boring-gates-a0cb1c.netlify.app/pool.PNG
Requested by
Host: boring-gates-a0cb1c.netlify.app
URL: https://boring-gates-a0cb1c.netlify.app/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
206.189.58.26 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
9ad5de4d4f58a6ded48ca76851d8beaf0cf66a7c2e17106877489b4951a28276
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/pool.PNG
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
boring-gates-a0cb1c.netlify.app
referer
https://boring-gates-a0cb1c.netlify.app/style.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://boring-gates-a0cb1c.netlify.app/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nf-request-id
01FH54PFKTYPVRMF9589AATGW1
date
Mon, 04 Oct 2021 06:58:00 GMT
server
Netlify
age
3337
etag
"ebcf7b92058a76cf85cccf61c794f89f-ssl"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
content-length
48473

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster string| feedUpdateResponse object| feedUpdateSplit number| x string| che string| em_add string| em_name string| em_domain string| em_name_only string| html_code_for_all_domain_logo

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://boring-gates-a0cb1c.netlify.app/smiley.gif
Message:
Failed to load resource: the server responded with a status of 404 ()