urlscan.io logo urlscan.io
SecurityTrails logo

vigorous-poitras-66335a.netlify.app Open in urlscan Pro
2a03:b0c0:3:d0::d24:2001  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://vigorous-poitras-66335a.netlify.app/index.html
Submission: On July 12 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2a03:b0c0:3:d0::d24:2001, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is vigorous-poitras-66335a.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on March 9th 2021. Valid for: a year.
This is the only time vigorous-poitras-66335a.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer) Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 2a03:b0c0:3:d... 14061 (DIGITALOC...)
1 146.59.152.166 16276 (OVH)
3 2a02:26f0:470... 20940 (AKAMAI-ASN1)
1 2a02:26f0:470... 20940 (AKAMAI-ASN1)
6 5
Domain Requested by
3 www.adobe.com vigorous-poitras-66335a.netlify.app
1 acrobat.adobe.com vigorous-poitras-66335a.netlify.app
1 i.ibb.co vigorous-poitras-66335a.netlify.app
1 vigorous-poitras-66335a.netlify.app
6 4

This site contains no links.

Subject Issuer Validity Valid
*.netlify.app
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-03-09 -
2022-03-01		 a year crt.sh
ibb.co
R3		 2021-06-07 -
2021-09-05		 3 months crt.sh
*.adobe.com
DigiCert SHA2 Secure Server CA		 2021-02-02 -
2022-02-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://vigorous-poitras-66335a.netlify.app/index.html
Frame ID: 2E5BF9BF8AD818C1FE57E92FAEFF0501
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^Netlify/i

Page Statistics

6
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

374 kB
Transfer

490 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
vigorous-poitras-66335a.netlify.app/ 		134 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vigorous-poitras-66335a.netlify.app/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:d0::d24:2001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
eb41de1226447bdde98ab434ff0f2c9de1402511e1d8c992d9958840398b2102
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
vigorous-poitras-66335a.netlify.app
:scheme
https
:path
/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control
public, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8
date
Mon, 12 Jul 2021 11:18:11 GMT
etag
"97913af0e52c919f911fc2eafe9ffcf3-ssl-df"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-nf-request-id
01FAD70NYV1SBJ2V36TWQBB11M
vary
Accept-Encoding
age
0
server
Netlify
content-encoding
br
Sp-pdf.png
i.ibb.co/pjmNLPq/ 		250 KB
251 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ibb.co/pjmNLPq/Sp-pdf.png
Requested by
Host: vigorous-poitras-66335a.netlify.app
URL: https://vigorous-poitras-66335a.netlify.app/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.59.152.166 , France, ASN16276 (OVH, FR),
Reverse DNS
i.ibb.co
Software
nginx /
Resource Hash
bdf280c5c5ce28301ca23c34cb41364cdab4f209d2b0c54e821fa2148156a1f1

Request headers

Referer
https://vigorous-poitras-66335a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Jul 2021 11:18:12 GMT
last-modified
Mon, 07 Jun 2021 20:46:29 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
256300
expires
Thu, 31 Dec 2037 23:55:55 GMT
reader_appicon_64_grayscale.svg
www.adobe.com/content/dam/cc/icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.adobe.com/content/dam/cc/icons/reader_appicon_64_grayscale.svg
Requested by
Host: vigorous-poitras-66335a.netlify.app
URL: https://vigorous-poitras-66335a.netlify.app/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::210:212 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
9230da5f772be28c14be3514f40202d21411043f1ec645b8537bc56e2b9a884b
Security Headers
Name Value
Strict-Transport-Security max-age=86400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://vigorous-poitras-66335a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
x-adobe-source
128.104
content-length
818
last-modified
Fri, 02 Jul 2021 10:57:06 GMT
server
Apache
x-adobe-loc
ew1
x-frame-options
SAMEORIGIN
date
Mon, 12 Jul 2021 11:18:12 GMT
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=21600
x-adobe-content
AEM-cc
accept-ranges
bytes
expires
Mon, 12 Jul 2021 17:18:12 GMT
ps_appicon_64_grayscale.svg
www.adobe.com/content/dam/cc/icons/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.adobe.com/content/dam/cc/icons/ps_appicon_64_grayscale.svg
Requested by
Host: vigorous-poitras-66335a.netlify.app
URL: https://vigorous-poitras-66335a.netlify.app/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::210:212 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
75e4e867bef3d0e977272164067fd066cefc93dc1c261591e363079876686193
Security Headers
Name Value
Strict-Transport-Security max-age=86400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://vigorous-poitras-66335a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
x-adobe-source
128.89
content-length
1085
last-modified
Fri, 02 Jul 2021 10:57:06 GMT
server
Apache
x-adobe-loc
ew1
x-frame-options
SAMEORIGIN
date
Mon, 12 Jul 2021 11:18:12 GMT
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=21600
x-adobe-content
AEM-cc
accept-ranges
bytes
expires
Mon, 12 Jul 2021 17:18:12 GMT
ai_appicon_64_grayscale.svg
www.adobe.com/content/dam/cc/icons/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.adobe.com/content/dam/cc/icons/ai_appicon_64_grayscale.svg
Requested by
Host: vigorous-poitras-66335a.netlify.app
URL: https://vigorous-poitras-66335a.netlify.app/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::210:212 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
bb3fb150a7d742a50c5a496192ef7f3b400babe44d7c10b2b821ecbb383e204e
Security Headers
Name Value
Strict-Transport-Security max-age=86400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://vigorous-poitras-66335a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
x-adobe-source
128.121
content-length
815
last-modified
Fri, 02 Jul 2021 10:57:06 GMT
server
Apache
x-adobe-loc
ew1
x-frame-options
SAMEORIGIN
date
Mon, 12 Jul 2021 11:18:12 GMT
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=21600
x-adobe-content
AEM-cc
accept-ranges
bytes
expires
Mon, 12 Jul 2021 17:18:12 GMT
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2f71bea7601b970d07eea91af38bcee8b1c9fc197b5f85cbe9bae3b9f2b705c5

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/jpeg
dc-identity.jpg
acrobat.adobe.com/content/dam/dx-dc/images/ 		96 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://acrobat.adobe.com/content/dam/dx-dc/images/dc-identity.jpg
Requested by
Host: vigorous-poitras-66335a.netlify.app
URL: https://vigorous-poitras-66335a.netlify.app/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:4700:183::11e2 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
58ea58c363cec45f221d73adc970cbf5ad435a90071de1dd59a980d6098b3a4a
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.adobe.com
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://vigorous-poitras-66335a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
frame-ancestors *.adobe.com
last-modified
Thu, 01 Jul 2021 09:33:31 GMT
server
Apache
x-adobe-loc
ew1
etag
W/"181a9-5c60c884471d5"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
https://www.adobe.com
cache-control
public, max-age=900
date
Mon, 12 Jul 2021 11:18:12 GMT
x-adobe-content
AEM
accept-ranges
bytes
content-length
98729
expires
Mon, 12 Jul 2021 11:33:12 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer) Generic Email (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload