frontlinegrowingproducts.com Open in urlscan Pro
69.174.114.195 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://frontlinegrowingproducts.com/ahv/ch/index1.html
Submission: On November 30 via api (November 30th 2024, 12:13:00 am UTC) from FR — Scanned from CH

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 26 HTTP transactions. The main IP is 69.174.114.195, located in United States and belongs to IMH-IAD, US. The main domain is frontlinegrowingproducts.com.
TLS certificate: Issued by R11 on November 25th 2024. Valid for: 3 months.

This is the only time frontlinegrowingproducts.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Refund Scam (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
17	69.174.114.195 69.174.114.195	54641 (IMH-IAD) (IMH-IAD)
2	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:8400:21:... 2a02:8400:21:1::3	15557 (LDCOMNET ...) (LDCOMNET Societe Francaise Du Radiotelephone - SFR SA)
3	216.58.212.131 216.58.212.131	15169 (GOOGLE) (GOOGLE)
26	7

17 69.174.114.195 (United States)

ASN54641 (IMH-IAD, US)

frontlinegrowingproducts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:8400:21:1::3 (France)

ASN15557 (LDCOMNET Societe Francaise Du Radiotelephone - SFR SA, FR)

static.s-sfr.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.131 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	frontlinegrowingproducts.com frontlinegrowingproducts.com	481 KB
3	gstatic.com fonts.gstatic.com	23 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	51 KB
1	s-sfr.fr static.s-sfr.fr — Cisco Umbrella Rank: 761529	892 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	27 KB
26	6

	Domain	Requested by
17	frontlinegrowingproducts.com	frontlinegrowingproducts.com
3	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	frontlinegrowingproducts.com
2	cdn.jsdelivr.net	frontlinegrowingproducts.com
1	static.s-sfr.fr	frontlinegrowingproducts.com
1	cdnjs.cloudflare.com	frontlinegrowingproducts.com
26	6

This site contains no links.

Subject Issuer	Validity	Valid
cpcontacts.frontlinegrowingproducts.com R11	`2024-11-25` - `2025-02-23`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.s-sfr.fr Thawte RSA CA 2018	`2024-10-23` - `2025-10-22`	a year	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://frontlinegrowingproducts.com/ahv/ch/index1.html
Frame ID: F0BBEBBAC2AE6B0A1C58C56D3E3067C6
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Kundenbereich | AHV/IV

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

26
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

585 kB
Transfer

939 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index1.html Show response
frontlinegrowingproducts.com/ahv/ch/ 104 KB
104 KB 676ms
218ms Document
text/html 69.174.114.195
IMH-IAD

General

frontlinegrowingproducts.com Open in urlscan Pro 69.174.114.195 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

26 Requests

100 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

7 IPs

4 Countries

585 kBTransfer

939 kBSize

0 Cookies

0 Outgoing links

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

frontlinegrowingproducts.com Open in urlscan Pro
69.174.114.195 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

585 kB
Transfer

939 kB
Size

0
Cookies

26 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!