Domain > portal.save.auto

More information on this domain is in AlienVault OTX

DNS Resolutions

Date	IP Address
2024-08-05	99.84.208.59 (ClassC)
2025-04-07	18.161.6.66 (ClassC)

HTTP/1.1 301 Moved PermanentlyServer: CloudFrontDate: Mon, 07 Apr 2025 06:29:36 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveLocation: https://portal.save.auto/X-Cache: Redirect from cloudfrontVia: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront)X-Amz-Cf-Pop: HIO52-P1X-Amz-Cf-Id: blt-Js9AjY5PAyxY93PjHrciNDFjrwW8XrpJgSAl6B5G2XUU9HVUjwX-XSS-Protection: 1; modeblockX-Frame-Options: DENYReferrer-Policy: no-referrerContent-Security-Policy: default-src portal.save.auto; script-src unsafe-inline unsafe-eval portal.save.auto www.googletagmanager.com *.autopay.com blob:; style-src unsafe-inline unsafe-hashes portal.save.auto fonts.googleapis.com *.gstatic.com *.autopay.com; img-src data: blob: portal.save.auto assets.ctfassets.net images.ctfassets.net media.chromedata.com *.amazonaws.com *.googletagmanager.com *.autopay.com *.gstatic.com *.google.com *.embeddedinsurance.com; font-src portal.save.auto fonts.gstatic.com data:; connect-src api.save.auto o92107.ingest.sentry.io us.app.unleash-hosted.com fonts.googleapis.com *.amazonaws.com *.google-analytics.com *.googleapis.com; media-src data:; frame-src *.googleapis.com; upgrade-insecure-requests; block-all-mixed-content; manifest-src portal.save.auto *.autopay.com; report-uri https://o92107.ingest.us.sentry.io/api/1398689/security/?sentry_key20adc36c08104533969c4807d9169de5&sentry_environmentprodX-Content-Type-Options: nosniffCross-Origin-Embedder-Policy: credentiallessCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: cross-originX-Permitted-Cross-Domain-Policies: noneVary: Origin

html>head>title>301 Moved Permanently/title>/head>body>center>h1>301 Moved Permanently/h1>/center>hr>center>CloudFront/center>/body>/html>

Port 443

HTTP/1.1 200 OKServer: CloudFrontContent-Type: text/htmlContent-Length: 4393Connection: keep-aliveLast-Modified: Thu, 03 Apr 2025 22:18:59 GMTx-amz-server-side-encryption: AES256Accept-Ranges: bytesDate: Mon, 07 Apr 2025 06:29:38 GMTCache-Control: no-cacheETag: 7a61d94c0775a7f2a520326a4b677da3X-Cache: RefreshHit from cloudfrontVia: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront)X-Amz-Cf-Pop: HIO52-P1X-Amz-Cf-Id: DjY05bMw7JC_VtgGxToRnvx9DK-7XTXvj6NgY-8K7j0ycgM9ZYOs7wX-XSS-Protection: 1; modeblockX-Frame-Options: DENYReferrer-Policy: no-referrerContent-Security-Policy: default-src portal.save.auto; script-src unsafe-inline unsafe-eval portal.save.auto www.googletagmanager.com *.autopay.com blob:; style-src unsafe-inline unsafe-hashes portal.save.auto fonts.googleapis.com *.gstatic.com *.autopay.com; img-src data: blob: portal.save.auto assets.ctfassets.net images.ctfassets.net media.chromedata.com *.amazonaws.com *.googletagmanager.com *.autopay.com *.gstatic.com *.google.com *.embeddedinsurance.com; font-src portal.save.auto fonts.gstatic.com data:; connect-src api.save.auto o92107.ingest.sentry.io us.app.unleash-hosted.com fonts.googleapis.com *.amazonaws.com *.google-analytics.com *.googleapis.com; media-src data:; frame-src *.googleapis.com; upgrade-insecure-requests; block-all-mixed-content; manifest-src portal.save.auto *.autopay.com; report-uri https://o92107.ingest.us.sentry.io/api/1398689/security/?sentry_key20adc36c08104533969c4807d9169de5&sentry_environmentprodX-Content-Type-Options: nosniffStrict-Transport-Security: max-age31536000; includeSubDomainsCross-Origin-Embedder-Policy: credentiallessCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: cross-originX-Permitted-Cross-Domain-Policies: noneVary: Origin

!DOCTYPE html>html langen>  head>    meta charsetutf-8 />    link relicon href/favicon-default.png sizes32x32 192x192 />    meta nameviewport contentwidthdevice-width, initial-scale1 />    meta nametheme-color content#000000 />    meta namedescription contentAuto Loan Finance Made Simple/>    !--      manifest.json provides metadata used when your web app is installed on a      users mobile device or desktop. See https://developers.google.com/web/fundamentals/web-app-manifest/    -->    link relmanifest href/manifest.json />    title>The Savings Group/title>    style>      .initialize-loader {          display: flex;          align-items: center;          width: 100%;          height: 100vh;          justify-content: center;      }      .initialize-loader svg {          animation-duration: 0.5s;          animation-iteration-count: infinite;          animation-timing-function: linear;          animation-name: Spinning;      }      @keyframes Spinning {          to {              transform: rotate(360deg);          }      }    /style>    script typemodule crossorigin src/assets/index-BszPeZxC.js>/script>    link relstylesheet crossorigin href/assets/index-CKeT00Wg.css>    script typemodule>import.meta.url;import(_).catch(()>1);(async function*(){})().next();if(location.protocol!file:){window.__vite_is_modern_browsertrue}/script>    script typemodule>!function(){if(window.__vite_is_modern_browser)return;console.warn(vite: loading legacy chunks, syntax error above and the same error below should be ignored);var edocument.getElementById(vite-legacy-polyfill),ndocument.createElement(script);n.srce.src,n.onloadfunction(){System.import(document.getElementById(vite-legacy-entry).getAttribute(data-src))},document.body.appendChild(n)}();/script>  /head>  body>    noscript>You need to enable JavaScript to run this app./noscript>    div idchecklight-root classcontent>      div classinitialize-loader>        svg          width48px          height48px          viewBox0 0 25 24          xmlnshttp://www.w3.org/2000/svg        >          g strokenone strokeWidth1 fillnone fillRuleevenodd>            g transformtranslate(-98.0, -2037.0)>              rect                filltransparent                x64                y2021                width93                height56                rx4              />              path                dM110.5,2037 C117.127417,2037 122.5,2042.37258 122.5,2049 C122.5,2055.62742 117.127417,2061 110.5,2061 C109.76362,2061 109.166667,2060.40305 109.166667,2059.66667 C109.166667,2058.93029 109.76362,2058.33333 110.5,2058.33333 C115.654658,2058.33333 119.833333,2054.15466 119.833333,2049 C119.833333,2043.84534 115.654658,2039.66667 110.5,2039.66667 C105.345342,2039.66667 101.166667,2043.84534 101.166667,2049 C101.166667,2049.73638 100.569713,2050.33333 99.8333333,2050.33333 C99.0969537,2050.33333 98.5,2049.73638 98.5,2049 C98.5,2042.37258 103.872583,2037 110.5,2037 Z                fill#0c4650                fillRulenonzero              />            /g>          /g>        /svg>      /div>    /div>    !--      This HTML file is a template.      If you open it directly in the browser, you will see an empty page.      You can add webfonts, meta tags, or analytics to this file.      The build step will place the bundled scripts into the body> tag.      To begin the development, run `npm start` or `yarn start`.      To create a production bundle, use `npm run build` or `yarn build`.    -->    script nomodule>!function(){var edocument,te.createElement(script);if(!(noModulein t)&&onbeforeloadin t){var n!1;e.addEventListener(beforeload,(function(e){if(e.targett)n!0;else if(!e.target.hasAttribute(nomodule)||!n)return;e.preventDefault()}),!0),t.typemodule,t.src.,e.head.appendChild(t),t.remove()}}();/script>    script nomodule crossorigin idvite-legacy-polyfill src/assets/polyfills-legacy-Bl3ze5p9.js>/script>    script nomodule crossorigin idvite-legacy-entry data-src/assets/index-legacy-UyA9stIh.js>System.import(document.getElementById(vite-legacy-entry).getAttribute(data-src))/script>  /body>/html>

Subdomains

Date	Domain	IP
api.save.auto	2024-06-16	34.200.88.230
portal.save.auto	2025-04-07	18.161.6.66

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > portal.save.auto

Is this malicious?

DNS Resolutions

Port 80

Port 443

Subdomains