urlscan.io logo urlscan.io
SecurityTrails logo

pabrik-herbal.com Open in urlscan Pro
104.27.181.151  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151...
Submission: On May 17 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 104.27.181.151, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is pabrik-herbal.com.
This is the only time pabrik-herbal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
7 104.27.181.151 13335 (CLOUDFLAR...)
2 104.27.180.151 13335 (CLOUDFLAR...)
1 104.19.195.151 13335 (CLOUDFLAR...)
2 2.19.41.58 20940 (AKAMAI-ASN1)
12 5
Apex Domain
Subdomains		 Transfer
9 pabrik-herbal.com
pabrik-herbal.com
45 KB
2 gfx.ms
auth.gfx.ms
293 KB
1 cloudflare.com
ajax.cloudflare.com
3 KB
12 3
Domain Requested by
9 pabrik-herbal.com pabrik-herbal.com
2 auth.gfx.ms pabrik-herbal.com
1 ajax.cloudflare.com pabrik-herbal.com
12 3

This site contains links to these domains. Also see Links.

Domain
account.live.com
login.live.com
katalogsaya.com
Subject Issuer Validity Valid

This page contains 2 frames:

Primary Page: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Frame ID: 4372D9F5AF2523EFB8A04885E5BEDB58
Requests: 11 HTTP requests in this frame

Frame: http://pabrik-herbal.com/share/sharpoint/share/files/prefetch.html
Frame ID: ADDAA74EE0C690C89C8CA91DF994B1C3
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i

Page Statistics

12
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

5
IPs

2
Countries

341 kB
Transfer

479 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set verificationAttempt.php
pabrik-herbal.com/share/sharpoint/share/ 		19 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol
HTTP/1.1
Server
104.27.181.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7595a3b9c3d8b28293d9abb693f7459d2433e847639a12f317b794a93d7d12f0

Request headers

Host
pabrik-herbal.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
4372D9F5AF2523EFB8A04885E5BEDB58

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971; expires=Fri, 17-May-19 22:59:31 GMT; path=/; domain=.pabrik-herbal.com; HttpOnly PHPSESSID=7d7n7o3pp5e4g21e2es6856c56; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Vary
Accept-Encoding,User-Agent
X-Varnish
112710684
Age
0
X-Cache
MISS
Server
cloudflare
CF-RAY
41c9b1e783cf63cd-FRA
Content-Encoding
gzip
7Ip8rSk1t2h9T_GwCpAx8W4vrsc.js
pabrik-herbal.com/cdn-cgi/apps/head/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pabrik-herbal.com/cdn-cgi/apps/head/7Ip8rSk1t2h9T_GwCpAx8W4vrsc.js
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol
HTTP/1.1
Server
104.27.181.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e169be28456182c48a09a422abeeffd8a941f9958bc10d55b9f304784fbb7b5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
pabrik-herbal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Cookie
__cfduid=d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971; PHPSESSID=7d7n7o3pp5e4g21e2es6856c56
Connection
keep-alive
Cache-Control
no-cache
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
x-amz-request-id
69FAC188D7073A4F
CF-RAY
41c9b1e9e45b63cd-FRA
Connection
keep-alive
Content-Length
1859
x-amz-id-2
bJdYzXNCbASJTiAQc3JZ07fK/MWKKT27KRCXjGdosXFZld3SI5iTydicdT/nQcMVfMAqchrl1pk=
Last-Modified
Wed, 21 Mar 2018 05:33:08 GMT
Server
cloudflare
ETag
"41bd556a05ddd4d519c2e088d91bb38b"
Vary
Accept-Encoding
x-amz-version-id
08r10blpATU0v59qQs1mcb1uJswUSi7X
Cache-Control
public, max-age=31536000
Content-Type
application/javascript; charset=utf-8
Expires
Fri, 17 May 2019 22:59:31 GMT
Converged1033.css
pabrik-herbal.com/share/sharpoint/share/files/ 		84 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://pabrik-herbal.com/share/sharpoint/share/files/Converged1033.css
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol
HTTP/1.1
Server
104.27.180.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7617ee4b2f20c54b32823e3ee82b7ea57b43d8a3bd6714c4ef31e71374e11197

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
pabrik-herbal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Cookie
__cfduid=d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971; PHPSESSID=7d7n7o3pp5e4g21e2es6856c56
Connection
keep-alive
Cache-Control
no-cache
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Cf-Polished
origSize=86974
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
CF-RAY
41c9b1e9e5e81589-FRA
Last-Modified
Mon, 28 Aug 2017 20:33:54 GMT
Server
cloudflare
Vary
Accept-Encoding,User-Agent
X-Varnish
105432212 123940538
Cf-Bgj
minify
Expires
Fri, 18 May 2018 02:59:31 GMT
Cache-Control
public, max-age=14400
Content-Type
text/css
X-Cache-Hits
2
microsoft_logo.svg
pabrik-herbal.com/share/sharpoint/share/files/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pabrik-herbal.com/share/sharpoint/share/files/microsoft_logo.svg
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol
HTTP/1.1
Server
104.27.181.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
pabrik-herbal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Cookie
__cfduid=d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971; PHPSESSID=7d7n7o3pp5e4g21e2es6856c56
Connection
keep-alive
Cache-Control
no-cache
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Mon, 28 Aug 2017 20:33:54 GMT
Server
cloudflare
Vary
Accept-Encoding,User-Agent
X-Cache
MISS
X-Varnish
121550538
Content-Type
image/svg+xml
Cache-Control
public, max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
41c9b1e9f45e63cd-FRA
Content-Length
1435
Expires
Fri, 18 May 2018 02:59:31 GMT
picker_account_msa.svg
pabrik-herbal.com/share/sharpoint/share/files/ 		379 B
705 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pabrik-herbal.com/share/sharpoint/share/files/picker_account_msa.svg
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol
HTTP/1.1
Server
104.27.181.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
pabrik-herbal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Cookie
__cfduid=d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971; PHPSESSID=7d7n7o3pp5e4g21e2es6856c56
Connection
keep-alive
Cache-Control
no-cache
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 22:59:32 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Mon, 28 Aug 2017 20:33:54 GMT
Server
cloudflare
Vary
Accept-Encoding,User-Agent
X-Cache
MISS
X-Varnish
123388006
Content-Type
image/svg+xml
Cache-Control
public, max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
41c9b1ebf4c163cd-FRA
Content-Length
254
Expires
Fri, 18 May 2018 02:59:32 GMT
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/92209a86/cloudflare-static/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/92209a86/cloudflare-static/rocket-loader.min.js
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol
SPDY
Server
104.19.195.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
496cd60d97cf2b0d5d39a9a19927c32b4aa492a951360a1b50b66a53c2f8c7ed
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Thu, 17 May 2018 22:59:31 GMT
content-encoding
gzip
last-modified
Wed, 16 May 2018 10:23:02 GMT
server
cloudflare-nginx
etag
W/"5afc0686-26ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
strict-transport-security
max-age=15780000; includeSubDomains
cf-ray
41c9b1ec0dc4233c-FRA
expires
Sat, 19 May 2018 22:59:31 GMT
EKR3IkOAcJOeVzymPVQJG-anSM4.js
pabrik-herbal.com/cdn-cgi/apps/body/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pabrik-herbal.com/cdn-cgi/apps/body/EKR3IkOAcJOeVzymPVQJG-anSM4.js
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/cdn-cgi/apps/head/7Ip8rSk1t2h9T_GwCpAx8W4vrsc.js
Protocol
HTTP/1.1
Server
104.27.180.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f94d7464b80a56dd0dd0c24b079fc53128514df0ac44b1dc7f58d2e09fbc4f9a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
pabrik-herbal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Cookie
__cfduid=d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971; PHPSESSID=7d7n7o3pp5e4g21e2es6856c56
Connection
keep-alive
Cache-Control
no-cache
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
x-amz-request-id
3CB29418B27E1797
CF-RAY
41c9b1ec06251589-FRA
Connection
keep-alive
Content-Length
7946
x-amz-id-2
RyNYPQ7ddPVrpIqxp3n6K++u6jK0ccE3yr0GjLy7WamCQwtdpmQS16oW3o0/t/2wY1u7mVooWr8=
Last-Modified
Wed, 21 Mar 2018 05:33:08 GMT
Server
cloudflare
ETag
"a4e8b6652e3aadc31df8667833790617"
Vary
Accept-Encoding
x-amz-version-id
e.InTPY6ydveqcxWeAPACifE7lYZ.VEQ
Cache-Control
public, max-age=31536000
Content-Type
application/javascript; charset=utf-8
Expires
Fri, 17 May 2019 22:59:31 GMT
prefetch.html
pabrik-herbal.com/share/sharpoint/share/files/ Frame ADDA 		319 B
586 B 		Document
General
Check archive.org
Download Go to
Full URL
http://pabrik-herbal.com/share/sharpoint/share/files/prefetch.html
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol
HTTP/1.1
Server
104.27.181.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa7347aa033627269a1f59d3f97d350c1bb144346f955bb6083456043624afc0

Request headers

Host
pabrik-herbal.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Accept-Encoding
gzip, deflate
Cookie
__cfduid=d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971; PHPSESSID=7d7n7o3pp5e4g21e2es6856c56
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
4372D9F5AF2523EFB8A04885E5BEDB58
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
X-Varnish
112710686
Age
0
X-Cache
MISS
Server
cloudflare
CF-RAY
41c9b1ea079963fd-FRA
Content-Encoding
gzip
7Ip8rSk1t2h9T_GwCpAx8W4vrsc.js
pabrik-herbal.com/cdn-cgi/apps/head/ Frame ADDA 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
http://pabrik-herbal.com/cdn-cgi/apps/head/7Ip8rSk1t2h9T_GwCpAx8W4vrsc.js
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/share/sharpoint/share/files/prefetch.html
Protocol
HTTP/1.1
Server
104.27.181.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e169be28456182c48a09a422abeeffd8a941f9958bc10d55b9f304784fbb7b5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
pabrik-herbal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Cookie
__cfduid=d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971; PHPSESSID=7d7n7o3pp5e4g21e2es6856c56
Connection
keep-alive
Cache-Control
no-cache

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
x-amz-request-id
69FAC188D7073A4F
CF-RAY
41c9b1e9e45b63cd-FRA
Connection
keep-alive
Content-Length
1859
x-amz-id-2
bJdYzXNCbASJTiAQc3JZ07fK/MWKKT27KRCXjGdosXFZld3SI5iTydicdT/nQcMVfMAqchrl1pk=
Last-Modified
Wed, 21 Mar 2018 05:33:08 GMT
Server
cloudflare
ETag
"41bd556a05ddd4d519c2e088d91bb38b"
Vary
Accept-Encoding
x-amz-version-id
08r10blpATU0v59qQs1mcb1uJswUSi7X
Cache-Control
public, max-age=31536000
Content-Type
application/javascript; charset=utf-8
Expires
Fri, 17 May 2019 22:59:31 GMT
EKR3IkOAcJOeVzymPVQJG-anSM4.js
pabrik-herbal.com/cdn-cgi/apps/body/ Frame ADDA 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pabrik-herbal.com/cdn-cgi/apps/body/EKR3IkOAcJOeVzymPVQJG-anSM4.js
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/cdn-cgi/apps/head/7Ip8rSk1t2h9T_GwCpAx8W4vrsc.js
Protocol
HTTP/1.1
Server
104.27.181.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f94d7464b80a56dd0dd0c24b079fc53128514df0ac44b1dc7f58d2e09fbc4f9a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
pabrik-herbal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://pabrik-herbal.com/share/sharpoint/share/files/prefetch.html
Cookie
__cfduid=d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971; PHPSESSID=7d7n7o3pp5e4g21e2es6856c56
Connection
keep-alive
Cache-Control
no-cache
Referer
http://pabrik-herbal.com/share/sharpoint/share/files/prefetch.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
x-amz-request-id
3CB29418B27E1797
CF-RAY
41c9b1ec07e763fd-FRA
Connection
keep-alive
Content-Length
7946
x-amz-id-2
RyNYPQ7ddPVrpIqxp3n6K++u6jK0ccE3yr0GjLy7WamCQwtdpmQS16oW3o0/t/2wY1u7mVooWr8=
Last-Modified
Wed, 21 Mar 2018 05:33:08 GMT
Server
cloudflare
ETag
"a4e8b6652e3aadc31df8667833790617"
Vary
Accept-Encoding
x-amz-version-id
e.InTPY6ydveqcxWeAPACifE7lYZ.VEQ
Cache-Control
public, max-age=31536000
Content-Type
application/javascript; charset=utf-8
Expires
Fri, 17 May 2019 22:59:31 GMT
0.jpg
auth.gfx.ms/16.000.27457.4/images/Backgrounds/ 		291 KB
291 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.gfx.ms/16.000.27457.4/images/Backgrounds/0.jpg?x=f5a9a9531b8f4bcc86eabb19472d15d5
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol
HTTP/1.1
Server
2.19.41.58 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-19-41-58.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/8.5 /
Resource Hash
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214

Request headers

Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Last-Modified
Sat, 01 Jul 2017 02:01:48 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A002 V: 0
ETag
"0ce5dffdf2d21:0"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=157839
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
298105
Server
Microsoft-IIS/8.5
0-small.jpg
auth.gfx.ms/16.000.27457.4/images/Backgrounds/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.gfx.ms/16.000.27457.4/images/Backgrounds/0-small.jpg?x=12f4b8b543125cc986c79cd85320812f
Requested by
Host: pabrik-herbal.com
URL: http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol
HTTP/1.1
Server
2.19.41.58 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-19-41-58.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/8.5 /
Resource Hash
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b

Request headers

Referer
http://pabrik-herbal.com/share/sharpoint/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 22:59:31 GMT
Last-Modified
Sat, 01 Jul 2017 02:01:48 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1C003 V: 0
ETag
"0ce5dffdf2d21:0"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=528232
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1029
Server
Microsoft-IIS/8.5
truncated
/ Frame ADDA 		7 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9fbe5421b4e7d9f1dd3a08d070e85e526ad6de2379f7d89fb2c2d07ed10d10fe

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
text/css;charset=utf-8
truncated
/ 		7 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9fbe5421b4e7d9f1dd3a08d070e85e526ad6de2379f7d89fb2c2d07ed10d10fe

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
text/css;charset=utf-8
truncated
/ 		928 B
0 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1cd6e4c869b2781e8f7e18b040d38c20841354358bd4ba6f38ba9a1ba67900ff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Origin
http://pabrik-herbal.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/x-font-woff;charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Eager object| CloudflareApps object| __cfQR function| empty

2 Cookies

Domain/Path Name / Value
pabrik-herbal.com/ Name: PHPSESSID
Value: 7d7n7o3pp5e4g21e2es6856c56
.pabrik-herbal.com/ Name: __cfduid
Value: d7bd3c7729f7f2a37ec3f3c162d4d0ca61526597971