email0-bt-indexdapx.vercel.app Open in urlscan Pro
76.76.21.164 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://welshhampshiredown.co.uk/apx.php/?./a/mail.php?wsid=fce0f4e288c
Effective URL:
https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1
Submission: On November 07 via api (November 7th 2024, 5:18:00 pm UTC) from US — Scanned from FR

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 76.76.21.164, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is email0-bt-indexdapx.vercel.app.
TLS certificate: Issued by R11 on October 17th 2024. Valid for: 3 months.

This is the only time email0-bt-indexdapx.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BT (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	65.21.235.101 65.21.235.101	24940 (HETZNER-AS) (HETZNER-AS)
2	76.76.21.164 76.76.21.164	16509 (AMAZON-02) (AMAZON-02)
3	2620:1ec:29:1... 2620:1ec:29:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.26.12.205 104.26.12.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	4

1 65.21.235.101 (Helsinki, Finland) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: s25.hosting-manage.com

welshhampshiredown.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.76.21.164 (Walnut, United States)

ASN16509 (AMAZON-02, US)

email0-bt-indexdapx.vercel.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:29:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

prod-btemailauth.bt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.12.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	bt.com prod-btemailauth.bt.com — Cisco Umbrella Rank: 253345	57 KB
2	vercel.app email0-bt-indexdapx.vercel.app	3 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2041	308 B
1	welshhampshiredown.co.uk 1 redirects welshhampshiredown.co.uk	344 B
10	4

	Domain	Requested by
3	prod-btemailauth.bt.com	email0-bt-indexdapx.vercel.app prod-btemailauth.bt.com
2	email0-bt-indexdapx.vercel.app
1	api.ipify.org	email0-bt-indexdapx.vercel.app
1	welshhampshiredown.co.uk	1 redirects
10	4

This site contains no links.

Subject Issuer	Validity	Valid
*.vercel.app R11	`2024-10-17` - `2025-01-15`	3 months	crt.sh
prod-btemailauth.bt.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-08-09` - `2025-02-09`	6 months	crt.sh
ipify.org WE1	`2024-09-15` - `2024-12-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1
Frame ID: A27D70AD08E7931DAE46446F414D70A1
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Secure Authentication

Page URL History Show full URLs

https://welshhampshiredown.co.uk/apx.php/?./a/mail.php?wsid=fce0f4e288c HTTP 302
https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

10
Requests

60 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

61 kB
Transfer

68 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://welshhampshiredown.co.uk/apx.php/?./a/mail.php?wsid=fce0f4e288c HTTP 302
https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
email0-bt-indexdapx.vercel.app/
Redirect Chain

https://welshhampshiredown.co.uk/apx.php/?./a/mail.php?wsid=fce0f4e288c
https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1

6 KB
3 KB

154ms
46ms

Document
text/html

76.76.21.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e2a64f3d49f488cb4f3953a04103a578cc5a43a0adbf01d08bd3a11d40c347fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-origin: *
age: 33168
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 07 Nov 2024 17:17:51 GMT
etag: W/"7458f08bbbf5a14f2482010133c1c8e6"
last-modified: Thu, 07 Nov 2024 08:05:03 GMT
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-vercel-cache: HIT
x-vercel-id: cdg1::j2pgb-1730999871786-bbfd7b06eea1

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 07 Nov 2024 17:17:51 GMT
location: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1
server: LiteSpeed
x-powered-by: PHP/8.1.29

GET
H2 200 unified.css
prod-btemailauth.bt.com/static/content/res/stage-1/css/ 10 KB
3 KB 147ms
29ms Stylesheet
text/css 2620:1ec:29:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://prod-btemailauth.bt.com/static/content/res/stage-1/css/unified.css

Requested by

Host: email0-bt-indexdapx.vercel.app
URL: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

6c2f4d1bba9b0581e1dcb4ef1722afff74c63658d656c5dca1b3012c3f716f69

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://sdk.onfido.com https://assets.onfido.com; connect-src 'self' https://api.onfido.com https://api.us.onfido.com https://api.ca.onfido.com http://onfido.com; script-src 'self' 'unsafe-inline' https://sdk.onfido.com https://assets.onfido.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://email0-bt-indexdapx.vercel.app/

Response headers

x-cache-info: L2_T2
content-encoding: br
etag: W/"2645-192dbc84ff3"
x-fd-int-roxy-purgeid: 0
x-content-type-options: nosniff
x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
x-cache: TCP_REMOTE_HIT
date: Thu, 07 Nov 2024 17:17:52 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding, Origin
last-modified: Wed, 30 Oct 2024 04:56:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' https://sdk.onfido.com https://assets.onfido.com; connect-src 'self' https://api.onfido.com https://api.us.onfido.com https://api.ca.onfido.com http://onfido.com; script-src 'self' 'unsafe-inline' https://sdk.onfido.com https://assets.onfido.com;
cache-control: public, max-age=60, immutable
request-context: appId=cid-v1:
x-azure-ref: 20241107T171752Z-186946656b6bv8jkhC1PARwmww00000004q000000000w3zc

GET
H2 200 logo.png
prod-btemailauth.bt.com/static/content/res/stage-1/img/ 2 KB
2 KB 144ms
27ms Image
image/png 2620:1ec:29:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prod-btemailauth.bt.com/static/content/res/stage-1/img/logo.png

Requested by

Host: email0-bt-indexdapx.vercel.app
URL: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5ebc32282d33de7282b6004a68ac8b6a5efa2c6084a58548ef3a7c8e322b51c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://sdk.onfido.com https://assets.onfido.com; connect-src 'self' https://api.onfido.com https://api.us.onfido.com https://api.ca.onfido.com http://onfido.com; script-src 'self' 'unsafe-inline' https://sdk.onfido.com https://assets.onfido.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://email0-bt-indexdapx.vercel.app/

Response headers

x-cache-info: L2_T2
etag: W/"60f-192da7854e5"
x-fd-int-roxy-purgeid: 0
x-content-type-options: nosniff
x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
x-cache: TCP_REMOTE_HIT
date: Thu, 07 Nov 2024 17:17:52 GMT
content-type: image/png
last-modified: Tue, 29 Oct 2024 22:49:32 GMT
vary: Origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' https://sdk.onfido.com https://assets.onfido.com; connect-src 'self' https://api.onfido.com https://api.us.onfido.com https://api.ca.onfido.com http://onfido.com; script-src 'self' 'unsafe-inline' https://sdk.onfido.com https://assets.onfido.com;
cache-control: public, max-age=60, immutable
request-context: appId=cid-v1:
accept-ranges: bytes
content-length: 1551
x-azure-ref: 20241107T171752Z-186946656b6bv8jkhC1PARwmww00000004q000000000w3zd

GET
H2 200 / Show response
api.ipify.org/ 31 B
308 B 194ms
112ms Script
application/javascript 104.26.12.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=jsonp&callback=getIP
Requested by: Host: email0-bt-indexdapx.vercel.app
URL: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee7229a51361d39fb0b07ca8b86292932236e5bee9419e778707cc6d9406433f

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://email0-bt-indexdapx.vercel.app/

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8deefab138067848-CDG
server-timing: cfL4;desc="?proto=TCP&rtt=24243&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3968&recv_bytes=2326&delivery_rate=279369&cwnd=253&unsent_bytes=0&cid=782c00e4fd7cc05c&ts=130&x=0"
content-length: 31
date: Thu, 07 Nov 2024 17:17:52 GMT
content-type: application/javascript
vary: Origin
server: cloudflare

GET
H2 200 background.jpg
prod-btemailauth.bt.com/static/content/res/stage-1/img/ 51 KB
52 KB 33ms
31ms Image
image/jpeg 2620:1ec:29:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prod-btemailauth.bt.com/static/content/res/stage-1/img/background.jpg

Requested by

Host: prod-btemailauth.bt.com
URL: https://prod-btemailauth.bt.com/static/content/res/stage-1/css/unified.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

85502e873e3136f2e556290017fa66e9bdbca49c8d2bb2351f9a6f4ff7072f1f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://sdk.onfido.com https://assets.onfido.com; connect-src 'self' https://api.onfido.com https://api.us.onfido.com https://api.ca.onfido.com http://onfido.com; script-src 'self' 'unsafe-inline' https://sdk.onfido.com https://assets.onfido.com;
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://prod-btemailauth.bt.com/static/content/res/stage-1/css/unified.css

Response headers

x-cache-info: L2_T2
etag: W/"cc90-192e01d31db"
x-fd-int-roxy-purgeid: 0
x-content-type-options: nosniff
x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
x-cache: TCP_REMOTE_HIT
date: Thu, 07 Nov 2024 17:17:52 GMT
content-type: image/jpeg
last-modified: Thu, 31 Oct 2024 01:07:42 GMT
vary: Origin
content-security-policy: default-src 'self' https://sdk.onfido.com https://assets.onfido.com; connect-src 'self' https://api.onfido.com https://api.us.onfido.com https://api.ca.onfido.com http://onfido.com; script-src 'self' 'unsafe-inline' https://sdk.onfido.com https://assets.onfido.com;
cache-control: public, max-age=60, immutable
request-context: appId=cid-v1:
accept-ranges: bytes
content-length: 52368
x-azure-ref: 20241107T171752Z-186946656b6bv8jkhC1PARwmww00000004q000000000w3zf

GET BTCurve_W_Headline.woff2
prod-btemailauth.bt.com/static/content/res/stage-1/fonts/ 0
0

GET BTCurve_W_Rg.woff2
prod-btemailauth.bt.com/static/content/res/stage-1/fonts/ 0
0

GET BTCurve_W_Rg.woff
prod-btemailauth.bt.com/static/content/res/stage-1/fonts/ 0
0

GET BTCurve_W_Headline.woff
prod-btemailauth.bt.com/static/content/res/stage-1/fonts/ 0
0

GET
H2 404 favicon.ico
email0-bt-indexdapx.vercel.app/ 39 B
171 B 33ms
33ms Other
text/plain 76.76.21.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://email0-bt-indexdapx.vercel.app/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

91218093a08027e8f69c8051f9deef1fe6c22b278b3f6bdf761e7587cb272774

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public, max-age=0, must-revalidate
x-vercel-error: NOT_FOUND
content-length: 39
date: Thu, 07 Nov 2024 17:17:52 GMT
content-type: text/plain; charset=utf-8
server: Vercel
x-vercel-id: cdg1::24lg6-1730999872674-d8dec454c565

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: prod-btemailauth.bt.com
URL: https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Headline.woff2

Domain: prod-btemailauth.bt.com
URL: https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Rg.woff2

Domain: prod-btemailauth.bt.com
URL: https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Rg.woff

Domain: prod-btemailauth.bt.com
URL: https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Headline.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BT (Telecommunication)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getIP

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.ipify.org/?format=jsonp&callback=getIP, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
recommendation	verbose	URL: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1 Message: [DOM] Input elements should have autocomplete attributes (suggested: "username"): (More info: https://goo.gl/9p2vKq) %o
javascript	error	URL: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1 Message: Access to font at 'https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Rg.woff2' from origin 'https://email0-bt-indexdapx.vercel.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Rg.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1 Message: Access to font at 'https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Headline.woff2' from origin 'https://email0-bt-indexdapx.vercel.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Headline.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1 Message: Access to font at 'https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Headline.woff' from origin 'https://email0-bt-indexdapx.vercel.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Headline.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://email0-bt-indexdapx.vercel.app/?./a/webmail.php?wsid=fce0f4033f9542e288c094b1e837d7b1 Message: Access to font at 'https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Rg.woff' from origin 'https://email0-bt-indexdapx.vercel.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://prod-btemailauth.bt.com/static/content/res/stage-1/fonts/BTCurve_W_Rg.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://email0-bt-indexdapx.vercel.app/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
email0-bt-indexdapx.vercel.app
prod-btemailauth.bt.com
welshhampshiredown.co.uk
prod-btemailauth.bt.com
104.26.12.205
2620:1ec:29:1::45
65.21.235.101
76.76.21.164
5ebc32282d33de7282b6004a68ac8b6a5efa2c6084a58548ef3a7c8e322b51c0
6c2f4d1bba9b0581e1dcb4ef1722afff74c63658d656c5dca1b3012c3f716f69
85502e873e3136f2e556290017fa66e9bdbca49c8d2bb2351f9a6f4ff7072f1f
91218093a08027e8f69c8051f9deef1fe6c22b278b3f6bdf761e7587cb272774
e2a64f3d49f488cb4f3953a04103a578cc5a43a0adbf01d08bd3a11d40c347fe
ee7229a51361d39fb0b07ca8b86292932236e5bee9419e778707cc6d9406433f

email0-bt-indexdapx.vercel.app Open in urlscan Pro 76.76.21.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

60 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

61 kBTransfer

68 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

11 Console Messages

Security Headers

Indicators

email0-bt-indexdapx.vercel.app Open in urlscan Pro
76.76.21.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

60 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

61 kB
Transfer

68 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!