sungslaw.com
Open in
urlscan Pro
148.72.250.106
Malicious Activity!
Public Scan
Effective URL: https://sungslaw.com/proposal8388384744/document737738322/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=8302891d115...
Submission: On April 02 via manual from US
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on April 1st 2020. Valid for: 2 years.
This is the only time sungslaw.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 148.72.250.106 148.72.250.106 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 | 2606:4700::68... 2606:4700::6811:4104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:3c01::f0... 2600:3c01::f03c:91ff:fe79:43b | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
1 | 104.86.32.117 104.86.32.117 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 23.8.8.215 23.8.8.215 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 6 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-148-72-250-106.ip.secureserver.net
sungslaw.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-86-32-117.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-8-8-215.deploy.static.akamaitechnologies.com
img.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
sungslaw.com
2 redirects
sungslaw.com |
200 KB |
1 |
secureserver.net
img.secureserver.net |
633 B |
1 |
wsimg.com
img1.wsimg.com |
5 KB |
1 |
jsonip.com
jsonip.com |
453 B |
1 |
cloudflare.com
cdnjs.cloudflare.com |
73 KB |
5 | 5 |
Domain | Requested by | |
---|---|---|
3 | sungslaw.com | 2 redirects |
1 | img.secureserver.net | |
1 | img1.wsimg.com |
sungslaw.com
|
1 | jsonip.com |
cdnjs.cloudflare.com
|
1 | cdnjs.cloudflare.com |
sungslaw.com
|
5 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sungslaw.com Go Daddy Secure Certificate Authority - G2 |
2020-04-01 - 2022-04-01 |
2 years | crt.sh |
cloudflare.com CloudFlare Inc ECC CA-2 |
2020-01-07 - 2020-10-09 |
9 months | crt.sh |
jsonip.com Let's Encrypt Authority X3 |
2020-02-29 - 2020-05-29 |
3 months | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2019-10-22 - 2021-10-22 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://sungslaw.com/proposal8388384744/document737738322/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=8302891d1152269c56bb46f4d4128750c15b89f71158734d47c5a4dd4bb63ead67de811c
Frame ID: 3BE8AFD3B870F220A323E1860213E772
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://sungslaw.com/proposal8388384744/document737738322
HTTP 301
https://sungslaw.com/proposal8388384744/document737738322/ HTTP 303
https://sungslaw.com/proposal8388384744/document737738322/s/?signin=d41d8cd98f00b204e9800998ecf84... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sungslaw.com/proposal8388384744/document737738322
HTTP 301
https://sungslaw.com/proposal8388384744/document737738322/ HTTP 303
https://sungslaw.com/proposal8388384744/document737738322/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=8302891d1152269c56bb46f4d4128750c15b89f71158734d47c5a4dd4bb63ead67de811c Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sungslaw.com/proposal8388384744/document737738322/s/ Redirect Chain
|
274 KB 199 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ |
257 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
182 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
jsonip.com/ |
152 B 453 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event
img.secureserver.net/t/1/tl/ |
43 B 633 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| getIPAddress object| _trfd function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true string| x2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sungslaw.com/ | Name: PHPSESSID Value: 65943314164fadbc6cf49be039419c4d |
|
sungslaw.com/proposal8388384744/document737738322/s | Name: ip11 Value: 2a01:4f8:192:5414::2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
img.secureserver.net
img1.wsimg.com
jsonip.com
sungslaw.com
104.86.32.117
148.72.250.106
23.8.8.215
2600:3c01::f03c:91ff:fe79:43b
2606:4700::6811:4104
003ca3fac13bab1e16ea7e8754f6189ebee1f2b4a3813332752b4458bdb784b5
3282aabc38015639dbaca298d3702a42a0164460b7b87974931e4e94e2fb3e31
46e22be78f4e917ad2d1426dd27019dbd5224cf258626e724f413f8c8997e46b
7164837d898e3f96eeddcf5baed8864502f8a03ce68e31ee00cfbb721acabc87
7bdaefeabfa61452a02554e56f7c215429ff0519efb9137c3b07acf488718183
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
f42694d6f50dc3f3db2c58f1567dcfba75841601166b7231a4fd685fcd7941b9