bindersdeal.com Open in urlscan Pro
74.220.215.100  Malicious Activity! Public Scan

Submitted URL: http://ow.ly/mJLv30qaZsX
Effective URL: https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
Submission: On February 04 via manual from FR

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 74.220.215.100, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is bindersdeal.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 29th 2019. Valid for: 3 months.
This is the only time bindersdeal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Axa (Insurance)

Domain & IP information

IP Address AS Autonomous System
1 1 54.67.120.65 16509 (AMAZON-02)
1 2 74.220.215.84 46606 (UNIFIEDLA...)
2 3 2a00:b700::6:b 51659 (ASBAXET)
2 8 74.220.215.100 46606 (UNIFIEDLA...)
8 3
Apex Domain
Subdomains
Transfer
8 bindersdeal.com
bindersdeal.com
835 KB
3 goygoltm.az
goygoltm.az
856 B
2 zionprayertower.com
www.zionprayertower.com
536 B
1 ow.ly
ow.ly
125 B
8 4
Domain Requested by
8 bindersdeal.com 2 redirects bindersdeal.com
3 goygoltm.az 2 redirects
2 www.zionprayertower.com 1 redirects
1 ow.ly 1 redirects
8 4

This site contains no links.

Subject Issuer Validity Valid
bindersdeal.com
Let's Encrypt Authority X3
2019-12-29 -
2020-03-28
3 months crt.sh

This page contains 1 frames:

Primary Page: https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
Frame ID: 0C3264F98FA95847D17E232BD1F08446
Requests: 8 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://ow.ly/mJLv30qaZsX HTTP 301
    http://www.zionprayertower.com/misc/btml/ HTTP 302
    http://www.zionprayertower.com/misc/btml/c5fa4ecb92077923a9be660cef75a6dc/Load.php Page URL
  2. http://goygoltm.az/netices/essaw HTTP 301
    http://goygoltm.az/netices/essaw/ HTTP 302
    http://goygoltm.az/netices/essaw/1966924606cc5aace661d59d66acc43b/Load.php Page URL
  3. https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/ HTTP 302
    https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm= HTTP 301
    https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

8
Requests

75 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

835 kB
Transfer

844 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ow.ly/mJLv30qaZsX HTTP 301
    http://www.zionprayertower.com/misc/btml/ HTTP 302
    http://www.zionprayertower.com/misc/btml/c5fa4ecb92077923a9be660cef75a6dc/Load.php Page URL
  2. http://goygoltm.az/netices/essaw HTTP 301
    http://goygoltm.az/netices/essaw/ HTTP 302
    http://goygoltm.az/netices/essaw/1966924606cc5aace661d59d66acc43b/Load.php Page URL
  3. https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/ HTTP 302
    https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm= HTTP 301
    https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ow.ly/mJLv30qaZsX HTTP 301
  • http://www.zionprayertower.com/misc/btml/ HTTP 302
  • http://www.zionprayertower.com/misc/btml/c5fa4ecb92077923a9be660cef75a6dc/Load.php
Request Chain 1
  • http://goygoltm.az/netices/essaw HTTP 301
  • http://goygoltm.az/netices/essaw/ HTTP 302
  • http://goygoltm.az/netices/essaw/1966924606cc5aace661d59d66acc43b/Load.php

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Load.php
www.zionprayertower.com/misc/btml/c5fa4ecb92077923a9be660cef75a6dc/
Redirect Chain
  • http://ow.ly/mJLv30qaZsX
  • http://www.zionprayertower.com/misc/btml/
  • http://www.zionprayertower.com/misc/btml/c5fa4ecb92077923a9be660cef75a6dc/Load.php
76 B
310 B
Document
General
Full URL
http://www.zionprayertower.com/misc/btml/c5fa4ecb92077923a9be660cef75a6dc/Load.php
Protocol
HTTP/1.1
Server
74.220.215.84 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
host284.hostmonster.com
Software
nginx/1.14.1 /
Resource Hash
993a42bbb042177cb87e0e92707678c3f673035b56ed92a4a9b3a70b338574c6

Request headers

Host
www.zionprayertower.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Server
nginx/1.14.1
Date
Tue, 04 Feb 2020 09:33:28 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip

Redirect headers

Server
nginx/1.14.1
Date
Tue, 04 Feb 2020 09:33:28 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
location
c5fa4ecb92077923a9be660cef75a6dc/Load.php
Load.php
goygoltm.az/netices/essaw/1966924606cc5aace661d59d66acc43b/
Redirect Chain
  • http://goygoltm.az/netices/essaw
  • http://goygoltm.az/netices/essaw/
  • http://goygoltm.az/netices/essaw/1966924606cc5aace661d59d66acc43b/Load.php
105 B
338 B
Document
General
Full URL
http://goygoltm.az/netices/essaw/1966924606cc5aace661d59d66acc43b/Load.php
Protocol
HTTP/1.1
Server
2a00:b700::6:b , Russian Federation, ASN51659 (ASBAXET, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
b6476aa129183e023194141341cc4126010d007d4aee08ea779cf5fd7d40991c

Request headers

Host
goygoltm.az
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://www.zionprayertower.com/misc/btml/c5fa4ecb92077923a9be660cef75a6dc/Load.php
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
http://www.zionprayertower.com/misc/btml/c5fa4ecb92077923a9be660cef75a6dc/Load.php

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Content-Length
120
Content-Encoding
gzip
Vary
Accept-Encoding,User-Agent
Date
Tue, 04 Feb 2020 09:33:28 GMT
Server
LiteSpeed

Redirect headers

Connection
Keep-Alive
location
1966924606cc5aace661d59d66acc43b/Load.php
Content-Type
text/html; charset=UTF-8
Content-Length
0
Date
Tue, 04 Feb 2020 09:33:28 GMT
Server
LiteSpeed
Cache-Control
no-cache, no-store, must-revalidate, max-age=0
Vary
User-Agent
Primary Request /
bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
Redirect Chain
  • https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/
  • https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=
  • https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
14 KB
3 KB
Document
General
Full URL
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.220.215.100 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
host300.hostmonster.com
Software
nginx/1.14.1 /
Resource Hash
043e0c6a91a6246c8ea9efeb7fdd6f07705e615c4ca7443cd9d6c054a0e85fee

Request headers

:method
GET
:authority
bindersdeal.com
:scheme
https
:path
/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
http://goygoltm.az/netices/essaw/1966924606cc5aace661d59d66acc43b/Load.php
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
http://goygoltm.az/netices/essaw/1966924606cc5aace661d59d66acc43b/Load.php

Response headers

status
200
server
nginx/1.14.1
date
Tue, 04 Feb 2020 09:33:29 GMT
content-type
text/html
last-modified
Tue, 04 Feb 2020 09:33:29 GMT
cache-control
max-age=7200
expires
Tue, 04 Feb 2020 11:33:29 GMT
x-endurance-cache-level
2
x-server-cache
false
content-encoding
gzip

Redirect headers

status
301
server
nginx/1.14.1
date
Tue, 04 Feb 2020 09:33:29 GMT
content-type
text/html; charset=iso-8859-1
content-length
342
location
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
cache-control
max-age=7200
expires
Tue, 04 Feb 2020 11:33:29 GMT
x-server-cache
false
style.css
bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
828 B
647 B
Stylesheet
General
Full URL
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/style.css
Requested by
Host: bindersdeal.com
URL: https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.220.215.100 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
host300.hostmonster.com
Software
nginx/1.14.1 /
Resource Hash
060b725dc231661efb8c3ffb4bbc5ad2aac1af43d29e2d98dab52cc31ba7fcac

Request headers

Referer
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 04 Feb 2020 09:33:30 GMT
content-encoding
gzip
server
nginx/1.14.1
x-server-cache
false
x-endurance-cache-level
2
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=7200
expires
Tue, 04 Feb 2020 11:33:30 GMT
logo.jpg
bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
1 KB
2 KB
Image
General
Full URL
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/logo.jpg
Requested by
Host: bindersdeal.com
URL: https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.220.215.100 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
host300.hostmonster.com
Software
nginx/1.14.1 /
Resource Hash
6bcbba94cd7a796861c100a8b362d7dcf92dfffa27fbb8bc77c741c77d9a9e53

Request headers

Referer
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 04 Feb 2020 09:33:30 GMT
last-modified
Tue, 04 Feb 2020 09:33:29 GMT
server
nginx/1.14.1
x-server-cache
false
x-endurance-cache-level
2
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1403
expires
Wed, 03 Feb 2021 09:33:30 GMT
Capture.png
bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
649 B
859 B
Image
General
Full URL
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/Capture.png
Requested by
Host: bindersdeal.com
URL: https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.220.215.100 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
host300.hostmonster.com
Software
nginx/1.14.1 /
Resource Hash
aae6907b97bb625bc3d760099058e3e2c40b78089bc95790c91cee26b83e4b5e

Request headers

Referer
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 04 Feb 2020 09:33:30 GMT
last-modified
Tue, 04 Feb 2020 09:33:29 GMT
server
nginx/1.14.1
x-server-cache
false
x-endurance-cache-level
2
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
649
expires
Wed, 03 Feb 2021 09:33:30 GMT
seS.png
bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
541 B
751 B
Image
General
Full URL
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/seS.png
Requested by
Host: bindersdeal.com
URL: https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.220.215.100 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
host300.hostmonster.com
Software
nginx/1.14.1 /
Resource Hash
25692c1d953a19d8a493ca3d135eb868dd31795a960dc890e77e7a0eaee1298d

Request headers

Referer
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 04 Feb 2020 09:33:30 GMT
last-modified
Tue, 04 Feb 2020 09:33:29 GMT
server
nginx/1.14.1
x-server-cache
false
x-endurance-cache-level
2
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
541
expires
Wed, 03 Feb 2021 09:33:30 GMT
fd2.jpg
bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
827 KB
828 KB
Image
General
Full URL
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/fd2.jpg
Requested by
Host: bindersdeal.com
URL: https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.220.215.100 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
host300.hostmonster.com
Software
nginx/1.14.1 /
Resource Hash
38f1e938bd021aaa3a94ec20795868cb1a84b0ebaa48c5f2e35eeaa01d80a21a

Request headers

Referer
https://bindersdeal.com/3/AXAconnectesd-loadqingg/responsive/y2ytm=/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 04 Feb 2020 09:33:31 GMT
last-modified
Tue, 04 Feb 2020 09:33:29 GMT
server
nginx/1.14.1
x-server-cache
false
x-endurance-cache-level
2
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
846341
expires
Wed, 03 Feb 2021 09:33:31 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Axa (Insurance)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| maf0 function| maf1 function| maf2 function| maf3 function| maf4 function| maf5 function| maf6 function| maf7 function| maf8 function| maf9 function| deletmdp

0 Cookies