241tour.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 197.189.226.179, located in South Africa and belongs to HETZNER, ZA. The main domain is 241tour.com.

This is the only time 241tour.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address		AS Autonomous System
7	197.189.226.179 197.189.226.179		37153 (HETZNER) (HETZNER)
7	1

7 197.189.226.179 (South Africa)

ASN37153 (HETZNER, ZA)
PTR: lin04.hkdns.co.za

241tour.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	241tour.com 241tour.com	147 KB
7	1

	Domain	Requested by
7	241tour.com	241tour.com
7	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://241tour.com/gdc/ytrewq/docs/Dirk/index.php
Frame ID: 4004.1
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

147 kB
Transfer

151 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response 241tour.com/gdc/ytrewq/docs/Dirk/ Redirect Chain http://tinyurl.com/my2ryph http://241tour.com/gdc/ytrewq/docs/Dirk/index.php	6 KB 1 KB	380ms 193ms	Document text/html	197.189.226.179 HETZNER
General Check archive.org Show headers Download Go to Full URL http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Protocol HTTP/1.1 Server 197.189.226.179 , South Africa, ASN37153 (HETZNER, ZA), Reverse DNS lin04.hkdns.co.za Software LiteSpeed / PHP/5.6.30 Resource Hash `4c305ccbd027cbb688b050f19f6535cf3e253b8be9524865cd1ecfd7dd5210d9` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host 241tour.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Thu, 25 May 2017 16:06:35 GMT Content-Encoding gzip Server LiteSpeed X-Powered-By PHP/5.6.30 Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Connection Keep-Alive Accept-Ranges bytes Content-Length 1367 Redirect headers Date Thu, 25 May 2017 16:06:36 GMT Server cloudflare-nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Location http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Set-Cookie __cfduid=d1d8281533e5171342c80ff42fa508fa51495728395; expires=Fri, 25-May-18 16:06:35 GMT; path=/; domain=.tinyurl.com; HttpOnly tinyUUID=927010e08e97000000000000; expires=Fri, 25-May-2018 16:06:33 GMT; Max-Age=31536000; path=/; domain=.tinyurl.com Connection keep-alive CF-RAY 3649be2953cc2744-FRA X-tiny cache 0.021978139877319
GET H/1.1	200 OK	logsogo.png 241tour.com/gdc/ytrewq/docs/Dirk/images/	69 KB 69 KB	188ms 188ms	Image image/png	197.189.226.179 HETZNER
General Check archive.org Show headers Download Go to Show image Full URL http://241tour.com/gdc/ytrewq/docs/Dirk/images/logsogo.png Requested by Host: 241tour.com URL: http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Protocol HTTP/1.1 Server 197.189.226.179 , South Africa, ASN37153 (HETZNER, ZA), Reverse DNS lin04.hkdns.co.za Software LiteSpeed / Resource Hash `29a583c67b4e6ef63763f0a3364341c705c3845534325850d5b55ae72b893a41` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host 241tour.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Connection keep-alive Cache-Control no-cache Referer http://241tour.com/gdc/ytrewq/docs/Dirk/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Thu, 25 May 2017 16:06:36 GMT Last-Modified Fri, 10 Jun 2016 14:55:52 GMT Server LiteSpeed Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 71116 Expires Thu, 01 Jun 2017 16:06:36 GMT
GET H/1.1	200 OK	foota.png 241tour.com/gdc/ytrewq/docs/Dirk/images/	6 KB 6 KB	379ms 191ms	Image image/png	197.189.226.179 HETZNER
General Check archive.org Show headers Download Go to Show image Full URL http://241tour.com/gdc/ytrewq/docs/Dirk/images/foota.png Requested by Host: 241tour.com URL: http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Protocol HTTP/1.1 Server 197.189.226.179 , South Africa, ASN37153 (HETZNER, ZA), Reverse DNS lin04.hkdns.co.za Software LiteSpeed / Resource Hash `b485b2eb4bcf716d477815a386d2ac5ca73a82b501cfacce4fce3c412dea12cc` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host 241tour.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Connection keep-alive Cache-Control no-cache Referer http://241tour.com/gdc/ytrewq/docs/Dirk/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Thu, 25 May 2017 16:06:36 GMT Last-Modified Fri, 10 Jun 2016 17:46:18 GMT Server LiteSpeed Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 5651 Expires Thu, 01 Jun 2017 16:06:36 GMT
GET H/1.1	200 OK	ori.png 241tour.com/gdc/ytrewq/docs/Dirk/images/	16 KB 16 KB	379ms 191ms	Image image/png	197.189.226.179 HETZNER
General Check archive.org Show headers Download Go to Show image Full URL http://241tour.com/gdc/ytrewq/docs/Dirk/images/ori.png Requested by Host: 241tour.com URL: http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Protocol HTTP/1.1 Server 197.189.226.179 , South Africa, ASN37153 (HETZNER, ZA), Reverse DNS lin04.hkdns.co.za Software LiteSpeed / Resource Hash `7f6d1cf0466fadc7fb5ae4cc35fae161c945def9edf9948f5d80db6aa260b438` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host 241tour.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Connection keep-alive Cache-Control no-cache Referer http://241tour.com/gdc/ytrewq/docs/Dirk/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Thu, 25 May 2017 16:06:36 GMT Last-Modified Fri, 10 Jun 2016 14:55:52 GMT Server LiteSpeed Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 16391 Expires Thu, 01 Jun 2017 16:06:36 GMT
GET H/1.1	200 OK	bode.png 241tour.com/gdc/ytrewq/docs/Dirk/images/	49 KB 49 KB	379ms 192ms	Image image/png	197.189.226.179 HETZNER
General Check archive.org Show headers Download Go to Show image Full URL http://241tour.com/gdc/ytrewq/docs/Dirk/images/bode.png Requested by Host: 241tour.com URL: http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Protocol HTTP/1.1 Server 197.189.226.179 , South Africa, ASN37153 (HETZNER, ZA), Reverse DNS lin04.hkdns.co.za Software LiteSpeed / Resource Hash `c3e73e4e52fa2b482d0043c30c62a294e4ef0f0f98c5d97a4abe4ac40916cf1a` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host 241tour.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Connection keep-alive Cache-Control no-cache Referer http://241tour.com/gdc/ytrewq/docs/Dirk/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Thu, 25 May 2017 16:06:36 GMT Last-Modified Wed, 27 Jul 2016 06:05:24 GMT Server LiteSpeed Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 50351 Expires Thu, 01 Jun 2017 16:06:36 GMT
GET H/1.1	200 OK	klik.png 241tour.com/gdc/ytrewq/docs/Dirk/images/	134 B 134 B	377ms 190ms	Image image/png	197.189.226.179 HETZNER
General Check archive.org Show headers Download Go to Show image Full URL http://241tour.com/gdc/ytrewq/docs/Dirk/images/klik.png Requested by Host: 241tour.com URL: http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Protocol HTTP/1.1 Server 197.189.226.179 , South Africa, ASN37153 (HETZNER, ZA), Reverse DNS lin04.hkdns.co.za Software LiteSpeed / Resource Hash `9f9b5d296a92a66473a553b967c2a3d4888346fb2c256eb8f11b237e450ae226` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host 241tour.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Connection keep-alive Cache-Control no-cache Referer http://241tour.com/gdc/ytrewq/docs/Dirk/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Thu, 25 May 2017 16:06:36 GMT Last-Modified Fri, 10 Jun 2016 14:55:52 GMT Server LiteSpeed Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 134 Expires Thu, 01 Jun 2017 16:06:36 GMT
GET H/1.1	200 OK	liamg.ico 241tour.com/gdc/ytrewq/docs/Dirk/images/	5 KB 5 KB	188ms 188ms	Other image/x-icon	197.189.226.179 HETZNER
General Check archive.org Show headers Download Go to Full URL http://241tour.com/gdc/ytrewq/docs/Dirk/images/liamg.ico Protocol HTTP/1.1 Server 197.189.226.179 , South Africa, ASN37153 (HETZNER, ZA), Reverse DNS lin04.hkdns.co.za Software LiteSpeed / Resource Hash `6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host 241tour.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://241tour.com/gdc/ytrewq/docs/Dirk/index.php Connection keep-alive Cache-Control no-cache Referer http://241tour.com/gdc/ytrewq/docs/Dirk/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Thu, 25 May 2017 16:06:36 GMT Last-Modified Fri, 10 Jun 2016 14:55:50 GMT Server LiteSpeed Content-Type image/x-icon Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 5430 Expires Thu, 01 Jun 2017 16:06:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

241tour.com
197.189.226.179
29a583c67b4e6ef63763f0a3364341c705c3845534325850d5b55ae72b893a41
4c305ccbd027cbb688b050f19f6535cf3e253b8be9524865cd1ecfd7dd5210d9
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
7f6d1cf0466fadc7fb5ae4cc35fae161c945def9edf9948f5d80db6aa260b438
9f9b5d296a92a66473a553b967c2a3d4888346fb2c256eb8f11b237e450ae226
b485b2eb4bcf716d477815a386d2ac5ca73a82b501cfacce4fce3c412dea12cc
c3e73e4e52fa2b482d0043c30c62a294e4ef0f0f98c5d97a4abe4ac40916cf1a

241tour.com Open in urlscan Pro 197.189.226.179 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

147 kBTransfer

151 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

241tour.com Open in urlscan Pro
197.189.226.179 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

147 kB
Transfer

151 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!