login.privategold.uytrtyuhij987.gowithapex.com Open in urlscan Pro
35.209.89.90  Malicious Activity! Public Scan

URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Submission: On April 25 via api from JP — Scanned from JP

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 22 HTTP transactions. The main IP is 35.209.89.90, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is login.privategold.uytrtyuhij987.gowithapex.com.
This is the only time login.privategold.uytrtyuhij987.gowithapex.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer) Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
22 35.209.89.90 15169 (GOOGLE)
22 1
Apex Domain
Subdomains
Transfer
22 gowithapex.com
login.privategold.uytrtyuhij987.gowithapex.com
228 KB
22 1
Domain Requested by
22 login.privategold.uytrtyuhij987.gowithapex.com login.privategold.uytrtyuhij987.gowithapex.com
22 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 2 frames:

Primary Page: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Frame ID: 6A181571EEA36F4AF90AC394D1D3E568
Requests: 10 HTTP requests in this frame

Frame: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Frame ID: DEB8C895C488A9F11B0E221CD315DBBD
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Excel Online - Secure Documents Sharing

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • <input[^>]+name="__VIEWSTATE

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

228 kB
Transfer

447 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request download.php
login.privategold.uytrtyuhij987.gowithapex.com/
40 KB
6 KB
Document
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
ec2aae6bc5c38019127073edc1522f86781baad95a2c5ed7a8d1f9f5e957142c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 25 Apr 2022 08:26:29 GMT
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Httpd
1
X-Proxy-Cache
HIT
index_1.css
login.privategold.uytrtyuhij987.gowithapex.com/
45 KB
10 KB
Stylesheet
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/index_1.css
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a6bba9179a5ec451dc6f4c93ab99525f4fb5918ad1f65e201a03f54ad7f6c8c3

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Jun 2018 15:49:34 GMT
Server
nginx
ETag
W/"5b23e00e-b301"
Vary
Accept-Encoding
X-Proxy-Cache-Info
DT:1
Content-Type
text/css
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Expires
Tue, 25 Apr 2023 08:26:30 GMT
ndhui.css
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/
0
0
Stylesheet
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ndhui.css
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html
X-Httpd
1
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache
HIT
ndhui.js
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/
0
0
Script
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ndhui.js?0=0&0=0&0=0
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html
X-Httpd
1
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache
HIT
ewaother.png
login.privategold.uytrtyuhij987.gowithapex.com/
9 KB
9 KB
Image
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/ewaother.png
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
bb87e9c96059f20821e4fe13900f60b7394752324574d38569381b98adc84196

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Last-Modified
Fri, 15 Jun 2018 15:49:32 GMT
Server
nginx
ETag
"5b23e00c-2293"
X-Proxy-Cache-Info
DT:1
Content-Type
image/png
Cache-Control
max-age=31536000
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8851
Expires
Tue, 25 Apr 2023 08:26:30 GMT
ewacommon.png
login.privategold.uytrtyuhij987.gowithapex.com/
16 KB
16 KB
Image
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/ewacommon.png
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e65540513cb2a3e47e1d83f002ec50edb09a1b5572be0c0847cbc668569ade24

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Last-Modified
Fri, 15 Jun 2018 15:49:32 GMT
Server
nginx
ETag
"5b23e00c-402a"
X-Proxy-Cache-Info
DT:1
Content-Type
image/png
Cache-Control
max-age=31536000
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
16426
Expires
Tue, 25 Apr 2023 08:26:30 GMT
ewaedit.png
login.privategold.uytrtyuhij987.gowithapex.com/
12 KB
13 KB
Image
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/ewaedit.png
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
baa641ac1e002d1f34211836f31e81832c05ac2c8545078488c07b5e2d58df03

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Last-Modified
Fri, 15 Jun 2018 15:49:32 GMT
Server
nginx
ETag
"5b23e00c-30f6"
X-Proxy-Cache-Info
DT:1
Content-Type
image/png
Cache-Control
max-age=31536000
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12534
Expires
Tue, 25 Apr 2023 08:26:30 GMT
jquery-1.7.2.min.js
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/
93 KB
39 KB
Script
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/jquery-1.7.2.min.js
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a14334cecd2ff3eab027a8cfa5c3632f7b630a9b4e4a7bc5804c6bdd027efb73

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
W/"5b23e010-1727b"
Vary
Accept-Encoding
X-Proxy-Cache-Info
DT:1
Content-Type
application/javascript
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Expires
Tue, 25 Apr 2023 08:26:30 GMT
jquery.sim.utils.js
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/
13 KB
5 KB
Script
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/jquery.sim.utils.js
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a379adb1028e345f0c739e3401ff7ff60c8663e898ca0e746f140aba329f74c0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
W/"5b23e010-3561"
Vary
Accept-Encoding
X-Proxy-Cache-Info
DT:1
Content-Type
application/javascript
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Expires
Tue, 25 Apr 2023 08:26:30 GMT
index.jpg
login.privategold.uytrtyuhij987.gowithapex.com/
48 KB
48 KB
Image
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/index.jpg
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
b017df1defe56bb74395e69cf291beea481d7f97cdbe2cd50e9ea9f86f5570ca

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Last-Modified
Fri, 15 Jun 2018 15:49:32 GMT
Server
nginx
ETag
"5b23e00c-bedd"
X-Proxy-Cache-Info
DT:1
Content-Type
image/jpeg
Cache-Control
max-age=31536000
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
48861
Expires
Tue, 25 Apr 2023 08:26:30 GMT
login.php
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
3 KB
2 KB
Document
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/jquery-1.7.2.min.js
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
8e3a8d094df644e0fdd3458ad62e16728f24e5febda43b6f76e80c84a5ca7765

Request headers

Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/download.php?login=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 25 Apr 2022 08:26:30 GMT
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Httpd
1
X-Proxy-Cache
HIT
jquery-1.7.2.min.js
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
93 KB
39 KB
Script
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/jquery-1.7.2.min.js
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a14334cecd2ff3eab027a8cfa5c3632f7b630a9b4e4a7bc5804c6bdd027efb73

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
W/"5b23e010-1727b"
Vary
Accept-Encoding
X-Proxy-Cache-Info
DT:1
Content-Type
application/javascript
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Expires
Tue, 25 Apr 2023 08:26:30 GMT
jquery.sim.utils.js
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
13 KB
5 KB
Script
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/jquery.sim.utils.js
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a379adb1028e345f0c739e3401ff7ff60c8663e898ca0e746f140aba329f74c0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
W/"5b23e010-3561"
Vary
Accept-Encoding
X-Proxy-Cache-Info
DT:1
Content-Type
application/javascript
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Expires
Tue, 25 Apr 2023 08:26:30 GMT
sfm-png-fix.js
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
2 KB
1 KB
Script
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/sfm-png-fix.js
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a1d3a4b5db9a1dae0dde8d18e7edc94ed4253290ea2e3a8ba43203657311022b

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
W/"5b23e010-648"
Vary
Accept-Encoding
X-Proxy-Cache-Info
DT:1
Content-Type
application/javascript
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Expires
Tue, 25 Apr 2023 08:26:30 GMT
gen_validatorv4.js
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
31 KB
7 KB
Script
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/gen_validatorv4.js
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
ba301c5ae0d795e133519ac0d2891d8f9cf3820c487e029dbfef86cf61a0c5d2

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
W/"5b23e010-7d55"
Vary
Accept-Encoding
X-Proxy-Cache-Info
DT:1
Content-Type
application/javascript
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Expires
Tue, 25 Apr 2023 08:26:30 GMT
excel.css
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
4 KB
1 KB
Stylesheet
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/excel.css
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
9d16c77980e69cd796fbac3ab5b828fc707867303c991eebf2c5c14112ea655c

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
W/"5b23e010-ea5"
Vary
Accept-Encoding
X-Proxy-Cache-Info
DT:1
Content-Type
text/css
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Expires
Tue, 25 Apr 2023 08:26:30 GMT
ndhui.css
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
0
0
Stylesheet
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ndhui.css
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:31 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html
X-Httpd
1
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache
HIT
ndhui.js
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
0
0
Script
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ndhui.js?0=0&0=0&0=0
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:31 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html
X-Httpd
1
Transfer-Encoding
chunked
Connection
keep-alive
Host-Header
8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache
HIT
294.GIF
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
7 KB
7 KB
Image
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/294.GIF
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
fef58f4d384c2763c7be72b7df1180f9e4a0c64f128659fb3d16a44fd5c0ef06

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:31 GMT
Last-Modified
Fri, 15 Jun 2018 15:49:34 GMT
Server
nginx
ETag
"5b23e00e-1ba5"
X-Proxy-Cache-Info
DT:1
Content-Type
image/gif
Cache-Control
max-age=31536000
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7077
Expires
Tue, 25 Apr 2023 08:26:31 GMT
excel-Submit-0.png
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
549 B
926 B
Image
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/excel-Submit-0.png
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
3b3ddbd5a8dea7f9743b3d9a9821e219f33c21a91088f27424dba087c208870b

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:31 GMT
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
"5b23e010-225"
X-Proxy-Cache-Info
DT:1
Content-Type
image/png
Cache-Control
max-age=31536000
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
549
Expires
Tue, 25 Apr 2023 08:26:31 GMT
excel2013.png
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
18 KB
19 KB
Image
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/excel2013.png
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a9d68907dc3aba1d0be80f20a3f1b5d40dee98469ad512d14225a2712b0fd97c

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:31 GMT
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
"5b23e010-4963"
X-Proxy-Cache-Info
DT:1
Content-Type
image/png
Cache-Control
max-age=31536000
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18787
Expires
Tue, 25 Apr 2023 08:26:31 GMT
loading.gif
login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ Frame DEB8
673 B
1 KB
Image
General
Full URL
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/loading.gif
Requested by
Host: login.privategold.uytrtyuhij987.gowithapex.com
URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/excel.css
Protocol
HTTP/1.1
Server
35.209.89.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
90.89.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
43a526a07a078d736e5c9d67d8479dd54072b7e5c6ddd2cd466f86a086e49ef5

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/excel.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 08:26:31 GMT
Last-Modified
Fri, 15 Jun 2018 15:49:36 GMT
Server
nginx
ETag
"5b23e010-2a1"
X-Proxy-Cache-Info
DT:1
Content-Type
image/gif
Cache-Control
max-age=31536000
Host-Header
8441280b0c35cbc1147f8ba998a563a7
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
673
Expires
Tue, 25 Apr 2023 08:26:31 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer) Excel / PDF download (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery function| sfm_refresh_captcha function| sfm_hyper_link_popup function| sfm_popup_form function| sfm_window_popup_form function| sfmFormObj function| sfm_show_loading_on_formsubmit function| sfm_clear_form function| sfm_init_special_action_button function| sfm_init_default_text object| $ifr

0 Cookies

4 Console Messages

Source Level URL
Text
network error URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ndhui.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ndhui.js?0=0&0=0&0=0
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ndhui.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://login.privategold.uytrtyuhij987.gowithapex.com/trademanager/excel/ndhui.js?0=0&0=0&0=0
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)