interclean.com Open in urlscan Pro
67.227.156.18 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://supersalon1.com/log-sec/redirection.php
Effective URL:
https://interclean.com/log-sec/
Submission: On September 23 via api (September 23rd 2020, 5:35:24 am UTC) from IE

Summary HTTP 85 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 13 domains to perform 85 HTTP transactions. The main IP is 67.227.156.18, located in Aurora, United States and belongs to LIQUIDWEB, US. The main domain is interclean.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 27th 2020. Valid for: 3 months.

This is the only time interclean.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	67.225.143.197 67.225.143.197	32244 (LIQUIDWEB) (LIQUIDWEB)
1 68	67.227.156.18 67.227.156.18	32244 (LIQUIDWEB) (LIQUIDWEB)
1	2a02:26f0:2b0... 2a02:26f0:2b00:4a5::35c1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	99.84.144.106 99.84.144.106	16509 (AMAZON-02) (AMAZON-02)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:816::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
1	54.84.142.222 54.84.142.222	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
85	15

1 67.225.143.197 (Lansing, United States)

ASN32244 (LIQUIDWEB, US)

supersalon1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

68 67.227.156.18 (Aurora, United States) 1 redirects

ASN32244 (LIQUIDWEB, US)

interclean.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.interclean.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:2b00:4a5::35c1 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.144.106 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-144-106.txl52.r.cloudfront.net

awsstatreporter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.84.142.222 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-142-222.compute-1.amazonaws.com

cdn.callrail.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	interclean.com 1 redirects interclean.com www.interclean.com	4 MB
3	googleapis.com fonts.googleapis.com maps.googleapis.com	45 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	googletagmanager.com www.googletagmanager.com	60 KB
2	google.com translate.google.com www.google.com	1 KB
1	google.de www.google.de	153 B
1	doubleclick.net googleads.g.doubleclick.net	1 KB
1	callrail.com cdn.callrail.com	11 KB
1	googleadservices.com www.googleadservices.com	12 KB
1	awsstatreporter.com awsstatreporter.com	1 KB
1	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com	2 KB
1	supersalon1.com supersalon1.com	187 B
0	jquery.com Failed code.jquery.com Failed
85	13

	Domain	Requested by
64	www.interclean.com	interclean.com www.interclean.com
4	interclean.com	1 redirects interclean.com www.interclean.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.interclean.com
2	fonts.googleapis.com	www.interclean.com
1	www.google.de	www.interclean.com
1	www.google.com	www.interclean.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	cdn.callrail.com	www.googletagmanager.com
1	maps.googleapis.com	www.interclean.com
1	translate.google.com	www.interclean.com
1	www.googleadservices.com	www.interclean.com
1	awsstatreporter.com	www.interclean.com
1	secure.aadcdn.microsoftonline-p.com	interclean.com
1	supersalon1.com
0	code.jquery.com Failed	interclean.com
85	16

This site contains links to these domains. Also see Links.

Domain
login.microsoftonline.com
login.live.com

Subject Issuer	Validity	Valid
supersalon1.com cPanel, Inc. Certification Authority	`2020-08-16` - `2020-11-14`	3 months	crt.sh
interclean.com Let's Encrypt Authority X3	`2020-07-27` - `2020-10-25`	3 months	crt.sh
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 4	`2019-07-17` - `2021-07-17`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
awsstatreporter.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-19` - `2021-04-19`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
cdn.callrail.com Amazon	`2020-04-24` - `2021-05-24`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://interclean.com/log-sec/
Frame ID: 8C54D4EACAD0D87F57F307BD1E925F17
Requests: 5 HTTP requests in this frame

Frame: https://www.interclean.com/log-sec/Sign%20in%20to%20your%20account_files/prefetch(1).html
Frame ID: 6425A9E5A6F1E8D96149117DF2BDAC29
Requests: 80 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

85
Requests

98 %
HTTPS

64 %
IPv6

13
Domains

16
Subdomains

15
IPs

3
Countries

3950 kB
Transfer

4249 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://login.microsoftonline.com/common/reprocess?ctx=rQIIAXWRO2_TUACFc_MwLSCoWGDswARy4nfiiA4hcZ2E2A6O3dZeItfx48bP2DeE5BewIHVg6oiEkCompgqE2DtVgglWBlQJCXVAjKQ_gOVMR5-OzvegRFbJ5n2GZlirfsjjvMXROMOTBG4xFIfTLM3RFEFOWILO7lzfQu--Tj7_edR9-ePG4OLyy6cTcNdHKM2btdpisagmrgttp2onUe0UgHMAfgJwXKw4Ma6PToo5R3N1muGoxppG8STL81VJU31F1BlppSNpakIZEoRMSauB5jHS9CmSRJ2StUlk7JuhFOmMMTVYRbMXSkdHZsePlDZBmOIuHOzvhvKaoYh7vjQNlsZKWMmRTn4r3lZac-RTV5FkcOVcFjfdJIvGaZKj49JboKRO3Ju0kzh2bFS9qjkxgraFYBIPsyR1MgSdfKc1U-XelOxanDmSGS8Yj4LnASFEROIqoc8m6p5gisFyZgxmPWt2yPYzlTOIpZaKMJuyFg_DgfvE16h2iFBg0l6wtDNZ2A_GJs6SndZAsqgof0an-MFjXqWEnt1osKY59zx3tpwPrfB9CVvfGiXxWenWelQMJ9tplrgwdM7L4KJ8kyg1NzawLXCvsF34WwavK2tbvwz3o2RG4hv--6j06rRwVqk9hKHHBhRNacOJwB9IklKPPFX1uSHZ7_aZrsApi5xvEMOY2WGa5BEGjjDsNwZeXCt82Pyf6381
Title: Can’t access your account?

Search URL Search Domain Scan URL

URL: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rQIIAXWSvW_TUBTF4yQNbUFQISQYOzCBnDw_fySO6FBa10mJ7eDYbe0lch1_vPgzzmtD8hewIHVgyoiEkCompgqE2DtVgqmsDKgSEuqAGHHZu9zlnvPT1Tn3UYmqUs2HDM2wVn2fJ3mLo0mGpwBpMZAjaZbmaAioAQvo7O7yCn7_bfDlz5PWqx83OxeXXz_PiaV-iA6dqp1Ex8R9H-N03KzVJpNJNXFdZP9f1E4I4owgfhLEvLjgxKTeOy6OOZqr0wwHGzkZ8hTL81VJU31F1BlppmNpaCIZASBDadbRPEYaPseSqENZG0TGrhlKkc4YQ4NVNHuibOrY3PQjZQMAU9xCnd2tUM4ZirjjS8NgasyEmRzp1HnxjrJ-gH14NZIMzZzL4pKbZFE_TcZ4XnpHKKkTtwcbSRw7Nq5eyZwYI9vCKIm7WZI6GUbOeG19pMrtIdWyOLMnM17Q7wUvAiBEIHGV0GcTdUcwxWA6MjqjtjXaZ7czlTPAVEtFlA1Zi0dhx33ma3AjxDgwaS-Y2pks7AZ9k2SpzfWOZMFofEin5N5TXoVC2240WNM88Dx3ND3oWuGHUiWPNUri09Lt_KgYDVbTLHFR6JyViYvyLVBqLi5WVogHhdXC3zLxZiFv7pfhfpLMSHzLf--VXp8UThdqj1HosQGkodYdCPyeJCn1yFNVn-tS261tpiVwymTMN0A3ZtaYJnVUIY4qld-V4ssbhY9L13V9vnwv_5cGCXgSsquAb1K5tW7-Aw2&estsfed=1&uaid=64d4ac74f6bf483c8de40b4ceaf2d3bd&signup=1&lw=1&fl=easi2&fci=XMRaccount
Title: Create one!

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://interclean.com/log-sec/Sign%20in%20to%20your%20account_files/prefetch(1).html HTTP 301
https://www.interclean.com/log-sec/Sign%20in%20to%20your%20account_files/prefetch(1).html

85 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 redirection.php Show response
supersalon1.com/log-sec/ 0
187 B 558ms
161ms Document
text/html 67.225.143.197
LIQUIDWEB

General

interclean.com Open in urlscan Pro 67.227.156.18 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

85 Requests

98 %HTTPS

64 %IPv6

13 Domains

16 Subdomains

15 IPs

3 Countries

3950 kBTransfer

4249 kBSize

0 Cookies

2 Outgoing links

Redirected requests

85 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

interclean.com Open in urlscan Pro
67.227.156.18 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

85
Requests

98 %
HTTPS

64 %
IPv6

13
Domains

16
Subdomains

15
IPs

3
Countries

3950 kB
Transfer

4249 kB
Size

0
Cookies

85 HTTP transactions
0 data transactions