woodridgelane.ml
Open in
urlscan Pro
2606:4700:30::681b:b28b
Malicious Activity!
Public Scan
Effective URL: https://woodridgelane.ml/dox/nanoth/office2018/
Submission: On February 14 via manual from US
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 13th 2019. Valid for: a year.
This is the only time woodridgelane.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 45.40.140.1 45.40.140.1 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 6 | 2606:4700:30:... 2606:4700:30::681b:b28b | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 1 | 2606:4700:30:... 2606:4700:30::681b:b38b | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 2606:4700::68... 2606:4700::6810:5514 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2a04:4e42::621 2a04:4e42::621 | 54113 (FASTLY) (FASTLY - Fastly) | |
1 2 | 2606:4700::68... 2606:4700::6810:7daf | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 2606:4700::68... 2606:4700::6813:c497 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 31.132.36.139 31.132.36.139 | 49004 (SQUAREFLOW) (SQUAREFLOW) | |
2 | 107.22.215.20 107.22.215.20 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:81e::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2a00:1450:400... 2a00:1450:4001:81c::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
17 | 9 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-45-40-140-1.ip.secureserver.net
x.co |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
woodridgelane.ml |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
woodridgelane.ml |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.jsdelivr.net |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-107-22-215-20.compute-1.amazonaws.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
woodridgelane.ml
2 redirects
woodridgelane.ml |
629 KB |
2 |
gstatic.com
fonts.gstatic.com |
28 KB |
2 |
ipify.org
api.ipify.org |
512 B |
2 |
cloudflare.com
cdnjs.cloudflare.com |
183 KB |
2 |
unpkg.com
1 redirects
unpkg.com |
373 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net |
39 KB |
2 |
x.co
2 redirects
x.co |
297 B |
1 |
googleapis.com
fonts.googleapis.com |
578 B |
1 |
curli.org
curli.org |
1 KB |
1 |
polyfill.io
cdn.polyfill.io |
1 KB |
17 | 10 |
Domain | Requested by | |
---|---|---|
7 | woodridgelane.ml |
2 redirects
woodridgelane.ml
unpkg.com |
2 | fonts.gstatic.com |
woodridgelane.ml
cdnjs.cloudflare.com |
2 | api.ipify.org |
curli.org
woodridgelane.ml |
2 | cdnjs.cloudflare.com |
woodridgelane.ml
|
2 | unpkg.com |
1 redirects
woodridgelane.ml
|
2 | cdn.jsdelivr.net |
woodridgelane.ml
|
2 | x.co | 2 redirects |
1 | fonts.googleapis.com |
woodridgelane.ml
|
1 | curli.org |
woodridgelane.ml
|
1 | cdn.polyfill.io |
woodridgelane.ml
|
17 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-02-13 - 2020-02-13 |
a year | crt.sh |
ssl363648.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-10-27 - 2019-05-05 |
6 months | crt.sh |
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2018-10-21 - 2019-04-27 |
6 months | crt.sh |
ssl714328.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-10-23 - 2019-05-01 |
6 months | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-09-22 - 2019-03-31 |
6 months | crt.sh |
curli.org Let's Encrypt Authority X3 |
2019-01-03 - 2019-04-03 |
3 months | crt.sh |
*.ipify.org COMODO RSA Domain Validation Secure Server CA |
2018-01-24 - 2021-01-23 |
3 years | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-01-29 - 2019-04-23 |
3 months | crt.sh |
*.google.com Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://woodridgelane.ml/dox/nanoth/office2018/
Frame ID: 05054DA4046189F0FE76311D58E3A2A6
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://x.co/6ng3U
HTTP 301
https://x.co/6ng3U HTTP 302
https://woodridgelane.ml/dox/nanoth/office2018 HTTP 301
http://woodridgelane.ml/dox/nanoth/office2018/ HTTP 301
https://woodridgelane.ml/dox/nanoth/office2018/ Page URL
Detected technologies
Semantic-ui (Web Frameworks) ExpandDetected patterns
- html /(?:<link[^>]+semantic(?:\.css|\.min\.css)">)/i
Vue.js (JavaScript Frameworks) Expand
Detected patterns
- env /^Vue$/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /cloudflare/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://x.co/6ng3U
HTTP 301
https://x.co/6ng3U HTTP 302
https://woodridgelane.ml/dox/nanoth/office2018 HTTP 301
http://woodridgelane.ml/dox/nanoth/office2018/ HTTP 301
https://woodridgelane.ml/dox/nanoth/office2018/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://unpkg.com/@babel/standalone/babel.min.js HTTP 302
- https://unpkg.com/@babel/standalone@7.3.2/babel.min.js
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
woodridgelane.ml/dox/nanoth/office2018/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime.js
cdn.jsdelivr.net/npm/babel-regenerator-runtime@6.5.0/ |
21 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.js
cdn.polyfill.io/v2/ |
6 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
babel.min.js
unpkg.com/@babel/standalone@7.3.2/ Redirect Chain
|
2 MB 373 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ |
265 KB 75 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue
cdn.jsdelivr.net/npm/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
@curli
curli.org/lib/ie/ |
3 KB 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
semantic.css
cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.3/ |
803 KB 108 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft.css
woodridgelane.ml/dox/nanoth/office2018/pip/css/ |
1 KB 538 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
woodridgelane.ml/dox/nanoth/office2018/pip/img/ |
4 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
23 B 256 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 578 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft.js
woodridgelane.ml/dox/nanoth/office2018/pip/js/configs/ |
3 KB 932 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font.jpg
woodridgelane.ml/dox/nanoth/office2018/pip/img/ |
623 KB 624 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v14/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v14/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
23 B 256 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| regeneratorRuntime object| Babel function| $ function| jQuery function| Vue function| curli function| _asyncToGenerator object| pip function| isEmail string| ipClient1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.woodridgelane.ml/ | Name: __cfduid Value: d72d1abbe726b9b3fa46df42f8c541cf21550168500 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
cdn.jsdelivr.net
cdn.polyfill.io
cdnjs.cloudflare.com
curli.org
fonts.googleapis.com
fonts.gstatic.com
unpkg.com
woodridgelane.ml
x.co
107.22.215.20
2606:4700:30::681b:b28b
2606:4700:30::681b:b38b
2606:4700::6810:5514
2606:4700::6810:7daf
2606:4700::6813:c497
2a00:1450:4001:81c::2003
2a00:1450:4001:81e::200a
2a04:4e42::621
31.132.36.139
45.40.140.1
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16a93af1775e73fe37b346533adc187e25cfedec1d9e6d17373740c2d09cfecf
1f1c2e932aec2b06a9b4f575b17ef4a0e74de39b73e970b4ac655ba37dc6efb6
206205c76004b704905be15d9be0d9d7588d3ccf987e332691d5a9088f90fbc2
4a785195e8e7247f30fe13d244cfc3783b4e0b5431b78dea3a41222830619108
52726fb580d6bffc46615863ddbf4c319524b5a68fb484be2972bdad4fd0310d
644c9ec95d3a020ba6f07f6282615ec3338b8dc4405b2ed1f01018404076dd65
72494226e7726888203fd5505b37a4ad008ea6ef385f13e4f396427730943b02
92aa439b3a256f82c2553b138db77ad8751c1d6c23eb4d981b48216e3cd09fd9
9e01cd9d5c99f2550fff5002f1b7fcc1402aa88b84f471214b032a7cde0f42b2
a3b3c4f67bf2b44294215e2be76f12794e6b142edec201e199c93c38739f2bfc
b9258540f48bff83be38e2952dfa01f6bb5c6ccbc13baccf3e26995299f59d07
d5d71858f0080732e03899513693055a2d5a204599538f74b68ea491b0e614cf
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
e0deb00bcedbc8c80e8f1ec2126e557698a03fc4d432778cb3fd3218ccfd345f
e9831525c090d4e788f68657882658f1fcd0120885d2bcbb198d12d438b2ccf6