urlscan.io logo urlscan.io
SecurityTrails logo

email.maxor.com Open in urlscan Pro
104.18.13.122  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://email.maxor.com/fortinet/login2fa
Submission: On February 01 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 104.18.13.122, located in and belongs to CLOUDFLARENET, US. The main domain is email.maxor.com.
TLS certificate: Issued by E1 on January 24th 2024. Valid for: 3 months.
This is the only time email.maxor.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
1 9 104.18.13.122 13335 (CLOUDFLAR...)
8 1
Apex Domain
Subdomains		 Transfer
9 maxor.com
email.maxor.com
18 KB
8 1
Domain Requested by
9 email.maxor.com 1 redirects email.maxor.com
8 1

This site contains no links.

Subject Issuer Validity Valid
maxor.com
E1		 2024-01-24 -
2024-04-23		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://email.maxor.com/fortinet/login2fa
Frame ID: 47CADAE873E6AE823F23A3E46CD44AD0
Requests: 6 HTTP requests in this frame

Frame: https://email.maxor.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
Frame ID: 92075F7C15AEF75E47E50DC8884A3918
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Outlook Web App

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

18 kB
Transfer

27 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://email.maxor.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://email.maxor.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login2fa
email.maxor.com/fortinet/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://email.maxor.com/fortinet/login2fa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.122 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET ARR/3.0 ASP.NET
Resource Hash
966f2c55ca02bff091f38102d35e03890d1ae4e25fa46e993a01431d6674d5f2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
private
cf-cache-status
DYNAMIC
cf-ray
84ea8b61babb36ca-YYZ
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 01 Feb 2024 13:29:39 GMT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
x-aspnet-version
4.0.30319
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
ASP.NET ARR/3.0 ASP.NET
LoginForm.css
email.maxor.com/fortinet/theme/v1.0/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://email.maxor.com/fortinet/theme/v1.0/LoginForm.css
Requested by
Host: email.maxor.com
URL: https://email.maxor.com/fortinet/login2fa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.122 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET, ARR/3.0, ASP.NET
Resource Hash
bcacc1d6578600c1e0b213681726e1b5b3ee95d2d7ed5db0218d3e92ba1e6bed
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://email.maxor.com/fortinet/login2fa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Thu, 01 Feb 2024 13:29:39 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Tue, 02 Jan 2018 15:32:18 GMT
server
cloudflare
content-encoding
gzip
etag
W/"0ad86dfde83d31:0"
x-powered-by
ASP.NET, ARR/3.0, ASP.NET
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
cf-ray
84ea8b633c8636ca-YYZ
expires
Thu, 01 Feb 2024 17:29:39 GMT
LoginForm.js
email.maxor.com/fortinet/theme/v1.0/ 		1 KB
742 B 		Script
General
Check archive.org
Download Go to
Full URL
https://email.maxor.com/fortinet/theme/v1.0/LoginForm.js
Requested by
Host: email.maxor.com
URL: https://email.maxor.com/fortinet/login2fa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.122 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET, ARR/3.0, ASP.NET
Resource Hash
2ed8eeda990ec072e0c221e58ac8e7669c1a3e0a1bb9c4e35f8c806a72120d45
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://email.maxor.com/fortinet/login2fa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Thu, 01 Feb 2024 13:29:39 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Tue, 02 Jan 2018 15:32:18 GMT
server
cloudflare
content-encoding
gzip
etag
W/"0ad86dfde83d31:0"
x-powered-by
ASP.NET, ARR/3.0, ASP.NET
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
84ea8b633c8836ca-YYZ
expires
Thu, 01 Feb 2024 17:29:39 GMT
olk_logo_white.png
email.maxor.com/fortinet/theme/v1.0/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://email.maxor.com/fortinet/theme/v1.0/olk_logo_white.png
Requested by
Host: email.maxor.com
URL: https://email.maxor.com/fortinet/login2fa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.122 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET, ARR/3.0, ASP.NET
Resource Hash
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://email.maxor.com/fortinet/login2fa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Thu, 01 Feb 2024 13:29:39 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET, ARR/3.0, ASP.NET
content-length
2503
last-modified
Tue, 02 Jan 2018 15:32:18 GMT
server
cloudflare
etag
"0ad86dfde83d31:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
84ea8b634c8936ca-YYZ
expires
Thu, 01 Feb 2024 17:29:39 GMT
owa_text_blue.png
email.maxor.com/fortinet/theme/v1.0/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://email.maxor.com/fortinet/theme/v1.0/owa_text_blue.png
Requested by
Host: email.maxor.com
URL: https://email.maxor.com/fortinet/login2fa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.122 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET, ARR/3.0, ASP.NET
Resource Hash
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://email.maxor.com/fortinet/login2fa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Thu, 01 Feb 2024 13:29:39 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET, ARR/3.0, ASP.NET
content-length
5856
last-modified
Tue, 02 Jan 2018 15:32:18 GMT
server
cloudflare
etag
"0ad86dfde83d31:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
84ea8b634c8b36ca-YYZ
expires
Thu, 01 Feb 2024 17:29:39 GMT
Sign_in_arrow.png
email.maxor.com/fortinet/theme/v1.0/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://email.maxor.com/fortinet/theme/v1.0/Sign_in_arrow.png
Requested by
Host: email.maxor.com
URL: https://email.maxor.com/fortinet/login2fa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.122 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET, ARR/3.0, ASP.NET
Resource Hash
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://email.maxor.com/fortinet/login2fa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Thu, 01 Feb 2024 13:29:39 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET, ARR/3.0, ASP.NET
content-length
1441
last-modified
Tue, 02 Jan 2018 15:32:18 GMT
server
cloudflare
etag
"0ad86dfde83d31:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
84ea8b64be3a36ca-YYZ
expires
Thu, 01 Feb 2024 17:29:39 GMT
main.js
email.maxor.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/ Frame 9207
Redirect Chain
  • https://email.maxor.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://email.maxor.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://email.maxor.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
Requested by
Host: email.maxor.com
URL: https://email.maxor.com/fortinet/login2fa
Protocol
H2
Server
104.18.13.122 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1335e856deaffeb4d6e61c5ca887d1fdc71438e683dfb540c3e4dd9ea99ec877
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Thu, 01 Feb 2024 13:29:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
server
cloudflare
vary
accept-encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
84ea8b651ec136ca-YYZ

Redirect headers

date
Thu, 01 Feb 2024 13:29:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
server
cloudflare
vary
accept-encoding
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
cache-control
max-age=300, public
cf-ray
84ea8b64fe8e36ca-YYZ
84ea8b61babb36ca
email.maxor.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 9207 		0
293 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://email.maxor.com/cdn-cgi/challenge-platform/h/b/jsd/r/84ea8b61babb36ca
Requested by
Host: email.maxor.com
URL: https://email.maxor.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.122 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 01 Feb 2024 13:29:39 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
cloudflare
cf-ray
84ea8b66484c36ca-YYZ
content-type
text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| gbid function| checkSubmit function| clkLgn

2 Cookies

Domain/Path Name / Value
email.maxor.com/ Name: ASP.NET_SessionId
Value: jjnlq3f5yfmg4weneqwy2sr1
.maxor.com/ Name: cf_clearance
Value: AAQ6q3gkkwIjaOsLgSKWqJGekz6_Ec1wpnj2c2jQvS8-1706794179-1-Adkw/YG+VzVXsl11DjLGZWemWMJFhUfZIju9ib1tlI2DaGhvalC+g9l5z3Gz/jSGtD6/aIZTWwSMuc8iPhUDxhA=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN