brandsalepoint.com
Open in
urlscan Pro
2606:4700:30::681f:5bb5
Malicious Activity!
Public Scan
Submitted URL: https://u4767833.ct.sendgrid.net/wf/click?upn=lzfZEXLBjt7v4e4hdmoqDn2DwslNwDquDSiLlW8ChOJYkxVCfIfXzaflKkStLXDv_u1so9Fuz7zjHQKwZY4...
Effective URL: http://brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.c...
Submission: On August 08 via manual from GB
Effective URL: http://brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.c...
Submission: On August 08 via manual from GB
Summary
This website contacted 4 IPs
in 2 countries
across 5 domains to perform 17 HTTP transactions.
The main IP is 2606:4700:30::681f:5bb5, located in
United States and
belongs to CLOUDFLARENET - Cloudflare, Inc., US.
The main domain is brandsalepoint.com.
This is the only time brandsalepoint.com was scanned on urlscan.io!
This is the only time brandsalepoint.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 167.89.118.35 167.89.118.35 | 11377 (SENDGRID) (SENDGRID - SendGrid) | |
| 1 | 2606:4700:30:... 2606:4700:30::6818:6d2f | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 2 16 | 2606:4700:30:... 2606:4700:30::681f:5bb5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:820::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 2606:4700::68... 2606:4700::6813:c797 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 17 | 4 |
1
167.89.118.35
(United States)
ASN11377 (SENDGRID - SendGrid, Inc., US)
PTR: o16789118x35.outbound-mail.sendgrid.net
ASN11377 (SENDGRID - SendGrid, Inc., US)
PTR: o16789118x35.outbound-mail.sendgrid.net
| u4767833.ct.sendgrid.net |
1
2606:4700:30::6818:6d2f
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| malhartrades.com |
16
2606:4700:30::681f:5bb5
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| brandsalepoint.com |
1
2a00:1450:4001:820::200a
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| ajax.googleapis.com |
1
2606:4700::6813:c797
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| cdnjs.cloudflare.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 16 |
brandsalepoint.com
2 redirects
brandsalepoint.com |
365 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com |
3 KB |
| 1 |
googleapis.com
ajax.googleapis.com |
33 KB |
| 1 |
malhartrades.com
malhartrades.com |
511 B |
| 1 |
sendgrid.net
1 redirects
u4767833.ct.sendgrid.net |
247 B |
| 17 | 5 |
| Domain | Requested by | |
|---|---|---|
| 16 | brandsalepoint.com |
2 redirects
brandsalepoint.com
ajax.googleapis.com |
| 1 | cdnjs.cloudflare.com |
brandsalepoint.com
|
| 1 | ajax.googleapis.com |
brandsalepoint.com
|
| 1 | malhartrades.com | |
| 1 | u4767833.ct.sendgrid.net | 1 redirects |
| 17 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-04-14 - 2020-04-14 |
a year | crt.sh |
| 1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
| ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-03-02 - 2019-09-08 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/
Frame ID: 0484DD1A750832C3012FA201F4FAB662
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u4767833.ct.sendgrid.net/wf/click?upn=lzfZEXLBjt7v4e4hdmoqDn2DwslNwDquDSiLlW8ChOJYkxVCfIfXzaflKkStLXD...
HTTP 302
https://malhartrades.com/access.html Page URL
-
https://brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/au...
HTTP 302
https://brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/au... HTTP 301
http://brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/au... Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
MySQL
(Databases)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^cloudflare$/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u4767833.ct.sendgrid.net/wf/click?upn=lzfZEXLBjt7v4e4hdmoqDn2DwslNwDquDSiLlW8ChOJYkxVCfIfXzaflKkStLXDv_u1so9Fuz7zjHQKwZY4MULumMm0tpoXZeh-2Fh-2BojIkMStZk2filmuaH-2BbiCU8gadXUcKK4PK0gjSxL-2FdSZVCkGh52XlpGlxIMCgVWbzDOpi1ax4cWRUzV1qzMaR0wZcpfXk-2B1snxN8H3SYqfOZIWy9zgXwlohb64P63TaQKd-2FFLyaLKsaN4eSSUn0HTfL6uMuZyFNnJHdaT2kn0oqcs3HaPgGlWQddlRjF8hTCZkoK6ug-3D
HTTP 302
https://malhartrades.com/access.html Page URL
-
https://brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/
HTTP 302
https://brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc HTTP 301
http://brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://u4767833.ct.sendgrid.net/wf/click?upn=lzfZEXLBjt7v4e4hdmoqDn2DwslNwDquDSiLlW8ChOJYkxVCfIfXzaflKkStLXDv_u1so9Fuz7zjHQKwZY4MULumMm0tpoXZeh-2Fh-2BojIkMStZk2filmuaH-2BbiCU8gadXUcKK4PK0gjSxL-2FdSZVCkGh52XlpGlxIMCgVWbzDOpi1ax4cWRUzV1qzMaR0wZcpfXk-2B1snxN8H3SYqfOZIWy9zgXwlohb64P63TaQKd-2FFLyaLKsaN4eSSUn0HTfL6uMuZyFNnJHdaT2kn0oqcs3HaPgGlWQddlRjF8hTCZkoK6ug-3D HTTP 302
- https://malhartrades.com/access.html
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
access.html
malhartrades.com/ Redirect Chain
|
301 B 511 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
 Cookie set
/
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
polyfiller.js
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/Js_Spy/ |
15 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ |
90 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style-login-desktop.css
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/spy_css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
script-login-desktop.js
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/Js_Spy/ |
1 KB 788 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
script-login-mobile.js
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/Js_Spy/ |
1 KB 792 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.h5validate.min.js
cdnjs.cloudflare.com/ajax/libs/h5Validate/0.8.4/ |
11 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login-desktop.png
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/img/ |
246 KB 246 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
shim.css
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/Js_Spy/shims/styles/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
form-core.js
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/Js_Spy/shims/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
navbar-repeat-login.png
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/img/ |
186 B 554 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
navbar.png
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/img/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sub-navbar.png
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/img/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
btn.png
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/img/ |
711 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
33.gif
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/img/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
footer-login-desktop.png
brandsalepoint.com/wp-content/plugins/js_composer/vendor/mmihey/inc/auth.secure2.appleid.com/auth.secure2.appleid.com/298045ba29295afb668ee67c6282eacc/img/ |
54 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| webshims object| webshim function| $ function| jQuery object| asyncWebshims object| jQuery19104621357345767729 function| xForm function| login_BTN function| OxForm function| xForm_m_login function| login_BTN_m_login2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| brandsalepoint.com/ | Name: PHPSESSID Value: 78638cc7e50081ee12bf1f8584c27eae |
|
| .brandsalepoint.com/ | Name: __cfduid Value: d7c8a020eb7f098695715a775e864ed6b1565250510 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
brandsalepoint.com
cdnjs.cloudflare.com
malhartrades.com
u4767833.ct.sendgrid.net
167.89.118.35
2606:4700:30::6818:6d2f
2606:4700:30::681f:5bb5
2606:4700::6813:c797
2a00:1450:4001:820::200a
13c3b16c41c027717252fae3b3d349441ce99c7f85cb5e659aa78a070da06ccf
13fdfd982ef66085fb25626a3687cb96bac2797f171c164ff25175149b1990dd
20561e3f883ab183123a6ef5a08a66fd701c6553766be53950034e487731b3fb
378ad4b15b236e151636ea57bd536d42d53e01918f8d56ce0190aa9bf5e8e4ca
57fe235f09d41a2d419f99aeb9769038a1beb87dadeacfe5a2bc66ef13c234c7
5b71a6f49168345a211f5d4c59f67360108531439a1d92ede97968eb17c9ab83
8f7c95480071b0186f9fea15c8887c2c6baf756fcbabc0c058e2893e5b77f4fa
97626ede66e4b65e1516d8609634660d9848c679f3ec43844e43fd18ba2e9dfc
9d031ab45532cbbc836814405707597d04c0830d59c713fc26176c4e48e6a5cc
9d8aba966591d27568b475f5f1eefbc65a76d3a4e7ad584529f3972da6a65127
ac13c6aa863845a81cd82e604a45808bfcdb2df05cf10af004733c5f016c2ce2
c10e373c687fe9283e819df73c9761d9282ec609020b954b6065a3c73faa20ac
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
e3d4c0731aeb0a6f2ef01df80f5b6b00117c2b7d3acb2b5f8bc33d5dd32c317f
f7097794ea06bfea1ff925878aab9789674c4d8b6ca34c1a73054a960d63f9c2