tradeswarehouse.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 62.138.4.171, located in Strasbourg, France and belongs to GODADDY, DE. The main domain is tradeswarehouse.com.

This is the only time tradeswarehouse.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
5	62.138.4.171 62.138.4.171	20773 (GODADDY) (GODADDY)
2	2a02:26f0:6c0... 2a02:26f0:6c00:283::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2

5 62.138.4.171 (Strasbourg, France)

ASN20773 (GODADDY, DE)
PTR: blue3104.server-cp.com

tradeswarehouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:283::34ef (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	tradeswarehouse.com tradeswarehouse.com	109 KB
2	gfx.ms auth.gfx.ms	418 B
7	2

	Domain	Requested by
5	tradeswarehouse.com	tradeswarehouse.com
2	auth.gfx.ms	tradeswarehouse.com
7	2

This site contains links to these domains. Also see Links.

Domain
account.live.com
login.live.com

Subject Issuer	Validity	Valid
msagfx.live.com Microsoft RSA TLS CA 02	`2021-01-07` - `2022-01-07`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://tradeswarehouse.com/1/1drvme/verificationAttempt.php
Frame ID: 0C304B37E02267F7D0CF465D4C42B461
Requests: 6 HTTP requests in this frame

Frame: http://tradeswarehouse.com/1/1drvme/files/prefetch.html
Frame ID: EC435A4277375EC2E79A8E1D965AC75D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

29 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

110 kB
Transfer

108 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1493260925%26rver%3d6.7.6640.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%26id%3d292841%26CBCXT%3dout%26fl%3dwld%26cobrandid%3d90015%26uaid%3da8d60e23f71e4b599fedbd2dd6b98946%26pid%3d0%26contextid%3d0EE9DFF844DE79AF%26bk%3d1500403644&id=292841&uiflavor=web&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&mkt=EN-US&lc=1033&bk=1500403644
Title: Forgot my password

Search URL Search Domain Scan URL

URL: https://login.live.com/logout.srf?wa=wsignin1.0&rpsnv=13&ct=1493260925&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1&id=292841&CBCXT=out&fl=wld&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&pid=0&contextid=0EE9DFF844DE79AF&ru=https://outlook.live.com/owa/%3fnlp%3d1&bk=1500403644&lm=I
Title: Sign in with a different Microsoft account

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600
Title: Privacy & Cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set verificationAttempt.php Show response tradeswarehouse.com/1/1drvme/	19 KB 19 KB	95ms 82ms	Document text/html	62.138.4.171 GODADDY
General Check archive.org Show headers Download Go to Full URL http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Protocol HTTP/1.1 Server 62.138.4.171 Strasbourg, France, ASN20773 (GODADDY, DE), Reverse DNS blue3104.server-cp.com Software Apache / Resource Hash `eb4aaa90b35ec5818079ffbec28cf26bf872b0ac339985ec562e7380e17bd912` Request headers Host tradeswarehouse.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Wed, 18 Aug 2021 05:39:53 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Set-Cookie PHPSESSID=9574199db133bf8c71ae672366eb8ca1; path=/ Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Converged1033.css tradeswarehouse.com/1/1drvme/files/	85 KB 85 KB	20ms 14ms	Stylesheet text/css	62.138.4.171 GODADDY
General Check archive.org Show headers Download Go to Full URL http://tradeswarehouse.com/1/1drvme/files/Converged1033.css Requested by Host: tradeswarehouse.com URL: http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Protocol HTTP/1.1 Server 62.138.4.171 Strasbourg, France, ASN20773 (GODADDY, DE), Reverse DNS blue3104.server-cp.com Software Apache / Resource Hash `0df34b37d2d23a2a5056ac368248444c36789c9f71b7e15c13e056b722f335ff` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host tradeswarehouse.com Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/css,/;q=0.1 Referer http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Cookie PHPSESSID=9574199db133bf8c71ae672366eb8ca1 Connection keep-alive Cache-Control no-cache Referer http://tradeswarehouse.com/1/1drvme/verificationAttempt.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Wed, 18 Aug 2021 05:39:53 GMT Last-Modified Tue, 29 Aug 2017 11:33:54 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 86974
GET H/1.1	200 OK	microsoft_logo.svg tradeswarehouse.com/1/1drvme/files/	4 KB 4 KB	21ms 15ms	Image image/svg+xml	62.138.4.171 GODADDY
General Check archive.org Show headers Download Go to Show image Full URL http://tradeswarehouse.com/1/1drvme/files/microsoft_logo.svg Requested by Host: tradeswarehouse.com URL: http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Protocol HTTP/1.1 Server 62.138.4.171 Strasbourg, France, ASN20773 (GODADDY, DE), Reverse DNS blue3104.server-cp.com Software Apache / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host tradeswarehouse.com Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Cookie PHPSESSID=9574199db133bf8c71ae672366eb8ca1 Connection keep-alive Cache-Control no-cache Referer http://tradeswarehouse.com/1/1drvme/verificationAttempt.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Wed, 18 Aug 2021 05:39:53 GMT Last-Modified Tue, 29 Aug 2017 11:33:54 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3651
GET H/1.1	200 OK	picker_account_msa.svg tradeswarehouse.com/1/1drvme/files/	379 B 625 B	41ms 35ms	Image image/svg+xml	62.138.4.171 GODADDY
General Check archive.org Show headers Download Go to Show image Full URL http://tradeswarehouse.com/1/1drvme/files/picker_account_msa.svg Requested by Host: tradeswarehouse.com URL: http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Protocol HTTP/1.1 Server 62.138.4.171 Strasbourg, France, ASN20773 (GODADDY, DE), Reverse DNS blue3104.server-cp.com Software Apache / Resource Hash `34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host tradeswarehouse.com Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Cookie PHPSESSID=9574199db133bf8c71ae672366eb8ca1 Connection keep-alive Cache-Control no-cache Referer http://tradeswarehouse.com/1/1drvme/verificationAttempt.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Wed, 18 Aug 2021 05:39:53 GMT Last-Modified Tue, 29 Aug 2017 11:33:54 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 379
GET H/1.1	404 Not Found	prefetch.html Show response tradeswarehouse.com/1/1drvme/files/ Frame EC43	315 B 515 B	10ms 10ms	Document text/html	62.138.4.171 GODADDY
General Check archive.org Show headers Download Go to Full URL http://tradeswarehouse.com/1/1drvme/files/prefetch.html Requested by Host: tradeswarehouse.com URL: http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Protocol HTTP/1.1 Server 62.138.4.171 Strasbourg, France, ASN20773 (GODADDY, DE), Reverse DNS blue3104.server-cp.com Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Host tradeswarehouse.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Accept-Encoding gzip, deflate Accept-Language en-US Cookie PHPSESSID=9574199db133bf8c71ae672366eb8ca1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Response headers Date Wed, 18 Aug 2021 05:39:54 GMT Server Apache Content-Length 315 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	0-small.jpg auth.gfx.ms/16.000.27457.4/images/Backgrounds/	0 209 B	715ms 688ms	Image text/plain	2a02:26f0:6c00:283::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://auth.gfx.ms/16.000.27457.4/images/Backgrounds/0-small.jpg?x=12f4b8b543125cc986c79cd85320812f Requested by Host: tradeswarehouse.com URL: http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::34ef Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://tradeswarehouse.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Wed, 18 Aug 2021 05:39:54 GMT PPServer PPV: 30 H: BY1PPFE58EC01A7 V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/10.0
GET H/1.1	404 Not Found	0.jpg auth.gfx.ms/16.000.27457.4/images/Backgrounds/	0 209 B	714ms 687ms	Image text/plain	2a02:26f0:6c00:283::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://auth.gfx.ms/16.000.27457.4/images/Backgrounds/0.jpg?x=f5a9a9531b8f4bcc86eabb19472d15d5 Requested by Host: tradeswarehouse.com URL: http://tradeswarehouse.com/1/1drvme/verificationAttempt.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::34ef Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://tradeswarehouse.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Wed, 18 Aug 2021 05:39:54 GMT PPServer PPV: 30 H: BY1PPFE5C598CC6 V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/10.0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			tradeswarehouse.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9574199db133bf8c71ae672366eb8ca1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.gfx.ms
tradeswarehouse.com
2a02:26f0:6c00:283::34ef
62.138.4.171
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0df34b37d2d23a2a5056ac368248444c36789c9f71b7e15c13e056b722f335ff
34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb4aaa90b35ec5818079ffbec28cf26bf872b0ac339985ec562e7380e17bd912

tradeswarehouse.com Open in urlscan Pro 62.138.4.171 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

29 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

110 kBTransfer

108 kBSize

1 Cookies

4 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Indicators

tradeswarehouse.com Open in urlscan Pro
62.138.4.171 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

29 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

110 kB
Transfer

108 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!