messaging.apps.securedownload.sita.aero Open in urlscan Pro
57.191.0.246 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://messaging.apps.securedownload.sita.aero/
Submission: On December 18 via automatic, source certstream-suspicious (December 18th 2020, 3:17:06 pm UTC)

Summary HTTP 9 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 57.191.0.246, located in Germany and belongs to SITA-ATICLOUD-FRA, BE. The main domain is messaging.apps.securedownload.sita.aero.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on December 13th 2019. Valid for: a year.

This is the only time messaging.apps.securedownload.sita.aero was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
9	57.191.0.246 57.191.0.246		198912 (SITA-ATIC...) (SITA-ATICLOUD-FRA)
9	1

9 57.191.0.246 (Germany)

ASN198912 (SITA-ATICLOUD-FRA, BE)

messaging.apps.securedownload.sita.aero	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	sita.aero messaging.apps.securedownload.sita.aero	197 KB
9	1

	Domain	Requested by
9	messaging.apps.securedownload.sita.aero	messaging.apps.securedownload.sita.aero
9	1

This site contains no links.

Subject Issuer	Validity	Valid
messaging.apps.securedownload.sita.aero DigiCert SHA2 Secure Server CA	`2019-12-13` - `2021-01-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://messaging.apps.securedownload.sita.aero/
Frame ID: 76E65AC1602DD09A46B72EF68D271EF5
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

197 kB
Transfer

379 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response messaging.apps.securedownload.sita.aero/	4 KB 2 KB	497ms 347ms	Document text/html	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 , Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / PHP/7.1.24 Resource Hash `a0d351b4994eb2554100febf0f3a40c0688e87e94ea099408fcf6da66ec7ae06` Request headers :method GET :authority messaging.apps.securedownload.sita.aero :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers cache-control no-cache, private content-type text/html; charset=UTF-8 content-encoding gzip vary Accept-Encoding server Microsoft-IIS/10.0 x-powered-by PHP/7.1.24 x-ratelimit-limit 60 x-ratelimit-remaining 59 access-control-allow-origin * access-control-allow-methods POST, GET, OPTIONS, PUT, PATCH, DELETE access-control-allow-headers Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers set-cookie XSRF-TOKEN=eyJpdiI6IlA4cnlGUVwvR3UwTHl3NlpQZTEwXC9Udz09IiwidmFsdWUiOiJFcDdtUG8wM3QyMXROY3F5TFFMNnk3MzlDdHh4T2hVSG1TeHppSTh1Unl1NUM5UFd5M0M5Zk1aV3pRZ1hcL2NORiIsIm1hYyI6IjM1MzA1NTE3YjhhZjFlYWMyYWI5OWM3YThmMjEzY2JiZjNjMjYwMzljMGNjNTkwMDljZWY5MjVhNjBmZGY1ZTAifQ%3D%3D; expires=Fri, 18-Dec-2020 17:16:49 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6ImVRdjJFVEhtQ2NlVDRkUEY2WWs1dHc9PSIsInZhbHVlIjoiaVlBWFwvdnlQUnNENTlYNlwvMHhKVEZTSU1ad1dvWm5UNlZZTUtvR1dSd3hMS3JaXC9HRXNCVXF3TXgxRWxKSHRpeiIsIm1hYyI6IjIwNDBmODI3NTMxOGZhOGE4OTFmZjM2ZDNmZWQ3OTdkZjk2YmM5Y2QxYzk0Y2FiM2M0NjFiMzg4MjI4YThjNmYifQ%3D%3D; expires=Fri, 18-Dec-2020 17:16:49 GMT; Max-Age=7200; path=/; httponly date Fri, 18 Dec 2020 15:16:48 GMT content-length 1602
GET H2	200	bootstrap.min.css messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/bootstrap/css/	115 KB 26 KB	155ms 153ms	Stylesheet text/css	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/bootstrap/css/bootstrap.min.css Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 , Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `3e87d3d57efc7a94f0cc73fe3eccd5730359a6292014b882c0008fe4c377dbd3` Request headers Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Dec 2020 15:16:49 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:41:25 GMT server Microsoft-IIS/10.0 etag "8080f2a51e8bd41:0" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 26873
GET H2	200	jquery-1.11.1.min.js Show response messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/jquery/js/	94 KB 42 KB	125ms 123ms	Script application/javascript	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/jquery/js/jquery-1.11.1.min.js Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 , Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef` Request headers Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Dec 2020 15:16:49 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:41:26 GMT server Microsoft-IIS/10.0 etag "0178ba61e8bd41:0" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 42752
GET H2	200	groovel_users.js Show response messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/groovel/admin/js/	24 KB 6 KB	77ms 75ms	Script application/javascript	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/groovel/admin/js/groovel_users.js Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 , Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `5bcc4f7f69afd13910fed7480405ac267951917e4e26e7c03e1e778851f69696` Request headers Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Dec 2020 15:16:49 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:41:26 GMT server Microsoft-IIS/10.0 etag "0178ba61e8bd41:0" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 5790
GET H2	200	style.css messaging.apps.securedownload.sita.aero/sita/css/	715 B 601 B	48ms 47ms	Stylesheet text/css	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/sita/css/style.css Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 , Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `4fb1b28716df748bca2b1b072b1875f1c5c90e3eeb4db8e225817909df00e24c` Request headers Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Dec 2020 15:16:48 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:51:49 GMT server Microsoft-IIS/10.0 etag "8058e119208bd41:0" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 510
GET H2	200	font-awesome.min.css messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/css/	30 KB 8 KB	72ms 71ms	Stylesheet text/css	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/css/font-awesome.min.css Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 , Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c` Request headers Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Dec 2020 15:16:49 GMT content-encoding gzip last-modified Mon, 03 Dec 2018 15:41:26 GMT server Microsoft-IIS/10.0 etag "0178ba61e8bd41:0" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 8332
GET H2	200	logo.png messaging.apps.securedownload.sita.aero/sita/images/	21 KB 21 KB	56ms 56ms	Image image/png	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Show image Full URL https://messaging.apps.securedownload.sita.aero/sita/images/logo.png Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 , Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `b9f9559caa0fecbfd9561c0429587d95a7f5d842f590dfdba669db992a0f4430` Request headers Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Dec 2020 15:16:49 GMT last-modified Mon, 03 Dec 2018 15:51:49 GMT server Microsoft-IIS/10.0 accept-ranges bytes etag "8058e119208bd41:0" content-length 21481 content-type image/png
GET H2	200	deco.jpg messaging.apps.securedownload.sita.aero/sita/images/	15 KB 15 KB	56ms 56ms	Image image/jpeg	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Show image Full URL https://messaging.apps.securedownload.sita.aero/sita/images/deco.jpg Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 , Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `9578820980ebba1545efcea705a966a5507a6430270222051793eea141d8c824` Request headers Referer https://messaging.apps.securedownload.sita.aero/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Dec 2020 15:16:49 GMT last-modified Mon, 03 Dec 2018 15:51:49 GMT server Microsoft-IIS/10.0 accept-ranges bytes etag "8058e119208bd41:0" content-length 15607 content-type image/jpeg
GET H2	200	fontawesome-webfont.woff2 messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/fonts/	75 KB 75 KB	58ms 58ms	Font application/font-woff2	57.191.0.246 SITA-ATICLOUD-FRA
General Check archive.org Show headers Download Go to Full URL https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: messaging.apps.securedownload.sita.aero URL: https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/css/font-awesome.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 57.191.0.246 , Germany, ASN198912 (SITA-ATICLOUD-FRA, BE), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe` Request headers Origin https://messaging.apps.securedownload.sita.aero Referer https://messaging.apps.securedownload.sita.aero/groovel/cmsgroovel/font-awesome-4.7.0/css/font-awesome.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 18 Dec 2020 15:16:49 GMT last-modified Mon, 03 Dec 2018 15:41:26 GMT server Microsoft-IIS/10.0 accept-ranges bytes etag "0178ba61e8bd41:0" content-length 77160 content-type application/font-woff2

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| validateUser function| postPicture function| postUser2 function| postUser function| DeleteUser function| SaveUser function| EditUser function| ActivateUser function| NotActivateUser function| EditUserRole function| DeleteUserRole function| ViewUser function| EditUserProfile

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			messaging.apps.securedownload.sita.aero/	1970-01-19 14:45:11	Name: laravel_session Value: eyJpdiI6ImVRdjJFVEhtQ2NlVDRkUEY2WWs1dHc9PSIsInZhbHVlIjoiaVlBWFwvdnlQUnNENTlYNlwvMHhKVEZTSU1ad1dvWm5UNlZZTUtvR1dSd3hMS3JaXC9HRXNCVXF3TXgxRWxKSHRpeiIsIm1hYyI6IjIwNDBmODI3NTMxOGZhOGE4OTFmZjM2ZDNmZWQ3OTdkZjk2YmM5Y2QxYzk0Y2FiM2M0NjFiMzg4MjI4YThjNmYifQ%3D%3D
			messaging.apps.securedownload.sita.aero/	1970-01-19 14:45:11	Name: XSRF-TOKEN Value: eyJpdiI6IlA4cnlGUVwvR3UwTHl3NlpQZTEwXC9Udz09IiwidmFsdWUiOiJFcDdtUG8wM3QyMXROY3F5TFFMNnk3MzlDdHh4T2hVSG1TeHppSTh1Unl1NUM5UFd5M0M5Zk1aV3pRZ1hcL2NORiIsIm1hYyI6IjM1MzA1NTE3YjhhZjFlYWMyYWI5OWM3YThmMjEzY2JiZjNjMjYwMzljMGNjNTkwMDljZWY5MjVhNjBmZGY1ZTAifQ%3D%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

messaging.apps.securedownload.sita.aero
57.191.0.246
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3e87d3d57efc7a94f0cc73fe3eccd5730359a6292014b882c0008fe4c377dbd3
4fb1b28716df748bca2b1b072b1875f1c5c90e3eeb4db8e225817909df00e24c
5bcc4f7f69afd13910fed7480405ac267951917e4e26e7c03e1e778851f69696
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef
9578820980ebba1545efcea705a966a5507a6430270222051793eea141d8c824
a0d351b4994eb2554100febf0f3a40c0688e87e94ea099408fcf6da66ec7ae06
b9f9559caa0fecbfd9561c0429587d95a7f5d842f590dfdba669db992a0f4430