urlscan.io logo urlscan.io
SecurityTrails logo

tuckerwaterproofingmoldremoval.com Open in urlscan Pro
192.185.105.217  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ghosteaglepublishing.com/
Effective URL: https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f323018...
Submission: On March 11 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 5 HTTP transactions. The main IP is 192.185.105.217, located in Houston, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is tuckerwaterproofingmoldremoval.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 12th 2020. Valid for: 3 months.
This is the only time tuckerwaterproofingmoldremoval.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 192.185.160.42 46606 (UNIFIEDLA...)
1 3 192.185.105.217 46606 (UNIFIEDLA...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:3c01::f0... 63949 (LINODE-AP...)
5 5
Domain Requested by
3 tuckerwaterproofingmoldremoval.com 1 redirects
1 jsonip.com cdnjs.cloudflare.com
1 cdnjs.cloudflare.com tuckerwaterproofingmoldremoval.com
1 ghosteaglepublishing.com
5 4

This site contains no links.

Subject Issuer Validity Valid
ghosteaglepublishing.com
Let's Encrypt Authority X3		 2020-03-06 -
2020-06-04		 3 months crt.sh
tuckerwaterproofingmoldremoval.com
Let's Encrypt Authority X3		 2020-02-12 -
2020-05-12		 3 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
jsonip.com
Let's Encrypt Authority X3		 2020-02-29 -
2020-05-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
Frame ID: DC109F2A9F48867B5603EC6FEE16D0C2
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ghosteaglepublishing.com/ Page URL
  2. https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/ HTTP 303
    https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c... Page URL
  3. https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

454 kB
Transfer

1203 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ghosteaglepublishing.com/ Page URL
  2. https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/ HTTP 303
    https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad Page URL
  3. https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/ HTTP 303
  • https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ghosteaglepublishing.com/ 		96 B
344 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ghosteaglepublishing.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.160.42 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-160-42.unifiedlayer.com
Software
Apache /
Resource Hash
fdfccbe2e0cf89864cb30b5f8349da8bddbf0975835a9ce933ea4e30bee98923
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
ghosteaglepublishing.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Wed, 11 Mar 2020 17:11:12 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
access-control-allow-origin
*
timing-allow-origin
*
referrer-policy
unsafe-url
vary
Accept-Encoding
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
no-transform
content-length
108
content-type
text/html; charset=UTF-8
r.php
tuckerwaterproofingmoldremoval.com/wrrc/ofc/
Redirect Chain
  • https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/
  • https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
222 B
254 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.185.105.217 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-105-217.unifiedlayer.com
Software
Apache /
Resource Hash
331a27559a18eefacc8841a663e2bb3c0d1aab824de8bbdbf1453c4295158291

Request headers

:method
GET
:authority
tuckerwaterproofingmoldremoval.com
:scheme
https
:path
/wrrc/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://ghosteaglepublishing.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=38133a96a79342dfe24cbedb4bc1ec35
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://ghosteaglepublishing.com/

Response headers

status
200
date
Wed, 11 Mar 2020 17:11:13 GMT
server
Apache
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
vary
Accept-Encoding
content-encoding
gzip
content-length
206
content-type
text/html

Redirect headers

status
303
date
Wed, 11 Mar 2020 17:11:13 GMT
server
Apache
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=38133a96a79342dfe24cbedb4bc1ec35; path=/
location
./r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
content-length
0
content-type
text/html
Primary Request /
tuckerwaterproofingmoldremoval.com/wrrc/ofc/s/ 		542 KB
380 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.185.105.217 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-105-217.unifiedlayer.com
Software
Apache /
Resource Hash
b2c86e77b3b77cb878a61f4196c6f26992382535b9593917f806950d2de76c29

Request headers

:method
GET
:authority
tuckerwaterproofingmoldremoval.com
:scheme
https
:path
/wrrc/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
referer
https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=38133a96a79342dfe24cbedb4bc1ec35
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad

Response headers

status
200
date
Wed, 11 Mar 2020 17:11:13 GMT
server
Apache
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ 		257 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Requested by
Host: tuckerwaterproofingmoldremoval.com
URL: https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 11 Mar 2020 17:11:14 GMT
content-encoding
br
cf-cache-status
HIT
age
2821938
cf-ray
5726e4bbf97a64b5-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:21:00 GMT
server
cloudflare
etag
W/"5afd497c-40464"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Mon, 01 Mar 2021 17:11:14 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.004
truncated
/ 		383 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c3c052633c0dc46d2ce3cf8614a2a108b990666424ee22126b97dee33227d52d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
/
jsonip.com/ 		152 B
453 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jsonip.com/?callback=jQuery30008302640809370736_1583946674615&_=1583946674616
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:3c01::f03c:91ff:fe79:43b , United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
ba63fd5f2f16d67976c307ab981cd62b723b6d3b38fe74010ffb47c472eed200
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://tuckerwaterproofingmoldremoval.com/wrrc/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=f00da8e8667e7a3c758987c819d45337f3230189b6fbca3f98f30725800108469821d7ad
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 11 Mar 2020 17:11:14 GMT
Server
nginx/1.16.1
Strict-Transport-Security
max-age=31536000;
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f389414773370db3daf521963b65372a2f66ee32f15cf03d6cec568b5f293cd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cca25256a4dfab38b1fe3db857d06554ee11481cfccda4195f2cd3ebc799c311

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
36a55f46c0c4f128281eb436f999132507e8cbda4b2dfa2316a4be28f83f992d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| getIPAddress string| x

1 Cookies

Domain/Path Name / Value
tuckerwaterproofingmoldremoval.com/wrrc/ofc/s Name: ip11
Value: 2a01:4f8:192:5414::2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block