email.maxor.com
Open in
urlscan Pro
104.18.13.122
Malicious Activity!
Public Scan
Submission: On February 01 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on January 24th 2024. Valid for: 3 months.
This is the only time email.maxor.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 104.18.13.122 104.18.13.122 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
maxor.com
1 redirects
email.maxor.com |
18 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
9 | email.maxor.com |
1 redirects
email.maxor.com
|
8 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
maxor.com E1 |
2024-01-24 - 2024-04-23 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://email.maxor.com/fortinet/login2fa
Frame ID: 47CADAE873E6AE823F23A3E46CD44AD0
Requests: 6 HTTP requests in this frame
Frame:
https://email.maxor.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
Frame ID: 92075F7C15AEF75E47E50DC8884A3918
Requests: 2 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://email.maxor.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://email.maxor.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login2fa
email.maxor.com/fortinet/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LoginForm.css
email.maxor.com/fortinet/theme/v1.0/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LoginForm.js
email.maxor.com/fortinet/theme/v1.0/ |
1 KB 742 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
olk_logo_white.png
email.maxor.com/fortinet/theme/v1.0/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa_text_blue.png
email.maxor.com/fortinet/theme/v1.0/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sign_in_arrow.png
email.maxor.com/fortinet/theme/v1.0/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
email.maxor.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/ Frame 9207 Redirect Chain
|
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
84ea8b61babb36ca
email.maxor.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 9207 |
0 293 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| gbid function| checkSubmit function| clkLgn2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
email.maxor.com/ | Name: ASP.NET_SessionId Value: jjnlq3f5yfmg4weneqwy2sr1 |
|
.maxor.com/ | Name: cf_clearance Value: AAQ6q3gkkwIjaOsLgSKWqJGekz6_Ec1wpnj2c2jQvS8-1706794179-1-Adkw/YG+VzVXsl11DjLGZWemWMJFhUfZIju9ib1tlI2DaGhvalC+g9l5z3Gz/jSGtD6/aIZTWwSMuc8iPhUDxhA= |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15552000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
email.maxor.com
104.18.13.122
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
1335e856deaffeb4d6e61c5ca887d1fdc71438e683dfb540c3e4dd9ea99ec877
2ed8eeda990ec072e0c221e58ac8e7669c1a3e0a1bb9c4e35f8c806a72120d45
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717
966f2c55ca02bff091f38102d35e03890d1ae4e25fa46e993a01431d6674d5f2
bcacc1d6578600c1e0b213681726e1b5b3ee95d2d7ed5db0218d3e92ba1e6bed
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855