urlscan.io logo urlscan.io
SecurityTrails logo

mailer.hdfcbank.com Open in urlscan Pro
2606:4700::6812:5e48  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://resu.io/WU7DW3TAA77C
Effective URL: http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&...
Submission: On July 15 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 2606:4700::6812:5e48, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is mailer.hdfcbank.com.
This is the only time mailer.hdfcbank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 119.81.110.28 36351 (SOFTLAYER)
1 4 2606:4700::68... 13335 (CLOUDFLAR...)
3 1
Apex Domain
Subdomains		 Transfer
4 hdfcbank.com
mailer.hdfcbank.com
17 KB
2 resu.io
resu.io
1004 B
3 2
Domain Requested by
4 mailer.hdfcbank.com 1 redirects mailer.hdfcbank.com
2 resu.io 2 redirects
3 2

This site contains links to these domains. Also see Links.

Domain
www.hdfcbank.com
leads.hdfcbank.com
Subject Issuer Validity Valid

1970-01-01 -
1970-01-01		 a few seconds crt.sh

This page contains 1 frames:

Primary Page: http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD
Frame ID: FC172B2AF7FBE1D2CE832C17085E3FDB
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://resu.io/WU7DW3TAA77C HTTP 301
    https://resu.io/WU7DW3TAA77C HTTP 302
    http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a9... Page URL
  2. http://mailer.hdfcbank.com/cdn-cgi/l/chk_jschl?s=a74dcb1c4bb41a55d7eced6a4e7a4905ce7150e0-1563186316-18... HTTP 302
    http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a9... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

3
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

16 kB
Transfer

36 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://resu.io/WU7DW3TAA77C HTTP 301
    https://resu.io/WU7DW3TAA77C HTTP 302
    http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD Page URL
  2. http://mailer.hdfcbank.com/cdn-cgi/l/chk_jschl?s=a74dcb1c4bb41a55d7eced6a4e7a4905ce7150e0-1563186316-1800-Aaqm1BWUV2lM5q2R2%2B6tjMqJgx0xo3OtN3pkXxXHSjizDdz7RMb3kfKt4k64QkipAaTBbkXQJFLi4XKTArsK%2BQtY8Phyk2uagoiKTcGuQO%2F1XoUPV18SR5fG3hLXkYD7h8n%2F1MkTp0o3C2v4bKstNt9%2FaZxAGHU43TMZZFpPhZK0AvwEPP3P9gmFgQdCMAfSxwF8punAxMxzxX22DXARS%2B%2F4RK9v5%2BHEcausFtaOwTDxfMbzz6CXWsM%2FtxBayAWhH0h5buVFbC%2FoGD46dvsITgFiP%2BDNkFsF%2BTgx2p6pm3rKNt9lkIKp9N%2F9NPB%2B3UbQRmlI4hHkRp0Xuwz59%2FVdVpGEWNghP4j3etQmyRW%2F%2BkclL0B960FBp851TJ3GMbRZjMHrQ8Tnacnhf2ygHgnN1X5050b8VRxY8j%2Fc32rGZIwnrK24fZQgvk0N32BcKecULw%3D%3D&jschl_vc=5f57a13aad4684da90f214a99255722e&pass=1563186320.244-ES4tHGy28N&jschl_answer=41.6479232023 HTTP 302
    http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://resu.io/WU7DW3TAA77C HTTP 301
  • https://resu.io/WU7DW3TAA77C HTTP 302
  • http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set lp.html
mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/
Redirect Chain
  • http://resu.io/WU7DW3TAA77C
  • https://resu.io/WU7DW3TAA77C
  • http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e...
6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD
Protocol
HTTP/1.1
Server
2606:4700::6812:5e48 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b52021be25babcf0620458950650aa9be0ec08171c4aa3923ce7a7a6fa25cbd
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Host
mailer.hdfcbank.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 15 Jul 2019 10:25:16 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
X-Frame-Options
SAMEORIGIN
Set-Cookie
__cfduid=d8021c50319e9dec28bb17ea3accd97ad1563186316; expires=Tue, 14-Jul-20 10:25:16 GMT; path=/; domain=.hdfcbank.com; HttpOnly
Cache-Control
no-cache
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
4f6b080c4d97c2c7-FRA

Redirect headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Location
http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD
Server
X-AspNetMvc-Version
4.0
X-AspNet-Version
X-Powered-By
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Type
p3p
CP="Internet Explorer"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Mon, 15 Jul 2019 10:25:15 GMT
Content-Length
424
Primary Request lp.html
mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/
Redirect Chain
  • http://mailer.hdfcbank.com/cdn-cgi/l/chk_jschl?s=a74dcb1c4bb41a55d7eced6a4e7a4905ce7150e0-1563186316-1800-Aaqm1BWUV2lM5q2R2%2B6tjMqJgx0xo3OtN3pkXxXHSjizDdz7RMb3kfKt4k64QkipAaTBbkXQJFLi4XKTArsK%2BQt...
  • http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e...
26 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD
Requested by
Host: mailer.hdfcbank.com
URL: http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD
Protocol
HTTP/1.1
Server
2606:4700::6812:5e48 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
2aa457e9b8e6df9e8c92811058a3bdcfe0fce3a86dbd7b93786bee61be5e5b1b

Request headers

Host
mailer.hdfcbank.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD
Accept-Encoding
gzip, deflate
Cookie
__cfduid=d8021c50319e9dec28bb17ea3accd97ad1563186316; cf_clearance=6781e4e5520cfabaa915b2ce53c8ccf7572ca46c-1563186320-86400-150
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD

Response headers

Date
Mon, 15 Jul 2019 10:25:20 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Wed, 26 Jun 2019 10:21:34 GMT
X-Powered-By
ASP.NET
Server
cloudflare
CF-RAY
4f6b0825e96d97b4-FRA
Content-Encoding
gzip

Redirect headers

Date
Mon, 15 Jul 2019 10:25:20 GMT
Content-Type
text/html
Content-Length
159
Connection
keep-alive
Set-Cookie
cf_clearance=6781e4e5520cfabaa915b2ce53c8ccf7572ca46c-1563186320-86400-150; path=/; expires=Tue, 16-Jul-19 11:25:20 GMT; domain=.hdfcbank.com; HttpOnly
Location
/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD
Server
cloudflare
CF-RAY
4f6b0825c94597b4-FRA
X-Frame-Options
SAMEORIGIN
gen_1.png
mailer.hdfcbank.com/campaign/May19/MutualFunds/NM/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mailer.hdfcbank.com/campaign/May19/MutualFunds/NM/images/gen_1.png
Requested by
Host: mailer.hdfcbank.com
URL: http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD
Protocol
HTTP/1.1
Security
, ,
Server
2606:4700::6812:5e48 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
df0dea7353db6ab472290dc2e5790d4a76de873379437444930803a1bac76083

Request headers

Referer
http://mailer.hdfcbank.com/campaign/March19/Fraudulent_Remote_Access/lp.html?did=cust_00b4e220_6121_4a93_a63f_d0848bd73506&bid=F&cid=43757998-68a5-404e-b080-52c322e84da3&rid=W3TAA7&sid=dfa29283-11e7-4655-a399-c4b3c8c4b009&chl=sm&utm_source=RE&utm_medium=comm&utm_campaign=9RD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 15 Jul 2019 10:25:20 GMT
CF-Cache-Status
HIT
Age
6267
X-Powered-By
ASP.NET
Content-Disposition
inline; filename="gen_1.webp"
Connection
keep-alive
Content-Length
3646
Last-Modified
Tue, 28 May 2019 09:03:32 GMT
Server
cloudflare
ETag
"ca38a8393415d51:289"
Vary
Accept
Content-Type
image/webp
Cf-Bgj
imgq:100
Cache-Control
public, max-age=14400
Cf-Polished
origFmt=png, origSize=6202
Accept-Ranges
bytes
CF-RAY
4f6b0828eefa279c-FRA
Expires
Mon, 15 Jul 2019 14:25:20 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

2 Cookies

Domain/Path Name / Value
.hdfcbank.com/ Name: cf_clearance
Value: 6781e4e5520cfabaa915b2ce53c8ccf7572ca46c-1563186320-86400-150
.hdfcbank.com/ Name: __cfduid
Value: d8021c50319e9dec28bb17ea3accd97ad1563186316

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mailer.hdfcbank.com
resu.io
119.81.110.28
2606:4700::6812:5e48
2aa457e9b8e6df9e8c92811058a3bdcfe0fce3a86dbd7b93786bee61be5e5b1b
3b52021be25babcf0620458950650aa9be0ec08171c4aa3923ce7a7a6fa25cbd
df0dea7353db6ab472290dc2e5790d4a76de873379437444930803a1bac76083