hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net Open in urlscan Pro
20.111.1.13  Malicious Activity! Public Scan

Submitted URL: https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/
Effective URL: https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3ND...
Submission: On October 01 via manual from US — Scanned from FR

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 20.111.1.13, located in Paris, France and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 03 on May 24th 2024. Valid for: a year.
This is the only time hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: E-Trade (Financial)

Domain & IP information

IP Address AS Autonomous System
1 2 20.111.1.13 8075 (MICROSOFT...)
2 2
Domain Requested by
2 hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net 1 redirects
0 Failed hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net
2 2
Subject Issuer Validity Valid
*.azurewebsites.net
Microsoft Azure RSA TLS Issuing CA 03
2024-05-24 -
2025-05-19
a year crt.sh

This page contains 1 frames:

Primary Page: https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3NDRiM2E1YTg5MTE2Zjk3Yjk1MmI1Zg==
Frame ID: E6694CC6C8E46CDD27AA8225709480C9
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Log on to E*TRADE

Page URL History Show full URLs

  1. https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/ HTTP 302
    https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwOD... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

3736 kB
Transfer

8899 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/ HTTP 302
    https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3NDRiM2E1YTg5MTE2Zjk3Yjk1MmI1Zg== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.php
hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/
Redirect Chain
  • https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/
  • https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3NDRiM2E1YTg5MTE2Zjk3Yjk1MmI1Zg==
8 MB
3 MB
Document
General
Full URL
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3NDRiM2E1YTg5MTE2Zjk3Yjk1MmI1Zg==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.111.1.13 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.26.1 / PHP/8.3.9
Resource Hash
d7e47fda36e258336fd028d145309a66fbc12170806fa5bf7161e26e525401d4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Tue, 01 Oct 2024 16:03:57 GMT
Server
nginx/1.26.1
Transfer-Encoding
chunked
X-Powered-By
PHP/8.3.9

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Tue, 01 Oct 2024 16:03:57 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Location
./app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3NDRiM2E1YTg5MTE2Zjk3Yjk1MmI1Zg==
Pragma
no-cache
Server
nginx/1.26.1
X-Powered-By
PHP/8.3.9
truncated
/
46 KB
46 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe6b81a71da1414cac19c8af100631f7e0b45f1adc39610e684582a42e9eddcb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net
Referer

Response headers

Content-Type
font/woff
truncated
/
6 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f9dd0648e272f59730ffdbde1971481b59226c500ed31c8e7f4d0d5a8a892bf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
ETRADE.html
/C:/xamppLAST/htdocs/US%20ETRADE/
0
0

truncated
/
63 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3a310f187e7d8053ffdc772f8b8cfe60eb20d333702c2e9a923d0532b78226f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
24 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
089f8464112ea8a130d95c579311b30720c968841de737412e8230e3e17fc6c1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0fb6eaba9e10270f1c6614f80eff54ce67c4910e4f08f0a9214058ca3cbf2f0c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
7 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3ce09fe1c7b3e20422c8ff7c4c35944ea1e557f2f23f5d6419126c78a3587e8d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
13b624820497e12d189f7fe058a196d1e5cae6403003b0902dc04b980aa9d32f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
465 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87c60ebea9df791d5fabe2e5765f48556d2ff3a4ea4b3a3855ca4bdd5c5528ff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
569 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
41af06952dd0bfb0fc1c231ec84c89f8e7cbdddb7fd1a0387abd22e592de69ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8facdcddac8104d0d0c2830e463752f09df9f96bee01835e963a5af55ef55a35

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
907d51525d1948c3149b9e3000aa5d4082a11d8830dc3e6c131416e6705f6563

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7de291aba718aedafa628280062b732eae4b9f0d490a30bfd5d327fcac21a27

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
946 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e71e04e67156b491a68e0cdfb12bf180115bfbba0b0d53f255e1e6cd507d8791

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
50 KB
50 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e6a0d503c9a5e165640ef528c521ad9dc0e0de9a6c5d006866521d62f333a0d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net
Referer

Response headers

Content-Type
font/woff
truncated
/
45 KB
45 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
03b1deebb44691a3a1eadec8600bf58a979da16d0700497cfec848f73eb5c4cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net
Referer

Response headers

Content-Type
font/woff
truncated
/
43 KB
43 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net
Referer

Response headers

Content-Type
font/woff2
truncated
/
56 KB
56 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c4a1baec300d09e03a8380b85918267ee80faae8e00c6c56b48e2e74b1d9b38d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net
Referer

Response headers

Content-Type
font/woff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
URL
file:///C:/xamppLAST/htdocs/US%20ETRADE/ETRADE.html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: E-Trade (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getProspectAPIContent function| handlesProspectSuggestionItemSelect

1 Cookies

Domain/Path Name / Value
hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/ Name: PHPSESSID
Value: 3956bd18d625a6e80ef84aeb7afa8841

1 Console Messages

Source Level URL
Text
javascript error URL: https://hos981kind01-ftgra0dxheawancn.francecentral-01.azurewebsites.net/app/login.php?MTcyNzc5ODYzN2JjM2Q1OTMyY2Q3OTEwNzQwZmE0YzMxMGMzNDZmOGMxZWMwODZiYjExODE4ODg1OTc3NDRiM2E1YTg5MTE2Zjk3Yjk1MmI1Zg==
Message:
Not allowed to load local resource: file:///C:/xamppLAST/htdocs/US%20ETRADE/ETRADE.html