613711.selcdn.ru Open in urlscan Pro
2a00:ab00:0:12::235 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://protect-us.mimecast.com/s/64wgCJ6RP6CgKvk3cLS6fs?domain=u23936123.ct.sendgrid.net
Effective URL:
https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com
Submission: On November 04 via manual (November 4th 2021, 2:00:56 pm UTC) from IN — Scanned from US

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 7 HTTP transactions. The main IP is 2a00:ab00:0:12::235, located in Russian Federation and belongs to SELECTEL, RU. The main domain is 613711.selcdn.ru.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on November 26th 2020. Valid for: a year.

This is the only time 613711.selcdn.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 2	205.139.111.117 205.139.111.117	3561 (CENTURYLI...) (CENTURYLINK-LEGACY-SAVVIS)
1 1	167.89.118.35 167.89.118.35	11377 (SENDGRID) (SENDGRID)
3	2a00:ab00:0:1... 2a00:ab00:0:12::235	49505 (SELECTEL) (SELECTEL)
1	173.208.219.13 173.208.219.13	32097 (WII) (WII)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
1 2	13.226.37.126 13.226.37.126	16509 (AMAZON-02) (AMAZON-02)
1	13.225.210.119 13.225.210.119	16509 (AMAZON-02) (AMAZON-02)
7	6

2 205.139.111.117 (United States) 2 redirects

ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US)
PTR: us-api.mimecast.com

protect-us.mimecast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.89.118.35 (Las Vegas, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net

u23936123.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:ab00:0:12::235 (Russian Federation)

ASN49505 (SELECTEL, RU)

613711.selcdn.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.208.219.13 (United States)

ASN32097 (WII, US)
PTR: angle.excellentfixmemory.us

www.pngitem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.37.126 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-226-37-126.ewr53.r.cloudfront.net

logo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.210.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-119.ewr50.r.cloudfront.net

image.thum.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	selcdn.ru 613711.selcdn.ru	121 KB
2	clearbit.com 1 redirects logo.clearbit.com	10 KB
2	mimecast.com 2 redirects protect-us.mimecast.com	4 KB
1	thum.io image.thum.io	321 KB
1	jquery.com code.jquery.com	83 KB
1	pngitem.com www.pngitem.com	55 KB
1	sendgrid.net 1 redirects u23936123.ct.sendgrid.net	284 B
7	7

	Domain	Requested by
3	613711.selcdn.ru	613711.selcdn.ru
2	logo.clearbit.com	1 redirects 613711.selcdn.ru
2	protect-us.mimecast.com	2 redirects
1	image.thum.io	613711.selcdn.ru
1	code.jquery.com	613711.selcdn.ru
1	www.pngitem.com	613711.selcdn.ru
1	u23936123.ct.sendgrid.net	1 redirects
7	7

This site contains no links.

Subject Issuer	Validity	Valid
*.selcdn.ru RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2020-11-26` - `2021-12-27`	a year	crt.sh
pngitem.com R3	`2021-08-09` - `2021-11-07`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
thum.io Amazon	`2020-12-07` - `2022-01-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com
Frame ID: 953DB0B243F3313737ABB96D7697AABB
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Webmail Portal Access - benefitstreetpartners.com

Page URL History Show full URLs

https://protect-us.mimecast.com/s/64wgCJ6RP6CgKvk3cLS6fs?domain=u23936123.ct.sendgrid.net HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVtmS27gV_RWPnrvbWAiAdE0Sa2mt1C5qS6e6iIUiJW7iIoma8r8HUntitz2p5ME... HTTP 307
https://u23936123.ct.sendgrid.net/ls/click?upn=2hdJ4-2BbLF8IDRQWkKykbAy91lI70RIm7N853waFOUvg-2Byi3vDiiEY5LNH7J... HTTP 302
https://613711.selcdn.ru/gene-page/r.html?email=j.feng@benefitstreetpartners.com Page URL
https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com Page URL

Page Statistics

7
Requests

86 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

589 kB
Transfer

801 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://protect-us.mimecast.com/s/64wgCJ6RP6CgKvk3cLS6fs?domain=u23936123.ct.sendgrid.net HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVtmS27gV_RWPnrvbWAiAdE0Sa2mt1C5qS6e6iIUiJW7iIoma8r8HUntitz2p5MEvpHA3HJ17ccA_aplIi9qn2v7JU_HuM1ex8oIiLzKlitTNilhl-ZNIotpDLUxE7RN8qGVKqCAtiiBSek0xBQgZBgEAaJ-uhR5qblG4wg9iL9Gl_3j5uo5UXOQvtU__1BYvCNXIjZRevtR4Iqun4lK81B5earnvwrvV5EIqS7lIUsQMDwHAuYGQZMI1LCiFB7FpcOT9mYUIfavmEkEhMA3T48xEugZgHDETEsGIh4Xh6SfhlDOudITFIXENg5uIKOxCj93rRZLciyklADWRgZklLRMLACAhRBhQSUUlJffgLEmK-a8GoOldVOkbQYXS5HxMQzeI3_5tcL05DEzQl4cf2SwyN86jIM-DJH5SUfieVc6o5UFTQsWlVIooxizGpN7dYIbSkA0kXIDRj6xCIRiU2gMlsJQUHAgIPOwh7mHAdCVOTKBbIjAWnkUlt6TrQcN1TcUtwyLvWJUS68EBWBOipMmYawiBJHIVwxgiAv6K1V8D4HtWI5Xn7k69fMw8YSL0mBcl50p-zzBhBvmZ4fu8-kX0nll9BDyGlTKwiRmiykOC6WYjwxISGZJanGo7gz8yaymmGIIcUIsKDygKhCmBtBiGBBsYY6mIASU1DGQSqUxXR1HGTEMPk4s5fsesUEABbnIsDaUwJbqXencIKJM6BfO_YvbXAPh5XjVD4btxRYiaX_71RWuJDLSK3HSnF-tVGkjtNbV-8FzrByDa5GqxqTWdeZ2YdWgxHeXeE5q-EgdnZr8Z9IhrW10IvcwjN_f1CunjhSAyLVPo8-EpCpGWKE9KPWn6ZBKkJ95yEb-lxDLTGTE2CGWmFRD9lt7Oz6VfVRVRnhQnHufu0T1C9DUIJIGXqcLPCn-X5crDn1XkBuFXkcxLvtcVR0kReIFwbwB_--3D_6GuRVQMkzLWRNTKvFBZZNVudIifaLgJ9jdl1TQGafCdsMZ_Dmlb7_jwoa-8N4G8g7w7_heYe7hMorvY3Kb9vwe-NVPlt_4RigjGFoBvtH6D-B9Edwgf5io7qewHTL-qAz9if-8I0ruRgCcMnyh-QsbbYfSTvLh70vjgpZ53eErKgt-68XjPz1Usd1kgn2Kl4768dWuUSH3_1QC4NSpI9c_v62pblO9uvNR-t9no9Aiu6RQccQtbBm9f8sb5c5BHRSoBgjiFkTzDd9v8_VbgTZ-K_DbUOg5CYACqSYZaVLS_zELt8YsizT-9fHz5WCJsYT3t-EkU7zF_DPOXjyIMxOEfZRr_DfmybzyiBrfbZq81m64Og-rA65UFwx4Ds17ERibBZ7c9dk47HVcF-NQKgucNsUdd1m_s5XQXOJ0Z3y-KC7FSWTaNSMcNVbYbxnWrGoh5aG-7xSyzxglqjUdMkObA7wynOqqw2dVu002XR7BIX43Bvi_Dc-WEE8s9V-hakrrJsmyzbx5pdqDn4a6-PZyzPb6wat03E0y5cpx0hXoh0uUgH5dxa7sjp2hbf0TtwWxAV_3utDGpL5edoo8u--Lc2K463a6OJmcHREezZyfZEOi137TC-a7vkEOwaTd1-rwF0tRuJtGk79c7RrQfuvtJoh3rvg6fmPZ4WF5na-rsOUw6oaMoHdTp_hg4OmbDNn1jGS6tpaaq7yVOo903D1ud-By1XR3gZiO51-9nczS8MYsmpKrzTmpcbTOIG2O562mvLRazg8uyyAF1m_mjxgl03L5Bz4vBLFu0mjlhvaa9ja62NQh0lQMdTNJDVOnU8KiaEzlzlunSY_YN8Wm43OB0dutPSbKNvnPrMM4KGO-KZNReUxwtttvxhhQ9CXMPzS7I71UKuHJyXT7vGzewwx070GrlUbvuVcu-2Vk_x03MN_BUT9ogqfR9t-6kw-m-Wg9gj4Y3JnKlnzfKWvVVg7aBsYkP1spfRl7_vLfkdTfvP9fvnGWB8LnKhhtkXNygDNJuNkt7AxJOnv3B3skMtCWOO--krNu4-LNnXrg70-7NV5tRywwuworhIJh26163QC2fHIDj3ZjYTzcrB6J2awJsvLWni2WfbA9SeyKnPsoZNtYzvWjH1brse2waJUM4Pm0rf5sVtieJ0E6q8cth0tifJ7Pd-gqtTejt1Pqszasp94eFnDjVZBpQESU7YRyqtDheF7btHMlyu-yW0eQyXgO_ZJuLb7nhoVijqBttO-euvT8PRhd-iYPRoHuc0lm2Rqt5fXAhtLrMymsCQN89LUGjuSTx5bip7DJwxTh99oOse9hRdZzYI97roG2hcVboMNusj6e2Rta-tBa71UaWVX_jOsvID3HUnffnjl8sGttrOjlGbVzK1qYisM63ZD8-dfarfhjpsaB5w3Wnk7CCBb_0NuOLRwawDA8xrrPFvj09kEYMtvPLWpRwuIXjm_jfLuXdq3hUr2UO4CuBrydJ4CMkr9-urdev8gVf8evX2-1RC-cjhYxSg1hEF9qVd7VciPPj4djNh6_j8fB0XjRXwlFn7Rc6MYlUJt509_2dqHZvXwJplhT6w-KxzJ9uHyTCzYv7_frl30qDBSU HTTP 307
https://u23936123.ct.sendgrid.net/ls/click?upn=2hdJ4-2BbLF8IDRQWkKykbAy91lI70RIm7N853waFOUvg-2Byi3vDiiEY5LNH7JBjdQgiUGRbjTtx59pduC4m-2BMergMnA9yKcSlLZHtRr9Oo2DON7c5CKhGMQ-2BtL7zLF6YHbm1tp_4KjJdlwyUlP9awy2zu5A87rrYjCq6rk6wMgAZkwrj3x7yXJ8o36beUUpW2Il2-2B1bOunDZg5vmZA-2FKRK6WJHQBPAVVGtJ2xjtwBZWGHH-2B5wU0mq8ILorM0-2BhC9lSgJU5kiYFC-2FSD0ppLComPJhAG4mjMajPo-2FXJ-2BP8LOMuzRX6Ujb1oGlUe66KA6jqiU-2FY7YJ4VlV9VY5LJfoUBFJ8kZ-2BEmFa-2FarNdj-2FE8NMg-2B2P5yAbGp4zL8inBOdgI-2FLcTRka7rmU0AL7hNBv0GaJ46wTKRrTDCs57ICLZmzL9Ki-2Bk6KPpkmy-2FlqeCPdRUVpVf7L-2BPvMVY3pRm-2Bu5rY35cA1nrt1ngtoNFX63mTZZOY5tId1sf2Rx2hIye0adPzVEjB-2FEMg7k6yWf6LAfyVJ8GXEnC3bY1vAoF0oy837XGpMQjyXK1I6l-2FYse-2FJ-2BDAWB6F04Ynk9WhVmfJwj9dzgSJEAU-2FYrichberMY24xaiuipHrRpIK5lPEhKjUr42Z5UaSGp7HBxhREbtag8LISWYND8ixc9n1KiQHAfHt2Dh5k0Ufy-2FjQYWU12FDP0L3ZLQTVJ5Zkd-2FmUANs734XR-2FFnyXuJf7QmoM1OvZyhZrtLfd5c-2F6-2BdMoBjwPRgXz19YlfgeXw-2BWQbhMtdPUyPQi6cmogc4kyptqzTLLUq5VZVHumPxOX0hu7Yxh9alktX2mHmZGwHLjwKNxbxniNKHqQ6RrX2WSAKx56yxRuzo00JavV0BCV5nxqYyLuiacOpEhirHkg6eqPLNbIG2Zt-2Fy2kRYXqvFw-2FxDTgWYduyJYaUVmhl3mHSJSUhtTBZzpPqmF3udDYy51AbZ5jOvGjWJlmA1n6sBaaQPly1tbxIYOxf5K1ulkn3A7TjFQk5Bn0ZSxXcu1MZ1O HTTP 302
https://613711.selcdn.ru/gene-page/r.html?email=j.feng@benefitstreetpartners.com Page URL
https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://protect-us.mimecast.com/s/64wgCJ6RP6CgKvk3cLS6fs?domain=u23936123.ct.sendgrid.net HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVtmS27gV_RWPnrvbWAiAdE0Sa2mt1C5qS6e6iIUiJW7iIoma8r8HUntitz2p5MEvpHA3HJ17ccA_aplIi9qn2v7JU_HuM1ex8oIiLzKlitTNilhl-ZNIotpDLUxE7RN8qGVKqCAtiiBSek0xBQgZBgEAaJ-uhR5qblG4wg9iL9Gl_3j5uo5UXOQvtU__1BYvCNXIjZRevtR4Iqun4lK81B5earnvwrvV5EIqS7lIUsQMDwHAuYGQZMI1LCiFB7FpcOT9mYUIfavmEkEhMA3T48xEugZgHDETEsGIh4Xh6SfhlDOudITFIXENg5uIKOxCj93rRZLciyklADWRgZklLRMLACAhRBhQSUUlJffgLEmK-a8GoOldVOkbQYXS5HxMQzeI3_5tcL05DEzQl4cf2SwyN86jIM-DJH5SUfieVc6o5UFTQsWlVIooxizGpN7dYIbSkA0kXIDRj6xCIRiU2gMlsJQUHAgIPOwh7mHAdCVOTKBbIjAWnkUlt6TrQcN1TcUtwyLvWJUS68EBWBOipMmYawiBJHIVwxgiAv6K1V8D4HtWI5Xn7k69fMw8YSL0mBcl50p-zzBhBvmZ4fu8-kX0nll9BDyGlTKwiRmiykOC6WYjwxISGZJanGo7gz8yaymmGIIcUIsKDygKhCmBtBiGBBsYY6mIASU1DGQSqUxXR1HGTEMPk4s5fsesUEABbnIsDaUwJbqXencIKJM6BfO_YvbXAPh5XjVD4btxRYiaX_71RWuJDLSK3HSnF-tVGkjtNbV-8FzrByDa5GqxqTWdeZ2YdWgxHeXeE5q-EgdnZr8Z9IhrW10IvcwjN_f1CunjhSAyLVPo8-EpCpGWKE9KPWn6ZBKkJ95yEb-lxDLTGTE2CGWmFRD9lt7Oz6VfVRVRnhQnHufu0T1C9DUIJIGXqcLPCn-X5crDn1XkBuFXkcxLvtcVR0kReIFwbwB_--3D_6GuRVQMkzLWRNTKvFBZZNVudIifaLgJ9jdl1TQGafCdsMZ_Dmlb7_jwoa-8N4G8g7w7_heYe7hMorvY3Kb9vwe-NVPlt_4RigjGFoBvtH6D-B9Edwgf5io7qewHTL-qAz9if-8I0ruRgCcMnyh-QsbbYfSTvLh70vjgpZ53eErKgt-68XjPz1Usd1kgn2Kl4768dWuUSH3_1QC4NSpI9c_v62pblO9uvNR-t9no9Aiu6RQccQtbBm9f8sb5c5BHRSoBgjiFkTzDd9v8_VbgTZ-K_DbUOg5CYACqSYZaVLS_zELt8YsizT-9fHz5WCJsYT3t-EkU7zF_DPOXjyIMxOEfZRr_DfmybzyiBrfbZq81m64Og-rA65UFwx4Ds17ERibBZ7c9dk47HVcF-NQKgucNsUdd1m_s5XQXOJ0Z3y-KC7FSWTaNSMcNVbYbxnWrGoh5aG-7xSyzxglqjUdMkObA7wynOqqw2dVu002XR7BIX43Bvi_Dc-WEE8s9V-hakrrJsmyzbx5pdqDn4a6-PZyzPb6wat03E0y5cpx0hXoh0uUgH5dxa7sjp2hbf0TtwWxAV_3utDGpL5edoo8u--Lc2K463a6OJmcHREezZyfZEOi137TC-a7vkEOwaTd1-rwF0tRuJtGk79c7RrQfuvtJoh3rvg6fmPZ4WF5na-rsOUw6oaMoHdTp_hg4OmbDNn1jGS6tpaaq7yVOo903D1ud-By1XR3gZiO51-9nczS8MYsmpKrzTmpcbTOIG2O562mvLRazg8uyyAF1m_mjxgl03L5Bz4vBLFu0mjlhvaa9ja62NQh0lQMdTNJDVOnU8KiaEzlzlunSY_YN8Wm43OB0dutPSbKNvnPrMM4KGO-KZNReUxwtttvxhhQ9CXMPzS7I71UKuHJyXT7vGzewwx070GrlUbvuVcu-2Vk_x03MN_BUT9ogqfR9t-6kw-m-Wg9gj4Y3JnKlnzfKWvVVg7aBsYkP1spfRl7_vLfkdTfvP9fvnGWB8LnKhhtkXNygDNJuNkt7AxJOnv3B3skMtCWOO--krNu4-LNnXrg70-7NV5tRywwuworhIJh26163QC2fHIDj3ZjYTzcrB6J2awJsvLWni2WfbA9SeyKnPsoZNtYzvWjH1brse2waJUM4Pm0rf5sVtieJ0E6q8cth0tifJ7Pd-gqtTejt1Pqszasp94eFnDjVZBpQESU7YRyqtDheF7btHMlyu-yW0eQyXgO_ZJuLb7nhoVijqBttO-euvT8PRhd-iYPRoHuc0lm2Rqt5fXAhtLrMymsCQN89LUGjuSTx5bip7DJwxTh99oOse9hRdZzYI97roG2hcVboMNusj6e2Rta-tBa71UaWVX_jOsvID3HUnffnjl8sGttrOjlGbVzK1qYisM63ZD8-dfarfhjpsaB5w3Wnk7CCBb_0NuOLRwawDA8xrrPFvj09kEYMtvPLWpRwuIXjm_jfLuXdq3hUr2UO4CuBrydJ4CMkr9-urdev8gVf8evX2-1RC-cjhYxSg1hEF9qVd7VciPPj4djNh6_j8fB0XjRXwlFn7Rc6MYlUJt509_2dqHZvXwJplhT6w-KxzJ9uHyTCzYv7_frl30qDBSU HTTP 307
https://u23936123.ct.sendgrid.net/ls/click?upn=2hdJ4-2BbLF8IDRQWkKykbAy91lI70RIm7N853waFOUvg-2Byi3vDiiEY5LNH7JBjdQgiUGRbjTtx59pduC4m-2BMergMnA9yKcSlLZHtRr9Oo2DON7c5CKhGMQ-2BtL7zLF6YHbm1tp_4KjJdlwyUlP9awy2zu5A87rrYjCq6rk6wMgAZkwrj3x7yXJ8o36beUUpW2Il2-2B1bOunDZg5vmZA-2FKRK6WJHQBPAVVGtJ2xjtwBZWGHH-2B5wU0mq8ILorM0-2BhC9lSgJU5kiYFC-2FSD0ppLComPJhAG4mjMajPo-2FXJ-2BP8LOMuzRX6Ujb1oGlUe66KA6jqiU-2FY7YJ4VlV9VY5LJfoUBFJ8kZ-2BEmFa-2FarNdj-2FE8NMg-2B2P5yAbGp4zL8inBOdgI-2FLcTRka7rmU0AL7hNBv0GaJ46wTKRrTDCs57ICLZmzL9Ki-2Bk6KPpkmy-2FlqeCPdRUVpVf7L-2BPvMVY3pRm-2Bu5rY35cA1nrt1ngtoNFX63mTZZOY5tId1sf2Rx2hIye0adPzVEjB-2FEMg7k6yWf6LAfyVJ8GXEnC3bY1vAoF0oy837XGpMQjyXK1I6l-2FYse-2FJ-2BDAWB6F04Ynk9WhVmfJwj9dzgSJEAU-2FYrichberMY24xaiuipHrRpIK5lPEhKjUr42Z5UaSGp7HBxhREbtag8LISWYND8ixc9n1KiQHAfHt2Dh5k0Ufy-2FjQYWU12FDP0L3ZLQTVJ5Zkd-2FmUANs734XR-2FFnyXuJf7QmoM1OvZyhZrtLfd5c-2F6-2BdMoBjwPRgXz19YlfgeXw-2BWQbhMtdPUyPQi6cmogc4kyptqzTLLUq5VZVHumPxOX0hu7Yxh9alktX2mHmZGwHLjwKNxbxniNKHqQ6RrX2WSAKx56yxRuzo00JavV0BCV5nxqYyLuiacOpEhirHkg6eqPLNbIG2Zt-2Fy2kRYXqvFw-2FxDTgWYduyJYaUVmhl3mHSJSUhtTBZzpPqmF3udDYy51AbZ5jOvGjWJlmA1n6sBaaQPly1tbxIYOxf5K1ulkn3A7TjFQk5Bn0ZSxXcu1MZ1O HTTP 302
https://613711.selcdn.ru/gene-page/r.html?email=j.feng@benefitstreetpartners.com

Request Chain 7

https://logo.clearbit.com/https://benefitstreetpartners.com HTTP 301
https://logo.clearbit.com/https:/benefitstreetpartners.com

7 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	r.html Show response 613711.selcdn.ru/gene-page/ Redirect Chain https://protect-us.mimecast.com/s/64wgCJ6RP6CgKvk3cLS6fs?domain=u23936123.ct.sendgrid.net https://protect-us.mimecast.com/redirect/eNqtVtmS27gV_RWPnrvbWAiAdE0Sa2mt1C5qS6e6iIUiJW7iIoma8r8HUntitz2p5MEvpHA3HJ17ccA_aplIi9qn2v7JU_HuM1ex8oIiLzKlitTNilhl-ZNIotpDLUxE7RN8qGVKqCAtiiBSek0xBQgZBgEA... https://u23936123.ct.sendgrid.net/ls/click?upn=2hdJ4-2BbLF8IDRQWkKykbAy91lI70RIm7N853waFOUvg-2Byi3vDiiEY5LNH7JBjdQgiUGRbjTtx59pduC4m-2BMergMnA9yKcSlLZHtRr9Oo2DON7c5CKhGMQ-2BtL7zLF6YHbm1tp_4KjJdlwyU... https://613711.selcdn.ru/gene-page/r.html?email=j.feng@benefitstreetpartners.com	362 B 776 B	761ms 375ms	Document text/html	2a00:ab00:0:12::235 SELECTEL
General Check archive.org Show headers Download Go to Full URL https://613711.selcdn.ru/gene-page/r.html?email=j.feng@benefitstreetpartners.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a00:ab00:0:12::235 , Russian Federation, ASN49505 (SELECTEL, RU), Reverse DNS Software / Resource Hash `af0a5d4615f606803309265750d1186e165808a1688074a10a17cf129013537f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language en-US,en;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges content-length 362 content-type text/html etag "e69167d5803520e2d9053ef466bf4762" last-modified Wed, 03 Nov 2021 20:25:37 GMT x-timestamp 1635971136.33017 x-trans-id 16b42314ab1a3d1b date Wed, 03 Nov 2021 23:18:22 GMT age 52946 Redirect headers Server nginx Date Thu, 04 Nov 2021 14:00:47 GMT Content-Type text/html; charset=utf-8 Content-Length 103 Connection keep-alive Location https://613711.selcdn.ru/gene-page/r.html?email=j.feng@benefitstreetpartners.com X-Robots-Tag noindex, nofollow
GET H2	200	Primary Request page2.html Show response 613711.selcdn.ru/gene-page/	32 KB 32 KB	476ms 476ms	Document text/html	2a00:ab00:0:12::235 SELECTEL
General Check archive.org Show headers Download Go to Full URL https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com Requested by Host: 613711.selcdn.ru URL: https://613711.selcdn.ru/gene-page/r.html?email=j.feng@benefitstreetpartners.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a00:ab00:0:12::235 , Russian Federation, ASN49505 (SELECTEL, RU), Reverse DNS Software / Resource Hash `c5d76f6d804388e54434604036d66ba3fbd7bec116e966b0f8ed6692f2c38478` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language en-US,en;q=0.9 Referer https://613711.selcdn.ru/gene-page/r.html?email=j.feng@benefitstreetpartners.com Response headers accept-ranges bytes access-control-allow-origin * access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges content-length 32372 content-type text/html etag "43e2f631c3fbf1e96c51e4e760c2fc61" last-modified Wed, 03 Nov 2021 20:25:34 GMT x-timestamp 1635971133.32813 x-trans-id 16b42313f79ef81d date Thu, 04 Nov 2021 10:51:54 GMT age 11334
GET H/1.1	200 OK	26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png www.pngitem.com/pimgs/m/	55 KB 55 KB	2585ms 2463ms	Image image/png	173.208.219.13 WII
General Check archive.org Show headers Download Go to Show image Full URL https://www.pngitem.com/pimgs/m/26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png Requested by Host: 613711.selcdn.ru URL: https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 173.208.219.13 , United States, ASN32097 (WII, US), Reverse DNS angle.excellentfixmemory.us Software nginx/1.14.0 / Resource Hash `42171d76548498998da88f032aba50a028b9481fd7004a9a3b5d3b8d98fe48a2` Request headers Accept-Language en-US,en;q=0.9 Referer https://613711.selcdn.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Thu, 04 Nov 2021 14:00:50 GMT Last-Modified Tue, 15 Oct 2019 13:09:45 GMT Server nginx/1.14.0 ETag "5da5c519-db2d" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 56109
GET H2	200	jquery-3.5.0.js Show response code.jquery.com/	281 KB 83 KB	141ms 43ms	Script application/javascript	2001:4de0:ac18::1:a:2a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.0.js Requested by Host: 613711.selcdn.ru URL: https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash `aff01a147aeccc9b70a5efad1f2362fd709f3316296ec460d94aa7d31decdb37` Request headers Accept-Language en-US,en;q=0.9 Referer https://613711.selcdn.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 04 Nov 2021 14:00:49 GMT content-encoding gzip last-modified Fri, 10 Apr 2020 15:24:08 GMT server nginx etag W/"5e908f98-463a1" vary Accept-Encoding x-hw 1636034449.dop001.da2.t,1636034449.cds217.da2.hn,1636034449.cds049.da2.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 84374
GET H2	200	jquery-3.6.0.min.js Show response 613711.selcdn.ru/gene-page/	88 KB 88 KB	334ms 333ms	Script text/javascript	2a00:ab00:0:12::235 SELECTEL
General Check archive.org Show headers Download Go to Full URL https://613711.selcdn.ru/gene-page/jquery-3.6.0.min.js Requested by Host: 613711.selcdn.ru URL: https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a00:ab00:0:12::235 , Russian Federation, ASN49505 (SELECTEL, RU), Reverse DNS Software / Resource Hash `c9efc9b7c916267616d23e1b78ec32ed1fe4225230d7e3b70368423876d33f3b` Request headers Accept-Language en-US,en;q=0.9 Referer https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Wed, 03 Nov 2021 20:26:34 GMT last-modified Wed, 03 Nov 2021 20:25:33 GMT age 63255 etag "18276bcbf0b4c71d1ff05981cb4b6a77" content-type text/javascript access-control-allow-origin * access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges content-length 89608 accept-ranges bytes x-trans-id 16b42313aa0bb602 x-timestamp 1635971132.00993
GET DATA	200 OK	truncated /	16 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70` Request headers Accept-Language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	558 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b` Request headers Accept-Language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	520 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5` Request headers Accept-Language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Content-Type image/png
GET H2	200	benefitstreetpartners.com logo.clearbit.com/https:/ Redirect Chain https://logo.clearbit.com/https://benefitstreetpartners.com https://logo.clearbit.com/https:/benefitstreetpartners.com	10 KB 10 KB	100ms 100ms	Image image/png	13.226.37.126 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://logo.clearbit.com/https:/benefitstreetpartners.com Requested by Host: 613711.selcdn.ru URL: https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com Protocol H2 Server 13.226.37.126 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-37-126.ewr53.r.cloudfront.net Software envoy / Resource Hash `a9652c2c079c8de628533863694060ba9f24274275559d610de68492e2d2d613` Request headers Accept-Language en-US,en;q=0.9 Referer https://613711.selcdn.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 04 Nov 2021 12:54:46 GMT via 1.1 0f37773e2cce4ff7a5301ebabb04538a.cloudfront.net (CloudFront) server envoy age 3964 x-cache Hit from cloudfront content-type image/png access-control-allow-origin * cache-control public, max-age=2592000 x-amz-cf-pop EWR53-C2 x-amz-cf-id D1aToZlGXWRzvMijASG-jm0HclTjQqedfaJL2ouBcLb4aXe5Yq8GZA== Redirect headers date Thu, 04 Nov 2021 12:54:46 GMT via 1.1 0f37773e2cce4ff7a5301ebabb04538a.cloudfront.net (CloudFront) server envoy age 3964 x-cache Hit from cloudfront content-type text/html; charset=utf-8 location /https:/benefitstreetpartners.com x-amz-cf-pop EWR53-C2 content-length 68 x-amz-cf-id O2MnbImui9XWzjrT06NHF2UStY9jszwjmK_khQ_1ubN-H3W8Z18FMg==
GET H2	200	benefitstreetpartners.com image.thum.io/get/auth/54029-f0473646bcdd359fbc526d3d0ec8b771/https://	320 KB 321 KB	299ms 110ms	Image image/png	13.225.210.119 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://image.thum.io/get/auth/54029-f0473646bcdd359fbc526d3d0ec8b771/https://benefitstreetpartners.com Requested by Host: 613711.selcdn.ru URL: https://613711.selcdn.ru/gene-page/page2.html?email=j.feng@benefitstreetpartners.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.210.119 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-210-119.ewr50.r.cloudfront.net Software / Resource Hash `75743a45e13004fa41593ef5b21fd0e8a9d91b90c2a3d963a7b9499e1fc5fc7f` Request headers Accept-Language en-US,en;q=0.9 Referer https://613711.selcdn.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 04 Nov 2021 12:54:49 GMT via 1.1 5dccc983b54773fbbd262d2029a805d7.cloudfront.net (CloudFront) age 3961 x-cache Hit from cloudfront content-type image/png access-control-allow-origin * cache-control max-age=86400 content-disposition inline; filename= "benefitstreetpartners.com.png" x-amz-cf-pop EWR50-C1 thum_status_code 200 x-amz-cf-id vQzUGR_sKwBPzfDGuMT3lxJiDmug6EIoKXOO6zAPcS-cnnBeeniZSQ== expires Fri, 05 Nov 2021 12:54:49 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

613711.selcdn.ru
code.jquery.com
image.thum.io
logo.clearbit.com
protect-us.mimecast.com
u23936123.ct.sendgrid.net
www.pngitem.com
13.225.210.119
13.226.37.126
167.89.118.35
173.208.219.13
2001:4de0:ac18::1:a:2a
205.139.111.117
2a00:ab00:0:12::235
2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5
2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70
42171d76548498998da88f032aba50a028b9481fd7004a9a3b5d3b8d98fe48a2
578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b
75743a45e13004fa41593ef5b21fd0e8a9d91b90c2a3d963a7b9499e1fc5fc7f
a9652c2c079c8de628533863694060ba9f24274275559d610de68492e2d2d613
af0a5d4615f606803309265750d1186e165808a1688074a10a17cf129013537f
aff01a147aeccc9b70a5efad1f2362fd709f3316296ec460d94aa7d31decdb37
c5d76f6d804388e54434604036d66ba3fbd7bec116e966b0f8ed6692f2c38478
c9efc9b7c916267616d23e1b78ec32ed1fe4225230d7e3b70368423876d33f3b

613711.selcdn.ru Open in urlscan Pro 2a00:ab00:0:12::235 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

7 Requests

86 %HTTPS

29 %IPv6

7 Domains

7 Subdomains

6 IPs

3 Countries

589 kBTransfer

801 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

613711.selcdn.ru Open in urlscan Pro
2a00:ab00:0:12::235 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

589 kB
Transfer

801 kB
Size

0
Cookies

7 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!