urlscan.io logo urlscan.io
SecurityTrails logo

highnmightytv.com Open in urlscan Pro
162.212.131.213  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/index.php?secure-auth/login?ex...
Effective URL: https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/action.html?template=...
Submission: On June 26 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 162.212.131.213, located in United States and belongs to A2HOSTING, US. The main domain is highnmightytv.com.
TLS certificate: Issued by R3 on June 17th 2021. Valid for: 3 months.
This is the only time highnmightytv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: CenturyLink (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 3 162.212.131.213 55293 (A2HOSTING)
2 64.8.70.35 36271 (SYNACOR-C...)
1 152.199.22.185 15133 (EDGECAST)
5 3
Domain Requested by
3 highnmightytv.com 1 redirects highnmightytv.com
2 auth.centurylink.net highnmightytv.com
1 vam-image.media.syn-cdn.com highnmightytv.com
5 3

This site contains links to these domains. Also see Links.

Domain
www.centurylink.com
secure.centurylink.net
centurylink.net
Subject Issuer Validity Valid
highnmightytv.com
R3		 2021-06-17 -
2021-09-15		 3 months crt.sh
auth.centurylink.net
DigiCert SHA2 Secure Server CA		 2020-08-07 -
2022-10-19		 2 years crt.sh
*.media.syn-cdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-01 -
2022-04-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/action.html?template=Initiate&valid=true&session=$host$host$host$host$host$host$host$host
Frame ID: 172265A667AD1B3306555EB263F1A6C4
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/index.php?... HTTP 302
    https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/i... Page URL
  2. https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/a... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

28 kB
Transfer

119 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/index.php?secure-auth/login?execution=e1s1686967686e6d696768747974762e636f6d-7118711verify819 HTTP 302
    https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/index.php?cmd=login_submit&id=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4&session=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4 Page URL
  2. https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/action.html?template=Initiate&valid=true&session=$host$host$host$host$host$host$host$host Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/index.php?secure-auth/login?execution=e1s1686967686e6d696768747974762e636f6d-7118711verify819 HTTP 302
  • https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/index.php?cmd=login_submit&id=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4&session=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.php
highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/
Redirect Chain
  • https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/index.php?secure-auth/login?execution=e1s1686967686e6d696768747974762e636f6d-7118711verify819
  • https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/index.php?cmd=login_submit&id=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4&s...
195 B
249 B 		Document
General
Check archive.org
Download Go to
Full URL
https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/index.php?cmd=login_submit&id=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4&session=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.212.131.213 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
162.212.131.213.static.a2webhosting.com
Software
Apache /
Resource Hash
e25267b8e12fdc44b693bf16c17ae8c502e15f0fea6dda3eb25f9ced83dd29f8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
highnmightytv.com
:scheme
https
:path
/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/index.php?cmd=login_submit&id=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4&session=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 26 Jun 2021 13:25:43 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-length
195
content-type
text/html; charset=UTF-8

Redirect headers

date
Sat, 26 Jun 2021 13:25:42 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
location
ElPSYCHO/index.php?cmd=login_submit&id=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4&session=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4
content-length
0
content-type
text/html; charset=UTF-8
Primary Request action.html
highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/ 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/action.html?template=Initiate&valid=true&session=$host$host$host$host$host$host$host$host
Requested by
Host: highnmightytv.com
URL: https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/index.php?cmd=login_submit&id=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4&session=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.212.131.213 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
162.212.131.213.static.a2webhosting.com
Software
Apache /
Resource Hash
7ca5031fff78a5c31bfcb3342bac8c3a25031900dec9c3fb3cdf4760e0fdc035
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
highnmightytv.com
:scheme
https
:path
/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/action.html?template=Initiate&valid=true&session=$host$host$host$host$host$host$host$host
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/index.php?cmd=login_submit&id=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4&session=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/index.php?cmd=login_submit&id=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4&session=721f743c85a92bd4a3379c9f993c12f4721f743c85a92bd4a3379c9f993c12f4

Response headers

date
Sat, 26 Jun 2021 13:25:43 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
last-modified
Wed, 16 Jun 2021 00:31:00 GMT
etag
"3d6418f-1320-5c4d7346b1900"
accept-ranges
bytes
content-length
4896
content-type
text/html
bootstrap.min.css
auth.centurylink.net/bootstrap/css/ 		103 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.centurylink.net/bootstrap/css/bootstrap.min.css
Requested by
Host: highnmightytv.com
URL: https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/action.html?template=Initiate&valid=true&session=$host$host$host$host$host$host$host$host
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.35 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth.centurylink.net.ent.syn-alias.com
Software
nginx /
Resource Hash
b095c14e576cb3c64990abce12a5efb2e319999721456f2258e7c362834b673d

Request headers

Referer
https://highnmightytv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 26 Jun 2021 13:25:43 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 May 2021 12:43:34 GMT
Server
nginx
Age
506
ETag
"19dd4-5c2d668682980"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
175447409 171047982
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
17052
social.css
auth.centurylink.net/css/default/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.centurylink.net/css/default/social.css
Requested by
Host: highnmightytv.com
URL: https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/action.html?template=Initiate&valid=true&session=$host$host$host$host$host$host$host$host
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.8.70.35 , United States, ASN36271 (SYNACOR-CLUSTER, US),
Reverse DNS
auth.centurylink.net.ent.syn-alias.com
Software
nginx /
Resource Hash
82aa8220b0b10115902bf05d352ad727a2c21a7af61b20ae05dff5ff061de65c

Request headers

Referer
https://highnmightytv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 26 Jun 2021 13:25:43 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 May 2021 12:43:34 GMT
Server
nginx
Age
77
ETag
"1c7b-5c2d668682980"
Vary
Accept-Encoding
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via
1.1 varnish
Cache-Control
max-age=600, public
X-Varnish
715720007 709898707
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
1929
a2e43a43970fd6cedbd519332d9952be193cd66b
vam-image.media.syn-cdn.com/a2/e4/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vam-image.media.syn-cdn.com/a2/e4/a2e43a43970fd6cedbd519332d9952be193cd66b
Requested by
Host: highnmightytv.com
URL: https://highnmightytv.com/wp-admin/css/colors/blue/CENTURY-LAST/CENTURY/jghkfdjgoh4t59/info/ElPSYCHO/action.html?template=Initiate&valid=true&session=$host$host$host$host$host$host$host$host
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lhb/63DA) /
Resource Hash
02ef1007a16f69b5934252f07f33cc90eccbcfc698510c70c896d800786d0078

Request headers

Referer
https://highnmightytv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 26 Jun 2021 13:25:43 GMT
last-modified
Tue, 23 Mar 2021 13:59:02 GMT
server
ECAcc (lhb/63DA)
age
7501037
etag
"c04-5be3495b7d2a0"
x-cache
HIT
p3p
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
access-control-allow-origin
*
cache-control
max-age=365000000, immutable
accept-ranges
bytes
content-type
image/png
content-length
3076

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: CenturyLink (Telecommunication)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| check

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN