hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net
Open in
urlscan Pro
20.111.1.13
Malicious Activity!
Public Scan
Effective URL: https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3ND...
Submission: On October 01 via manual from US — Scanned from FR
Summary
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 03 on May 24th 2024. Valid for: a year.
This is the only time hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: E-Trade (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 20.111.1.13 20.111.1.13 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 2 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
azurewebsites.net
1 redirects
hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net |
3 MB |
0 |
Failed
function sub() { [native code] }. Failed |
|
2 | 2 |
Domain | Requested by | |
---|---|---|
2 | hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net | 1 redirects |
0 | Failed |
hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net
|
2 | 2 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.azurewebsites.net Microsoft Azure RSA TLS Issuing CA 03 |
2024-05-24 - 2025-05-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3NDRiM2E1YTg5MTE2Zjk3Yjk1MmI1Zg==
Frame ID: E6694CC6C8E46CDD27AA8225709480C9
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Log on to E*TRADEPage URL History Show full URLs
-
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/
HTTP 302
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwOD... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
72 Outgoing links
These are links going to different origins than the main page.
Title: Banking
Search URL Search Domain Scan URL
Title: Stock Plans
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Account Types
Search URL Search Domain Scan URL
Title: Brokerage
Search URL Search Domain Scan URL
Title: Retirement
Search URL Search Domain Scan URL
Title: Core Portfolios
Search URL Search Domain Scan URL
Title: Managed Portfolios
Search URL Search Domain Scan URL
Title: Small Business
Search URL Search Domain Scan URL
Title: Bank
Search URL Search Domain Scan URL
Title: Investment Choices
Search URL Search Domain Scan URL
Title: Stocks
Search URL Search Domain Scan URL
Title: Options
Search URL Search Domain Scan URL
Title: Mutual Funds
Search URL Search Domain Scan URL
Title: ETFs
Search URL Search Domain Scan URL
Title: Futures
Search URL Search Domain Scan URL
Title: Bonds and CDs
Search URL Search Domain Scan URL
Title: Prebuilt Portfolios
Search URL Search Domain Scan URL
Title: IPO / New Issues
Search URL Search Domain Scan URL
Title: New to Investing
Search URL Search Domain Scan URL
Title: Trading
Search URL Search Domain Scan URL
Title: Platforms
Search URL Search Domain Scan URL
Title: Margin Trading
Search URL Search Domain Scan URL
Title: Execution Quality
Search URL Search Domain Scan URL
Title: Pricing and Rates
Search URL Search Domain Scan URL
Title: Knowledge
Search URL Search Domain Scan URL
Title: Investing Basics
Search URL Search Domain Scan URL
Title: Advanced Trading
Search URL Search Domain Scan URL
Title: Retirement Planning
Search URL Search Domain Scan URL
Title: Tax Planning
Search URL Search Domain Scan URL
Title: Morgan Stanley Thought Leadership
Search URL Search Domain Scan URL
Title: Market News
Search URL Search Domain Scan URL
Title: Thematic Investing
Search URL Search Domain Scan URL
Title: Events
Search URL Search Domain Scan URL
Title: Life Stages
Search URL Search Domain Scan URL
Title: See what's new arrow_forward
Search URL Search Domain Scan URL
Title: Company Overview
Search URL Search Domain Scan URL
Title: Investor Relations
Search URL Search Domain Scan URL
Title: Newsroom
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Accessibility at E*TRADE
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: FAQs
Search URL Search Domain Scan URL
Title: Forms and Applications
Search URL Search Domain Scan URL
Title: Open An Account
Search URL Search Domain Scan URL
Title: Fund My Account
Search URL Search Domain Scan URL
Title: Cash Management
Search URL Search Domain Scan URL
Title: Find a Financial Advisor
Search URL Search Domain Scan URL
Title: Stock Plans
Search URL Search Domain Scan URL
Title: Executive Services
Search URL Search Domain Scan URL
Title: Security Center
Search URL Search Domain Scan URL
Title: Site Map
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: FINRA's BrokerCheck
Search URL Search Domain Scan URL
Title: Relationship Summary
Search URL Search Domain Scan URL
Title: FDIC
Search URL Search Domain Scan URL
Title: SIPC
Search URL Search Domain Scan URL
Title: NFA
Search URL Search Domain Scan URL
Title: Statement of Financial Condition
Search URL Search Domain Scan URL
Title: About Asset Protection
Search URL Search Domain Scan URL
Title: Account Agreements and Disclosures
Search URL Search Domain Scan URL
Title: Quarterly 606 Report
Search URL Search Domain Scan URL
Title: Business Resiliency Plan
Search URL Search Domain Scan URL
Title: E*TRADE Copyright Policy
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/
HTTP 302
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3NDRiM2E1YTg5MTE2Zjk3Yjk1MmI1Zg== Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/ Redirect Chain
|
8 MB 3 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
46 KB 46 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ETRADE.html
/C:/xamppLAST/htdocs/US%20ETRADE/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
63 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
465 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
569 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
946 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
50 KB 50 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
45 KB 45 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
43 KB 43 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
56 KB 56 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: E-Trade (Financial)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| getProspectAPIContent function| handlesProspectSuggestionItemSelect1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/ | Name: PHPSESSID Value: 3956bd18d625a6e80ef84aeb7afa8841 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net
20.111.1.13
03b1deebb44691a3a1eadec8600bf58a979da16d0700497cfec848f73eb5c4cd
089f8464112ea8a130d95c579311b30720c968841de737412e8230e3e17fc6c1
0fb6eaba9e10270f1c6614f80eff54ce67c4910e4f08f0a9214058ca3cbf2f0c
13b624820497e12d189f7fe058a196d1e5cae6403003b0902dc04b980aa9d32f
1f9dd0648e272f59730ffdbde1971481b59226c500ed31c8e7f4d0d5a8a892bf
3ce09fe1c7b3e20422c8ff7c4c35944ea1e557f2f23f5d6419126c78a3587e8d
41af06952dd0bfb0fc1c231ec84c89f8e7cbdddb7fd1a0387abd22e592de69ce
87c60ebea9df791d5fabe2e5765f48556d2ff3a4ea4b3a3855ca4bdd5c5528ff
8e6a0d503c9a5e165640ef528c521ad9dc0e0de9a6c5d006866521d62f333a0d
8facdcddac8104d0d0c2830e463752f09df9f96bee01835e963a5af55ef55a35
907d51525d1948c3149b9e3000aa5d4082a11d8830dc3e6c131416e6705f6563
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
c4a1baec300d09e03a8380b85918267ee80faae8e00c6c56b48e2e74b1d9b38d
d7de291aba718aedafa628280062b732eae4b9f0d490a30bfd5d327fcac21a27
d7e47fda36e258336fd028d145309a66fbc12170806fa5bf7161e26e525401d4
e3a310f187e7d8053ffdc772f8b8cfe60eb20d333702c2e9a923d0532b78226f
e71e04e67156b491a68e0cdfb12bf180115bfbba0b0d53f255e1e6cd507d8791
fe6b81a71da1414cac19c8af100631f7e0b45f1adc39610e684582a42e9eddcb